LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-11-2020, 08:05 AM   #1
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,181

Rep: Reputation: 89
dns server priority in systemd resolve


I'd like to understand how the priority of the dns servers works in the systemd resolve service.
For instance, when I connect to the VPN, I get the DNS servers associated with the tun0 interface (systemd-resolve --status):
Code:
Link 6 (tun0)
      Current Scopes: DNS          
DefaultRoute setting: yes          
       LLMNR setting: yes          
MulticastDNS setting: no           
  DNSOverTLS setting: no           
      DNSSEC setting: no           
    DNSSEC supported: no           
  Current DNS Server: 192.168.50.21
         DNS Servers: 192.168.50.21
                      192.168.50.22
          DNS Domain: company.local
And for my main wlan interface (facing the internet):
Code:
Link 2 (wlp0s20f3)
      Current Scopes: DNS                                 
DefaultRoute setting: yes                                 
       LLMNR setting: yes                                 
MulticastDNS setting: no                                  
  DNSOverTLS setting: no                                  
      DNSSEC setting: no                                  
    DNSSEC supported: no                                  
  Current DNS Server: 192.168.0.1                         
         DNS Servers: 192.168.0.1                         
                      2a02:8109:a0c0:46c:10:18ff:febf:48dc
          DNS Domain: ~.
In this scenario, 192.168.0.1 (from my own router) is being used.
This is what I get when I tell the vpn client to "use this connection only for resources on its network".

But when I uncheck this, so that all the traffic goes through the vpn, there's no DNS anymore for Link 2 (the internet facing interface):
Code:
Link 2 (wlp0s20f3)
      Current Scopes: none
DefaultRoute setting: no  
       LLMNR setting: yes 
MulticastDNS setting: no  
  DNSOverTLS setting: no  
      DNSSEC setting: no  
    DNSSEC supported: no
The one from tun0 remains the same.
So how can I actually tell what dns server is currently (default) being used without turning to tcpdump, for instance?
 
Old 08-12-2020, 10:32 AM   #2
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,350

Rep: Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004
dig will (should) report the IP address of the name server that handled the request.
Code:
dig -x 8.8.8.8
8.8.8.8.in-addr.arpa.   82019   IN      PTR     dns.google.
;; Query time: 11 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Aug 12 07:31:41 MST 2020
;; MSG SIZE  rcvd: 73
...emphasis added
 
Old 08-12-2020, 03:55 PM   #3
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,181

Original Poster
Rep: Reputation: 89
I think that happens only when you're not using systemd resolve as the dns daemon. If you've tried that on Centos 7, then it doesn't matter. Try it on Ubuntu 18 or 20, for instance. It might be the same on Centos 8, haven't tested it there. It will always show you 127.0.0.53#53.
 
Old 08-12-2020, 04:19 PM   #4
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 5,350

Rep: Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004Reputation: 2004
The posted code is from this desktop, and uses the router...which is configured in turn to use the ISPs DNS.
I get a similar response from the server, except it returns the data center's DNS.

Both are current CentOS 7.8 configurations. Neither is running a DNS daemon.
 
Old 08-12-2020, 05:11 PM   #5
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,181

Original Poster
Rep: Reputation: 89
systemd-resolved seems to work in different ways depending on the distro, but:
Quote:
Using the systemd DNS stub file - the systemd DNS stub file /run/systemd/resolve/stub-resolv.conf contains the local stub 127.0.0.53 as the only DNS server and a list of search domains. This is the recommended mode of operation.
https://wiki.archlinux.org/index.php/Systemd-resolved

On Centos 7 /etc/resolv.conf is an actual file, whereas on Ubuntu 18/20 (server and desktop) it's just a symlink to /run/systemd/resolve/stub-resolv.conf. On Centos 8 as see it's the same as on Centos 7.

Regardless, as long as you don't have access to the command systemd-resolve, it really doesn't matter
 
Old 08-16-2020, 03:49 PM   #6
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,181

Original Poster
Rep: Reputation: 89
SO anyone any ideas yet? I find the situation a little bit ridiculous, you basically don't know what your main DNS Server is on systemd-resolve, if you get several from different sources. So what are the criteria?
 
Old 11-12-2020, 06:29 PM   #7
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,181

Original Poster
Rep: Reputation: 89
So I've finally found the answer: by default systemd-resolve will query the dns server one after another:
Code:
root@ubuntu1:~# resolvectl dns
Global:
Link 10 (tun0): 192.168.50.21 192.168.50.22
Link 3 (docker0):
Link 2 (wlp0s20f3): 192.168.0.1
But more importantly is to see what domains are associated to an interface:
Code:
root@ubuntu1:~# resolvectl domain 
Global:
Link 10 (tun0): company.local
Link 3 (docker0):
Link 2 (wlp0s20f3): ~.
So company.local and all subdomains are going to use the tun0 dns servers, wheras the rest (~) is going to use 192.168.0.1.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] DNS server not able to resolve from DNS clients!! arjunstarz Linux - Networking 8 02-09-2017 02:25 AM
dns client cannot resolve on dns server jtvillegas Linux - Software 3 03-12-2016 04:30 PM
X: warning; priority set to -1 instead of requested priority 0 HitmanX Linux - Newbie 5 12-13-2010 12:09 PM
process priority,nice -- small question regarding high/low priority values beeblequix Linux - Newbie 1 10-11-2006 11:22 AM
DNS can't resolve gmail.com but can resolve everything else? TongueTied Linux - Networking 2 01-24-2006 04:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration