状況 
Ubuntu 18.04.3 LTS で NetworkManager は入ってなくて netplan が nic を管理しており、
systemd-resolved と dnsmasq までは大丈夫なのだが、resolvconf が入ると lo 内で dns query がバーストする。
netplan の設定は以下
dnsmasq が DHCP の役割を果たしており、
この状態で、resolvconf を入れない状態で
LAN 内の DHCP を提供しているマシンへの DNS はきちんと提供できる状態になり、
127.0.0.1 と 127.0.0.53 にループも生じてないのでバーストも起きない。
ところが、resolvconf を入れると以下のような状況になる。
/etc/resolv.conf が ../run/resolvconf/resolv.conf への symbolic link となり、dnsmasq の 127.0.0.1 を向くことで、
router 上からも dnsmasq を引けるようになったのは喜ばしいのだが、
見ての通り、systemd-resolve --status の Global のところに 127.0.0.1 が追加されてしまい、
これにより、127.0.0.1 の dnsmasq と 127.0.0.53 の systemd-resolved のループが出来上がることによって、DNS にバーストが生ずる。
systemd-resolved と dnsmasq までは大丈夫なのだが、resolvconf が入ると lo 内で dns query がバーストする。
netplan の設定は以下
$ cat /etc/netplan/config.yaml
network:
version: 2
renderer: networkd
ethernets:
ens3:
addresses: [xxx.xxx.xxx.aaa/24]
gateway4: xxx.xxx.xxx.1
nameservers:
addresses: [xxx.xxx.yyy.bbb, xxx.xxx.zzz.ccc, xxx.xxx.zzz.ddd]
ens4:
addresses: [192.168.1.1/24]
dnsmasq が DHCP の役割を果たしており、
$ cat /etc/dnsmasq.d/lan.conf local=// interface=ens4 #listen-address=192.168.1.1 bind-interfaces dhcp-range=192.168.1.2,192.168.1.254,255.255.255.0,6hみたいにしてある。
この状態で、resolvconf を入れない状態で
sudo mv -v /etc/resolv.conf{,$(date -r /etc/resolv.conf +%Y%m%d_%H%M%S)}
sudo ln -sv /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
としておけば、
$ systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (ens4)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 2 (ens3)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: xxx.xxx.yyy.bbb
xxx.xxx.zzz.ccc
xxx.xxx.zzz.ddd
$ checkdns.sh find: ‘/run/resolvconf’: No such file or directory [-rw-r--r-- 1 systemd-resolve systemd-resolve 715 Nov 29 15:29 /run/systemd/resolve/stub-resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 [-rw-r--r-- 1 systemd-resolve systemd-resolve 640 Nov 29 15:29 /run/systemd/resolve/resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd [-rw-r--r-- 1 dnsmasq nogroup 6 Nov 29 15:32 /run/dnsmasq/dnsmasq.pid] 21948 [lrwxrwxrwx 1 root root 37 Nov 29 15:28 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf]のようになり、router 上からは dnsmasq を引けない問題は残るが、
LAN 内の DHCP を提供しているマシンへの DNS はきちんと提供できる状態になり、
127.0.0.1 と 127.0.0.53 にループも生じてないのでバーストも起きない。
ところが、resolvconf を入れると以下のような状況になる。
$ systemd-resolve --status
Global
DNS Servers: 127.0.0.1
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (ens4)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 2 (ens3)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: xxx.xxx.yyy.bbb
xxx.xxx.zzz.ccc
xxx.xxx.zzz.ddd
$ checkdns.sh [-rw-r--r-- 1 root root 317 Nov 29 15:35 /run/resolvconf/resolv.conf] # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.1 options edns0 [-rw-r--r-- 1 root root 0 Nov 29 15:35 /run/resolvconf/enable-updates] [-rw-r--r-- 1 root root 21 Nov 29 15:35 /run/resolvconf/interface/lo.dnsmasq] nameserver 127.0.0.1 [-rw-r--r-- 1 systemd-resolve systemd-resolve 715 Nov 29 15:29 /run/resolvconf/interface/original.resolvconf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 [-rw-r--r-- 1 systemd-resolve systemd-resolve 715 Nov 29 15:29 /run/systemd/resolve/stub-resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 [-rw-r--r-- 1 systemd-resolve systemd-resolve 640 Nov 29 15:29 /run/systemd/resolve/resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd [-rw-r--r-- 1 root root 22 Nov 29 15:38 /run/dnsmasq/resolv.conf] nameserver 127.0.0.53 [-rw-r--r-- 1 dnsmasq nogroup 6 Nov 29 15:35 /run/dnsmasq/dnsmasq.pid] 22184 [lrwxrwxrwx 1 root root 29 Nov 29 15:35 /etc/resolv.conf -> ../run/resolvconf/resolv.conf]
/etc/resolv.conf が ../run/resolvconf/resolv.conf への symbolic link となり、dnsmasq の 127.0.0.1 を向くことで、
router 上からも dnsmasq を引けるようになったのは喜ばしいのだが、
見ての通り、systemd-resolve --status の Global のところに 127.0.0.1 が追加されてしまい、
これにより、127.0.0.1 の dnsmasq と 127.0.0.53 の systemd-resolved のループが出来上がることによって、DNS にバーストが生ずる。
解決方法
/etc/systemd/resolved.conf に
systemd-resolved と dnsmasq を以下のようにして再起動した。
このままだと、/etc/resolv.conf は dnsmasq を見てくれないので
resolvconf を追加してみたところ
念のため、
DNSStubListener=noを設定し、systemd-resolved の stub listener (127.0.0.53) を止めておいて
sudo mv -v /etc/resolv.conf{,$(date -r /etc/resolv.conf +%Y%m%d_%H%M%S)}
sudo ln -sv /run/systemd/resolve/resolv.conf /etc/resolv.conf
とすることで、stub ではなく netplan の設定から得た DNS の方を参照させるように設定した上で、systemd-resolved と dnsmasq を以下のようにして再起動した。
sudo systemctl restart systemd-resolved dnsmasq
このままだと、/etc/resolv.conf は dnsmasq を見てくれないので
resolvconf を追加してみたところ
$ systemd-resolve --status
Global
DNS Servers: xxx.xxx.yyy.bbb
xxx.xxx.zzz.ccc
xxx.xxx.zzz.ddd
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (ens4)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
Link 2 (ens3)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: xxx.xxx.yyy.bbb
xxx.xxx.zzz.ccc
xxx.xxx.zzz.ddd
$ checkdns.sh [-rw-r--r-- 1 root root 303 Nov 29 15:51 /run/resolvconf/resolv.conf] # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.1 [-rw-r--r-- 1 root root 0 Nov 29 15:49 /run/resolvconf/enable-updates] [-rw-r--r-- 1 root root 22 Nov 29 15:51 /run/resolvconf/interface/systemd-resolved] nameserver 127.0.0.53 [-rw-r--r-- 1 root root 21 Nov 29 15:51 /run/resolvconf/interface/lo.dnsmasq] nameserver 127.0.0.1 [-rw-r--r-- 1 systemd-resolve systemd-resolve 640 Nov 29 15:48 /run/resolvconf/interface/original.resolvconf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd [-rw-r--r-- 1 systemd-resolve systemd-resolve 715 Nov 29 15:51 /run/systemd/resolve/stub-resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 [-rw-r--r-- 1 systemd-resolve systemd-resolve 640 Nov 29 15:51 /run/systemd/resolve/resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd [-rw-r--r-- 1 root root 97 Nov 29 15:51 /run/dnsmasq/resolv.conf] nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd nameserver 127.0.0.53 [-rw-r--r-- 1 dnsmasq nogroup 6 Nov 29 15:51 /run/dnsmasq/dnsmasq.pid] 23388 [lrwxrwxrwx 1 root root 29 Nov 29 15:49 /etc/resolv.conf -> ../run/resolvconf/resolv.conf]のような状態になり、無事ループが解消されると共に、router 上からも dnsmasq が引けるようになった。
念のため、
sudo resolvconf -u sudo systemctl restart systemd-resolved dnsmasqとかもしてみたが、127.0.0.1 同士でループする事もなく、一応解決を見た模様。
備考
上記で用いている checkdns.sh は以下のような内容である。
#!/usr/bin/env bash
SGR_reset="\e[0m"
SGR_bold="\e[1m"
SGR_fg_green="\e[32m"
find /run/resolvconf /run/systemd/resolve /run/dnsmasq /etc/resolv.conf -type f -or -type l | while read i; do
# echo -e "[${SGR_fg_green}${SGR_bold}$i${SGR_reset}]"
echo -e "[${SGR_fg_green}${SGR_bold}$(ls -l "$i")${SGR_reset}]"
[ -h "$i" ] && continue
cat "$i" | sed -E 's/^/\t/g'
done
参考
- StackExchange / Unix & Linux
タグ
コメントをかく