On Thu, Sep 24, 2020 at 2:45 PM Roman Odaisky <roma@xxxxxxxxxxx> wrote:
Hi,
I have the following resolved configuration:
[Resolve]
DNS=8.8.8.8 8.8.4.4
Domains=~.
and the following resolvectl output:
Link 76 (usb0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.42.129
DNS Servers: 192.168.42.129
DNS Domain: ~.
Link 2 (wlp59s0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: <an IP address>
DNS Servers: <an IP address>
<an IP address>
DNS Domain: ~.
The default route is via usb0. The wlp59s0 link is faulty (that’s why I’ve
resorted to USB tethering). The DNS servers provided by DHCP for that link use
public IP addresses yet decline to provide services for clients outside that
ISP, with responses like this:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18189
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 2800
;; QUESTION SECTION:
;freedesktop.org. IN A
(note it’s not an NXDOMAIN)
The second IP address is more honest and sets status: REFUSED.
This situation results in the following behavior: if I query some domain, it
always fails for the first time then works afterwards.
$ resolvectl query google.com.uy
google.com.uy: resolve call failed: 'google.com.uy' does not have any RR of
the requested type
$ resolvectl query google.com.uy
google.com.uy: 172.217.169.163 -- link: usb0
-- Information acquired via protocol DNS in 5.8ms.
-- Data is authenticated: no
Did I misconfigure something? Did I misread resolved.conf(5) which states “Use
the construct "~." to use the system DNS server defined with DNS= preferably
for all domains”? Is there a bug?
You have "~." for the global config, but your Networkmanager or something also sets "~." for each of your two links, so all those settings are back to being the same priority again.
Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
