<div dir="ltr">OK , I think I found the reason.<div><br><div>I get the IP via DHCP, which also brings in the DNS servers (the two secondaries). This somehow gets used by resolved, as it puts the resolvers in /run/systemd/resolve/resolv.conf.</div><div><br></div><div>Since /etc/hosts is linked to /run/systemd/resolve/stub-resolv.conf which just points to 127.0.0.53, I believe that resolved internallmy sees teh secondaries (provided by DHCP), shows this by putting them into /run/systemd/resolve/resolv.conf and 127.0.0.53 uses that information (also visible via resolvctl status).</div><div><br></div><div>This makes sense, leaving <span style="color:rgb(33,33,33)">/etc/systemd/resolved.conf</span><span style="color:rgb(33,33,33)"> for static configurations (no DHCP), and probably as a way to overwrite DHCP provided data.</span></div><div><span style="color:rgb(33,33,33)"><br></span></div><div><span style="color:rgb(33,33,33)">Sorry for the noise.</span></div><div><br></div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">Le mer. 5 sept. 2018 à 08:11, Wojtek Swiatek <<a href="mailto:w@swtk.info">w@swtk.info</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello everyone,<div><br></div><div>I decided to clean up my DNS resolving mess and fully go the systemd-resolved way = on every machine:</div><div>- have /etc/resolv.conf linked to /run/systemd/resolve/stub-resolv.conf</div><div>- have the resolver stub running on 127.0.0.53</div><div>- provide internal upstream and fallback servers in /etc/systemd/resolved.conf</div><div>- hope for the best</div><div><br></div><div>"every machine" above are actually nspawn containers with their own IP addresses (provided and resolved by the host, via dnsmasq)</div><div>I removed any other resolvers (if they were present), everything is under networkd control.</div><div><br></div><div>My first step was to have a broken machine (DNS wise), with a fully commented out /etc/systemd/resolved.conf (as it is by default), expecting not to be able to resolve anything and go from there.</div><div><br></div><div>To my surprise <a href="http://google.com" target="_blank">google.com</a> resolved fine. OK, this must be an invisible default pointing to 8.8.8.8 or something like that (as the fallbacks are still commented out).</div><div><br></div><div>But I also tried to resolve an internal name, known only by the host and secondary internal servers (which would be the upstream servers mentioned above, when actually configured in /etc/systemd/resolved.conf).</div><div><br></div><div>I have no idea how resolved managed to get information from other DNS servers (whihc could be either the host, which runs dnsmasq on <a href="http://0.0.0.0:53" target="_blank">0.0.0.0:53</a>, or the secondaries which run bind on their_IP:53)).</div><div>Where could that resolution come from?</div><div><br></div><div>The situation on the machines, showing that resolved is the only one resolver:</div><div><br></div><div><div><font face="monospace">root@dev ~# lsof -i -P -n</font></div><div><font face="monospace">COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME</font></div><div><font face="monospace">systemd-n 51 systemd-network 18u IPv6 56615 0t0 UDP [fe80::685a:94ff:fecc:37ce]:546</font></div><div><font face="monospace">systemd-n 51 systemd-network 20u IPv4 59162 0t0 UDP <a href="http://10.200.0.50:68" target="_blank">10.200.0.50:68</a></font></div><div><font face="monospace">rsyslogd 56 syslog 8u IPv4 66478 0t0 UDP *:57004</font></div><div><font face="monospace">salt-mini 68 root 21u IPv4 829402 0t0 TCP 10.200.0.50:46988-><a href="http://52.210.137.123:4505" target="_blank">52.210.137.123:4505</a> (ESTABLISHED)</font></div><div><font face="monospace">systemd-r 2519 systemd-resolve 12u IPv4 1272287 0t0 UDP <a href="http://127.0.0.53:53" target="_blank">127.0.0.53:53</a></font></div><div><font face="monospace">systemd-r 2519 systemd-resolve 13u IPv4 1272288 0t0 TCP <a href="http://127.0.0.53:53" target="_blank">127.0.0.53:53</a> (LISTEN)</font></div></div><div><br></div><div><font face="monospace"><br></font></div><div><div><font face="monospace">root@dev ~# ps -ef</font></div><div><font face="monospace">UID PID PPID C STIME TTY TIME CMD</font></div><div><font face="monospace">root 1 0 0 Sep04 ? 00:00:00 /lib/systemd/systemd</font></div><div><font face="monospace">root 18 1 0 Sep04 ? 00:00:00 /lib/systemd/systemd-journald</font></div><div><font face="monospace">systemd+ 51 1 0 Sep04 ? 00:00:00 /lib/systemd/systemd-networkd</font></div><div><font face="monospace">root 52 1 0 Sep04 ? 00:00:00 /usr/bin/python3 /usr/bin/networkd-dispatcher</font></div><div><font face="monospace">root 53 1 0 Sep04 ? 00:00:00 /lib/systemd/systemd-logind</font></div><div><font face="monospace">root 54 1 0 Sep04 ? 00:00:00 /usr/sbin/cron -f</font></div><div><font face="monospace">message+ 55 1 0 Sep04 ? 00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only</font></div><div><font face="monospace">syslog 56 1 0 Sep04 ? 00:00:00 /usr/sbin/rsyslogd -n</font></div><div><font face="monospace">root 62 1 0 Sep04 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion</font></div><div><font face="monospace">root 63 1 0 Sep04 console 00:00:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220</font></div><div><font face="monospace">root 68 62 0 Sep04 ? 00:00:34 /usr/bin/python /usr/bin/salt-minion</font></div><div><font face="monospace">root 71 68 0 Sep04 ? 00:00:00 /usr/bin/python /usr/bin/salt-minion</font></div><div><font face="monospace">root 873 1 0 Sep04 pts/0 00:00:00 /usr/bin/fish</font></div><div><font face="monospace">root 875 1 0 Sep04 ? 00:00:00 /lib/systemd/systemd --user</font></div><div><font face="monospace">root 876 875 0 Sep04 ? 00:00:00 (sd-pam)</font></div><div><font face="monospace">systemd+ 2519 1 0 07:42 ? 00:00:00 /lib/systemd/systemd-resolved</font></div><div><font face="monospace">root 3352 873 0 08:06 pts/0 00:00:00 ps -ef</font></div></div><div><br></div><div><br></div></div>
</blockquote></div>