[systemd-devel] systemd-resolved auto configure DNS server changed?

Ed Greshko ed.greshko at greshko.com
Fri Feb 19 08:29:14 UTC 2021 

First a little background.  I'm using a Fedora 33 system in a qemu VM.  I was doing some research
on a question which arose on a Fedora mailing list regarding changes to FallbackDNS.  I don't know
if this change was universal or Fedora only.  But a recent update changed the default to have no
FallbackDNS servers defined.

In doing my research I used the default install of Fedora 33 which is running systemd-246.6-3.fc33.
I did not supply a DNS server in the static IP settings and I purposely created a broken
/etc/systemd/resolved.conf file with the bad entry of

DNS=192.168.1.142,192.168.1.1

DNS resolution works and I fully expected that one of the defined FallbackDNS servers would be used.
However, resolvectl shows

Global
        LLMNR setting: resolve
MulticastDNS setting: no
   DNSOverTLS setting: no
       DNSSEC setting: no
     DNSSEC supported: no
Fallback DNS Servers: 1.1.1.1
                       8.8.8.8
                       1.0.0.1
                       8.8.4.4
                       2606:4700:4700::1111
                       2001:4860:4860::8888
                       2606:4700:4700::1001
                       2001:4860:4860::8844
           DNS Domain: greshko.com

Link 2 (enp1s0)
       Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
        LLMNR setting: yes
MulticastDNS setting: no
   DNSOverTLS setting: no
       DNSSEC setting: no
     DNSSEC supported: no
   Current DNS Server: fe80::5054:ff:fe9a:e849%32767
          DNS Servers: fe80::5054:ff:fe9a:e849%22096
           DNS Domain: ~.

The IPv6 address of fe80::5054:ff:fe9a:e849 is that of the Virtual Bridge and wireshark does confirm
DNS requests are being sent to that address' port 53 where dnsmasq is running.

I have no idea how systemd-resolved discovered this server?  Why wasn't a Fallback Server
selected used?

Then, continuing my research I upgraded systemd to systemd-246.10-1.fc33.  In that version
there are no FallbackDNS servers defined by default.

Owing to previous behavior I was expecting DNS resolution to still work.  (Not that I really wanted it to)
But it didn't.

[egreshko at f33T ~]$ host cnn.com
Host cnn.com not found: 2(SERVFAIL)

and

[egreshko at f33T ~]$ resolvectl
Global
        Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
       DNS Domain: greshko.com

Link 2 (enp1s0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
      Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

So, now my question, why wasn't the dnsmasq server found/configured as had been the case?
An intentional change or unintentional change?

More information about the systemd-devel mailing list