Fedora will never configure static DNS servers for you in
resolved.conf. That config file was manually edited with improper
syntax to wind up in this broken state. My guess is that it was edited
by the VPS provider, but who knows.
We don't set DNS there intentionally because it eliminates any benefit
of using split DNS. Your static global DNS= configuration in
resolved.conf is used for *every* request, *in addition* to per-link
DNS configuration. So if you have per-link DNS configuration from DHCP
-- which almost everybody will except in cloud environments like this
-- then you would wind up with two parallel DNS queries going out for
every lookup, where whichever finishes first wins. That's not a good
default.
On Thu, Feb 18, 2021 at 6:52 am, David Both <LinuxGeek46@xxxxxxxx>
wrote:
I do not believe that this is just about lack of fallback and the
silent fail.
Although that is probably true, it is also about the "silent" change
from nss to
systemd-resolved and THEN the silent change to zero default fallback.
There was a series of silent changes that brought this failure to
light.
There are different opinions on the fallback. The opinion that won in
the end was removing the fallback to expose problems rather than hide
them. I think that's an OK end result, but I agree it's unfortunate
that happened in a post-release update such that installing updates can
break a "working" (sort of) configuration. There's not really anything
to be done about it now.
Everything still goes through nss, and you can switch from nss-resolve
back to nss-dns if you want to (but it will be worse).
Not only do I not see the need for a change to a new name service
client, the
lack of information about the changeover to users outside this list
is a
terrible example for its lack of communication. Although I try to
read the
release notes I sometimes seem to miss things or fail to read them
altogether.
In addition to the release notes:
https://fedoraproject.org/wiki/Changes/systemd-resolved#Release_Notes
And the discussion of upgrade/compatibility impact on the change page:
https://fedoraproject.org/wiki/Changes/systemd-resolved#Upgrade.2Fcompatibility_impact
We also have two blog posts:
https://fedoramagazine.org/systemd-resolved-introduction-to-split-dns/
https://blogs.gnome.org/mcatanzaro/2020/12/17/understanding-systemd-resolved-split-dns-and-vpn-configuration/
In particular, my blog post attempts to explain how terrible our DNS
resolution was without systemd-resolved. It was bad. Fedora users
deserve a decent DNS resolver.
Exception: I suspect we might have a real problem for cloud servers
without DHCP, which I reported in
https://pagure.io/fedora-server/issue/10.
My remaining question is, where can I find a complete description of
systemd-resolved and what its design goals are?
systemd-resolved(8)
There is also this upstream documentation on how systemd-resolved
handles VPNs:
https://github.com/systemd/systemd/blob/main/docs/RESOLVED-VPNS.md
That's specific to VPN configuration and intended for people writing
third-party VPN software, but it shows pretty clearly exactly how
systemd-resolved decides where to send your DNS, so if you are really
trying to understand it's good to read.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
