|
Size: 5020
Comment:
|
Size: 2371
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| '''Domain Name Resolution''' ('''DNS''') on Linux is done through a modular system that supports historical operation as well as modern software solutions. This system can lead to frustration, as when settings seem to magically reset on startup. | '''Domain Name Resolution''' ('''DNS''') on Linux is done in a very similar way to [[BSD/DNS|DNS on BSD]]. It is worth reiterating that [[Bind|DNS was invented for BSD]]. |
| Line 11: | Line 11: |
| == Domain name resolution == | == Name resolution == |
| Line 15: | Line 17: |
| The '''Name Service Switch''' ('''NSS''') file (`/etc/nsswitch.conf`) defines the order of operations for various services, among them being name resolution. | The [[Linux/NsSwitchConf|Name Service Switch (NSS) configuration file]] (`/etc/nsswitch.conf`) defines the order of operations for various services, among them being name resolution. |
| Line 31: | Line 33: |
| See [[Linux/nsswitch.conf|here]] for more details on configuring `/etc/nsswitch`. |
|
| Line 37: | Line 37: |
| The '''hosts''' file (`/etc/hosts`) is a list of addresses and names, especially for local hosts and machines. A basic hosts file looks like: | The [[Linux/Hosts|hosts file]] (`/etc/hosts`) is a list of addresses and names, especially for local hosts and machines. A basic hosts file looks like: |
| Line 43: | Line 43: |
| See [[Linux/hosts|here]] for more details on configuring `/etc/hosts`. |
|
| Line 49: | Line 47: |
| The '''resolver''' configuration file (`/etc/resolv.conf`) is a list of nameservers to query for name resolution. The file is read sequentially for up to 3 nameservers for each lookup. As such, changes are effective immediately. | The [[Linux/ResolvConf|resolver configuration file]] (`/etc/resolv.conf`) is a list of nameservers to query for name resolution. Changes are immediately effective. |
| Line 51: | Line 49: |
| If the resolver file is being configured directly (which is rare-see below), then it should look like: | If the resolver file is being configured directly, then it should look like: |
| Line 57: | Line 55: |
| See [[Linux/resolv.conf|here]] for more details on configuring `/etc/resolv.conf`. | Services that manipulate the resolver file include: * [[Linux/SystemdResolved|systemd-resolved(8)]] and it's userland utility `resolvectl(1)` * [[Linux/SystemdResolved#ResolveConf|systemd-resolveconf(8)]] * [[OpenResolv|openresolve]] with [[Linux/ResolvConfConf|resolveconf.conf(5)]] * [[Dhcpcd|dhcpcd(8)]] * [[NetworkManager|NetworkManager(8)]] === Utilities === * `drill(1)`, used as `drill NAME @SERVER TYPE` * [[Bind/Dig|dig(1)]] |
| Line 63: | Line 74: |
| == Multicast domain name resolution == | == Multicast name resolution == |
| Line 65: | Line 76: |
| '''Multicast domain name resolution''' ('''mDNS''') is an expansion of the DNS protocol making use of the reserved address space. By convention, the `.local` domain is reserved for mDNS. | '''Multicast domain name resolution''' ('''mDNS''') is an expansion of the DNS protocol. An mDNS broadcaster makes use of port 5353 and resolves names in the `.local` domain. |
| Line 67: | Line 78: |
| ---- == Link-local multicast name resolution == '''Link-local multicast name resolution''' ('''LLMNR''') allows hosts to resolve names for other hosts on the same local link. Services listen on `224.0.0.252:5355` and `ff02::1:3:5355`. ---- == Debugging DNS == === Utilities === A number of tools exist for debugging DNS on Linux: * `drill(1)`, used as `drill NAME @SERVER TYPE` * `dig(1)` (from the `bind` project, sometimes bundled with `dnsutils`) used as `dig @SERVER NAME TYPE` * `resolvectl(1)` (from `systemd-resolved`), used as `resolvectl status` ---- == Programs that overwrite resolver files == === dhcpcd === '''`dhcpcd(8)`''' is primarily a DHCP client. It will try to send DHCP information to `resolvconf`, but if that service is unavailable, it will itself generate `/etc/resolv.conf`. This latter behavior can be disabled by editing `/etc/dhcpcd.conf`: {{{ nohook resolv.conf }}} For most use cases, it is sufficient to provide a header file (`/etc/resolv.conf.head`) that `dhcpcd` will insert at the top of the new resolver file. ---- === openresolv === '''`openresolv`''' is an implementation of the `resolvconf(1)` protocol. This protocol describes a daemon receiving piped information from multiple sources, then orchestrating a resolver configuration. All of the following will plug into this protocol: * `dhcpcd(8)` * `iwd(8)` * `NetworkManager(8)` * `netctl(1)` * `openvpn(8)` * `wg(8)` If the `resolvconf(1)` manual page redirects to `resolvectl(1)`, then you are using `systemd-resolvconf`. To disable `openresolv`, set `resolveconf=NO` in the configuration file. See [[Linux/resolvconf.conf|here]] for more details on configuring `/etc/resolvconf.conf`. ---- === systemd-resolvconf === '''`systemd-resolvconf`''' is a compatibility layer between `systemd-resolved(8)` and the `resolvconf(1)` protocol. If the `resolvconf(1)` manual page ''does '''not''''' redirect to `resolvectl(1)`, then you are '''not''' using `systemd-resolvconf`. ---- === systemd-resolved === '''`systemd-resolved(8)`''' is a multi-layered application, supporting DNS (and mDNS, and LLMNR, and so on) resolution: 1. a daemon handling name resolution through a dbus API, with all modern features (i.e. DNSSEC) 2. an NSS plugin (`resolve`) which re-implements most of the stack (''including'' reading the hosts file) 3. a DNS stub listener on 127.0.0.53:53 The recommended configuration of `/etc/nsswitch.conf` is as follows: {{{ hosts: mymachines resolve [!UNAVAIL=return] myhostname files dns }}} Then, the recommendation is to link the DNS stub file (which contains just the stub listen address, `127.0.0.53`) to `/etc/resolv.conf`. {{{ ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf }}} On the other hand, to disable the stub listener (so as to run a different DNS server), edit `/etc/systemd/resolved.conf` as follows: {{{ DNSStubListener=no }}} |
Note that there is also partial/coincidental support for '''link-local multicast name resolution''' ('''LLMNR''') in many of the Linux implementations of mDNS. LLMNR is a similar but deliberately incompatible protocol (using port 5355) and also with a limited scope for features. |
| Line 166: | Line 83: |
| CategoryRicottone | CategoryRicottone CategoryRicottone |
DNS on Linux
Domain Name Resolution (DNS) on Linux is done in a very similar way to DNS on BSD. It is worth reiterating that DNS was invented for BSD.
Contents
Name resolution
Name Service Switch
The Name Service Switch (NSS) configuration file (/etc/nsswitch.conf) defines the order of operations for various services, among them being name resolution.
A minimal configuration looks like...
hosts: files dns
This configuration will require a fully configured hosts file, as seen below.
Consider instead this configuration, which makes use of libraries and services from the systemd project. This will enable some omissions from the hosts file.
hosts: files mymachines myhostname dns
Hosts
The hosts file (/etc/hosts) is a list of addresses and names, especially for local hosts and machines. A basic hosts file looks like:
127.0.0.1 localhost
Resolver
The resolver configuration file (/etc/resolv.conf) is a list of nameservers to query for name resolution. Changes are immediately effective.
If the resolver file is being configured directly, then it should look like:
nameserver 8.8.8.8
Services that manipulate the resolver file include:
systemd-resolved(8) and it's userland utility resolvectl(1)
Utilities
drill(1), used as drill NAME @SERVER TYPE
Multicast name resolution
Multicast domain name resolution (mDNS) is an expansion of the DNS protocol. An mDNS broadcaster makes use of port 5353 and resolves names in the .local domain.
Note that there is also partial/coincidental support for link-local multicast name resolution (LLMNR) in many of the Linux implementations of mDNS. LLMNR is a similar but deliberately incompatible protocol (using port 5355) and also with a limited scope for features.