|
⇤ ← Revision 1 as of 2020-11-09 23:27:03
Size: 641
Comment:
|
Size: 4542
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
'''Domain Name Resolution''' ('''DNS''') on Linux is done through a modular system that supports historical operation as well as modern software solutions. This system can lead to frustration, as when settings seem to magically reset on startup. |
|
| Line 9: | Line 11: |
| == resolv.conf == | == Domain name resolution == |
| Line 11: | Line 13: |
| Linux uses the configuration file `/etc/resolv.conf` to lookup names. The file is read sequentially (note: up to 3 nameservers) for each lookup. As such, changes are effective immediately. | === Name Service Switch === The '''Name Service Switch''' ('''NSS''') file (`/etc/nsswitch.conf`) defines the order of operations for various services, among them being name resolution. A minimal configuration looks like... {{{ hosts: files dns }}} This configuration will require a fully configured hosts file, as seen below. Consider instead this configuration, which makes use of libraries and services from the `systemd` project. This will enable some omissions from the hosts file. {{{ hosts: files mymachines myhostname dns }}} See [[Linux/nsswitch.conf|here]] for more details on configuring `/etc/nsswitch`. === Hosts === The '''hosts''' file (`/etc/hosts`) is a list of addresses and names, especially for local hosts and machines. A basic hosts file looks like: {{{ 127.0.0.1 localhost }}} See [[Linux/hosts|here]] for more details on configuring `/etc/hosts`. === Resolver === The '''resolver''' configuration file (`/etc/resolv.conf`) is a list of nameservers to query for name resolution. The file is read sequentially for up to 3 nameservers for each lookup. As such, changes are effective immediately. If the resolver file is being configured directly (which is rare-see below), then it should look like: {{{ nameserver 8.8.8.8 }}} See [[Linux/resolv.conf|here]] for more details on configuring `/etc/resolv.conf`. ---- == Multicast domain name resolution == '''Multicast domain name resolution''' ('''mDNS''') is an expansion of the DNS protocol making use of the reserved address space. By convention, the `.local` domain is reserved for mDNS. ---- == Link-local multicast name resolution == '''Link-local multicast name resolution''' ('''LLMNR''') allows hosts to resolve names for other hosts on the same local link. Services listen on `224.0.0.252:5355` and `ff02::1:3:5355`. ---- == Debugging DNS == === Utilities === |
| Line 16: | Line 86: |
| * `resolvectl` (from `systemd-resolved`), as in `resolvectl status` ---- |
|
| Line 19: | Line 92: |
| === Programs that will overwrite resolv.conf === | == Programs that overwrite resolver files == |
| Line 21: | Line 94: |
| `dchpcd` will try to call `resolvconf`, or else overwrite `/etc/resolv.conf`. This latter behavior can be disabled by editing `/etc/dhcpcd.conf`: | === dhcpcd === '''`dhcpcd`''' is primarily a DHCP client. It will try to send DHCP information to `resolvconf`, but if that service is unavailable, it will itself generate `/etc/resolv.conf`. This latter behavior can be disabled by editing `/etc/dhcpcd.conf`: |
| Line 26: | Line 101: |
For most use cases, it is sufficient to provide a header file (`/etc/resolv.conf.head`) that `dhcpcd` will insert at the top of the new resolver file. ---- === openresolv === '''`openresolv`''' is an implementation of the `resolvconf` protocol. It is (optionally or otherwise) used by many programs: `dhcpcd`, `iwd`, `NetworkManager`, `netctl`, `openvpn`, and `wireguard`. To disable `openresolv`, set `resolveconf=NO` in the configuration file. ---- === systemd-resolvconf === '''`systemd-resolvconf`''' is a compatibility layer between `systemd-resolved` and the `resolvconf` protocol. It should be used if a program necessarily calls `resolvconf` but control needs to be returned to `systemd`. ---- === systemd-resolved === '''`systemd-resolved`''' is a multi-layered application, supporting modern DNS (and mDNS, and LLMNR) resolution: 1. a daemon handling name resolution through a dbus API, with all modern features (i.e. DNSSEC) 2. an NSS plugin (`resolve`) which re-implements most of the stack (''including'' reading the hosts file) 3. a DNS stub listener on 127.0.0.53:53 The recommended configuration of `/etc/nsswitch.conf` is as follows: {{{ hosts: mymachines resolve [!UNAVAIL=return] myhostname files dns }}} Then, the recommendation is to link the DNS stub file (which contains just the stub listen address, `127.0.0.53`) to `/etc/resolv.conf`. {{{ ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf }}} On the other hand, to disable the stub listener (so as to run a different DNS server), edit `/etc/systemd/resolved.conf` as follows: {{{ DNSStubListener=no }}} ---- CategoryRicottone |
DNS on Linux
Domain Name Resolution (DNS) on Linux is done through a modular system that supports historical operation as well as modern software solutions. This system can lead to frustration, as when settings seem to magically reset on startup.
Contents
Domain name resolution
Name Service Switch
The Name Service Switch (NSS) file (/etc/nsswitch.conf) defines the order of operations for various services, among them being name resolution.
A minimal configuration looks like...
hosts: files dns
This configuration will require a fully configured hosts file, as seen below.
Consider instead this configuration, which makes use of libraries and services from the systemd project. This will enable some omissions from the hosts file.
hosts: files mymachines myhostname dns
See here for more details on configuring /etc/nsswitch.
Hosts
The hosts file (/etc/hosts) is a list of addresses and names, especially for local hosts and machines. A basic hosts file looks like:
127.0.0.1 localhost
See here for more details on configuring /etc/hosts.
Resolver
The resolver configuration file (/etc/resolv.conf) is a list of nameservers to query for name resolution. The file is read sequentially for up to 3 nameservers for each lookup. As such, changes are effective immediately.
If the resolver file is being configured directly (which is rare-see below), then it should look like:
nameserver 8.8.8.8
See here for more details on configuring /etc/resolv.conf.
Multicast domain name resolution
Multicast domain name resolution (mDNS) is an expansion of the DNS protocol making use of the reserved address space. By convention, the .local domain is reserved for mDNS.
Link-local multicast name resolution
Link-local multicast name resolution (LLMNR) allows hosts to resolve names for other hosts on the same local link. Services listen on 224.0.0.252:5355 and ff02::1:3:5355.
Debugging DNS
Utilities
A number of tools exist for debugging DNS on Linux:
drill
dig (from the bind project, sometimes bundled with dnsutils)
resolvectl (from systemd-resolved), as in resolvectl status
Programs that overwrite resolver files
dhcpcd
dhcpcd is primarily a DHCP client. It will try to send DHCP information to resolvconf, but if that service is unavailable, it will itself generate /etc/resolv.conf. This latter behavior can be disabled by editing /etc/dhcpcd.conf:
nohook resolv.conf
For most use cases, it is sufficient to provide a header file (/etc/resolv.conf.head) that dhcpcd will insert at the top of the new resolver file.
openresolv
openresolv is an implementation of the resolvconf protocol. It is (optionally or otherwise) used by many programs: dhcpcd, iwd, NetworkManager, netctl, openvpn, and wireguard.
To disable openresolv, set resolveconf=NO in the configuration file.
systemd-resolvconf
systemd-resolvconf is a compatibility layer between systemd-resolved and the resolvconf protocol. It should be used if a program necessarily calls resolvconf but control needs to be returned to systemd.
systemd-resolved
systemd-resolved is a multi-layered application, supporting modern DNS (and mDNS, and LLMNR) resolution:
- a daemon handling name resolution through a dbus API, with all modern features (i.e. DNSSEC)
an NSS plugin (resolve) which re-implements most of the stack (including reading the hosts file)
- a DNS stub listener on 127.0.0.53:53
The recommended configuration of /etc/nsswitch.conf is as follows:
hosts: mymachines resolve [!UNAVAIL=return] myhostname files dns
Then, the recommendation is to link the DNS stub file (which contains just the stub listen address, 127.0.0.53) to /etc/resolv.conf.
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
On the other hand, to disable the stub listener (so as to run a different DNS server), edit /etc/systemd/resolved.conf as follows:
DNSStubListener=no