dns - bunnyamin/bunnix GitHub Wiki

Drill

Drill is a program to query DNS. It is intended specifically for DNSSEC and could retrieve more information than dig.

Error Cause Remedy
Error: error sending query: Error creating socket

GlibC (GNU C Library)

The GlibC resolver does not cache results. That is, changes to /etc/resolv.conf should take effect immediately.

Openresolv

Openresolv is a program to manage /etc/resolv.conf. In particular, it enables multiple processes to write to /etc/resolv.conf.

  • The command resolvconf -u creates and overwrites /etc/resolv.conf from the configuration in /etc/resolvconf.conf.
  • The command resolvconf -l lists the interface devices that are the sources of DNS.

host.conf

The configuration file for the previous Linux standard library resolver.

NSS (Name Service Switch)

NSS is part of GlibC and is also used by SystemD resolved service.

  • GLibC supports reading of /etc/hosts (the files option) and /etc/resolv.conf (the dns option).
  • SystemD resolved supports nss-resolve, nss-myhostname, nss-mymachines.
command example
Resolve hostname getent hosts example.org

/etc/nsswitch.conf

Linux Network Administrators Guide Chapter 6. Name Service and Resolver Configuration Example 6-2. Sample nsswitch.conf File

SystemD NetworkD NSS Resolve

nss-resolve is a plug-in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) enabling it to resolve hostnames via the systemd-resolved(8) local network name resolution service. It replaces the nss-dns plug-in module that traditionally resolves hostnames via DNS.

SystemD NetworkD NSS My Machines

nss-mymachines is a plug-in module for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc), providing hostname resolution for the names of containers running locally that are registered with systemd-machined.service(8). The container names are resolved to the IP addresses of the specific container, ordered by their scope. This functionality only applies to containers using network namespacing (see the description of --private-network in systemd-nspawn(1)). Note that the name that is resolved is the one registered with systemd-machined, which may be different than the hostname configured inside of the container.

hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname

Attempt to resolve domain names in the following order:

  1. files Search a local file for the host or network name and its corresponding address. This option uses the traditional files /etc/hosts and /etc/network.
  2. mymachines Activate the SystemD module nss-machines
  3. resolve [!UNAVAIL=return] Activate nss-resolve and resolve hostnames via the systemd-resolved local network name resolution service. If the return status is anything other than unavailable, the resolver returns whatever it has found. If, and only if, the systemd-resolved.service is not available the resolver falls back to fall back to the next entry.
  4. dns Use the DNS service to resolve the address.
  5. myhostname Activate nss-myhostnameand resolve the local hostname.

NSCD (Name Service Cache Daemon)

LDAP wiki NSCD

NSCD, Name Service Cache Daemon, is a daemon that provides a cache for the most common Name Service Switch requests. The default configuration file, /etc/nscd.conf, determines the behavior of the cache daemon. NSCD provides caching for accesses of the passwd(5), group(5), and hosts(5) databases through standard libc interfaces, ...

  • The nscd --help contains information on what databases are supported. For example, "passwd group hosts services netgroup".

NSCD doesn't know anything about the underlying protocols for a service. This also means, that if you change /etc/resolv.conf for DNS queries, nscd will continue to use the old one if you have configured /etc/nsswitch.conf to use DNS for host lookups. In such a case, you need to restart NSCD.

  • Shutdown the server nscd -K.
  • Start the server nscd.

Prevent openresolv to overwrite resolv.conf

There are different methods for preventing openresolv to overwrite the /etc/resolv.conf.

  • chattr +i /etc/resolv.conf is not reliable and not applicable for cases were resolv.conf is a symbolic link.
  • Change the path to the configuration file in resolvconf.conf by assigning resolv_conf=/etc/resolv.conf.openresolv. All changes by resolvconf are written to etc/resolv.conf.openresolv.
Event Error Cause Remedy
chattr +i /etc/resolv.conf chattr: Operation not supported while reading flags on /etc/resolv.conf The resolv.conf is a symbolic link. None

SystemD Resolved

SystemD Resolved is a service that provides network name resolution to local applications.

Enable and start service:

  • systemctl enable --now systemd-resolved
  • Where --now in the context equals to systemctl start systemd-resolved

Configuration file for DNS:

  • /etc/systemd/resolved.conf
  • DNS=100.00.00.100 101.00.00.101 ... - Assign DNS
  • FallbackDNS= - Disable Fallback DNS

Make a symbolic link for /etc/resolv.conf

  • ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf Not necessary, restart systemd-resolved and resolv.conf should be updated.

Information about DNS:

  • resolvectl
  • resolvectl query name.domain
  • systemd-resolve --status
  • systemd-resolve --statistics

Flush DNS cache

  • systemd-resolve --flush-cache

Lookup name

  • resolvectl query archlinux.org

Debug

Error, problem, troubleshooting

Event Error Cause Remedy
resolvectl query name.domain resolve call failed: Configured DNS server loops back to us Unknown
Log Using degraded feature set UDP instead of TCP for DNS server ... Unknown
Log Using degraded feature set TCP instead of UDP for DNS server ... Unknown
Log sing degraded feature set UDP instead of UDP+EDNS0 for DNS server ... DNS server does not support features. Change DNS server.
Log Failed to get global data: Unit dbus-org.freedesktop.resolve1.service not found. systemd-resolved.service has not started.
Log Failed to send hostname reply: Transport endpoint is not connected Unknown
Log Failed to move new /run/systemd/resolve/resolv.conf into place: Device or resource busy Unknown

Error, problem, troubleshooting

Error Cause Remedy
Could not resolve host Unknown Analyze the resolv.conf and resolvconf.conf files.
<DOMAIN NAME>: resolve call failed: All attempts to contact name servers or networks failed Unknown
Name or service not known Unknown
Temporarily failure in name resolution The DNS configuration is "sane" but names cannot be resolved for an unknown reason. Answer by Ljm Dullaart to question What does "Temporary failure in name resolution" acctually mean?.

Temporarily failure in name resolution

  • Experienced cause: firewall setting to restrictive.