Re: [EXT] Some base questions around systemd-resolved

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

To be fair, they started to suggest that kind of usage when mDNS was still only an idea in some mailing list (mostly from competitors, at that), i.e. long before ".local" was reserved.

On Fri, Aug 2, 2024 at 9:50 AM Windl, Ulrich <u.windl@xxxxxx> wrote:

Hi!

 

It does not answer your question, but I wonder who at the Microsoft world started to suggest using “.local” as domain. See https://en.wikipedia.org/wiki/.local for further details.

 

Ulrich

 

From: systemd-devel <systemd-devel-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of struth
Sent: Friday, August 2, 2024 1:04 AM
To: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [EXT] Some base questions around systemd-resolved

 

Hello systemd-devel group.
I have just started using systemd-resolved to try and achieve a goal that I will try to explain.
I know very little about it (web searches so far) so please excuse any silly questions or trains of thought.
I have a Debian Bullseye client in a Microsoft network that uses a .local domain.
I know that this is a bad policy, but there is nothing I can do about it. I have no choice or authority in this matter. This is how they have configured their whole environment.
I have read here  [ https://github.com/systemd/systemd/issues/8852 ] that .local can be used.

At times there is complete isolation from the 4 Domain DNS servers and I want my client machine to still be able to resolve DNS entries (specifically SRV records with included A records) during this outage.

I thought that systemd-resolved could cache the DNS entries and retain them until any of the DNS Servers returned to service.
This only seems to happen for a short time after the outage. After some time ( I don't know how to tell how long) the entries seem to drop from cache.
I would ideally like the entries to stay in cache until updated from DNS Server again (once one returns to service).

On the SRV point: How can I be sure that it caches the full result of the SRV query?
Eg: SRV gives 2 x A-records which then need to resolve to 2xIP-addresses.

I'm not sure of the mailing lists policy for including config samples of logs, so I will include it here in email and see what happens.
Please excuse if this is too much or too little information.

root@VATCPCOMMLC1:~# cat /etc/systemd/resolved.conf
[Resolve]
DNS= 10.24.1.135 10.24.129.135 10.24.1.136 10.24.129.136
#FallbackDNS=
Domains=itsvic.local
#DNSSEC=no
#DNSOverTLS=no
#MulticastDNS=yes
#LLMNR=yes
#Cache=yes
DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
root@VATCPCOMMLC1:~#

root@VATCPCOMMLC1:~# ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Jul 30 14:11 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
root@VATCPCOMMLC1:~#
root@VATCPCOMMLC1:~# cat ../run/systemd/resolve/stub-resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search itsvic.local
root@VATCPCOMMLC1:~#

root@VATCPCOMMLC1:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
passwd:         files systemd
group:          files systemd
shadow:         files
gshadow:        files
hosts:          files dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis
root@VATCPCOMMLC1:~#
root@VATCPCOMMLC1:~# resolvectl statusresolvectl status
Global
         Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
Current DNS Server: 10.24.1.135
       DNS Servers: 10.24.1.135 10.24.129.135 10.24.1.136 10.24.129.136
        DNS Domain: itsvic.local
Link 2 (ens192)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (ens224)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 4 (bond0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

root@VATCPCOMMLC1:~# dig srv _sip._tcp.osvsig-mets-prod.voip.itsvic.local
dig srv _sip._tcp.osvsig-mets-prod.voip.itsvic.local
; <<>> DiG 9.16.48-Debian <<>> srv _sip._tcp.osvsig-mets-prod.voip.itsvic.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57884
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;_sip._tcp.osvsig-mets-prod.voip.itsvic.local. IN SRV

;; ANSWER SECTION:
_sip._tcp.osvsig-mets-prod.voip.itsvic.local. 3600 IN SRV 20 0 5060 osvn2-mets-prod.voip.itsvic.local.
_sip._tcp.osvsig-mets-prod.voip.itsvic.local. 3600 IN SRV 10 0 5060 osvn1-mets-prod.voip.itsvic.local.

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jul 30 15:38:47 AEST 2024
;; MSG SIZE  rcvd: 179

Thanks for any help.



--
Mantas Mikulėnas
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux