Ubuntu 18.04.3 LTS で NetworkManager は入ってなくて netplan が nic を管理しており、
systemd-resolved と dnsmasq までは大丈夫なのだが、resolvconf が入ると lo 内で dns query がバーストする。
netplan の設定は以下
dnsmasq が DHCP の役割を果たしており、
この状態で、resolvconf を入れない状態で
LAN 内の DHCP を提供しているマシンへの DNS はきちんと提供できる状態になり、
127.0.0.1 と 127.0.0.53 にループも生じてないのでバーストも起きない。
ところが、resolvconf を入れると以下のような状況になる。
/etc/resolv.conf が ../run/resolvconf/resolv.conf への symbolic link となり、dnsmasq の 127.0.0.1 を向くことで、
router 上からも dnsmasq を引けるようになったのは喜ばしいのだが、
見ての通り、systemd-resolve --status の Global のところに 127.0.0.1 が追加されてしまい、
これにより、127.0.0.1 の dnsmasq と 127.0.0.53 の systemd-resolved のループが出来上がることによって、DNS にバーストが生ずる。
systemd-resolved と dnsmasq までは大丈夫なのだが、resolvconf が入ると lo 内で dns query がバーストする。
netplan の設定は以下
$ cat /etc/netplan/config.yaml network: version: 2 renderer: networkd ethernets: ens3: addresses: [xxx.xxx.xxx.aaa/24] gateway4: xxx.xxx.xxx.1 nameservers: addresses: [xxx.xxx.yyy.bbb, xxx.xxx.zzz.ccc, xxx.xxx.zzz.ddd] ens4: addresses: [192.168.1.1/24]
dnsmasq が DHCP の役割を果たしており、
$ cat /etc/dnsmasq.d/lan.conf local=// interface=ens4 #listen-address=192.168.1.1 bind-interfaces dhcp-range=192.168.1.2,192.168.1.254,255.255.255.0,6hみたいにしてある。
この状態で、resolvconf を入れない状態で
sudo mv -v /etc/resolv.conf{,$(date -r /etc/resolv.conf +%Y%m%d_%H%M%S)} sudo ln -sv /run/systemd/resolve/stub-resolv.conf /etc/resolv.confとしておけば、
$ systemd-resolve --status Global DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 3 (ens4) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no Link 2 (ens3) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: xxx.xxx.yyy.bbb xxx.xxx.zzz.ccc xxx.xxx.zzz.ddd
$ checkdns.sh find: ‘/run/resolvconf’: No such file or directory [-rw-r--r-- 1 systemd-resolve systemd-resolve 715 Nov 29 15:29 /run/systemd/resolve/stub-resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 [-rw-r--r-- 1 systemd-resolve systemd-resolve 640 Nov 29 15:29 /run/systemd/resolve/resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd [-rw-r--r-- 1 dnsmasq nogroup 6 Nov 29 15:32 /run/dnsmasq/dnsmasq.pid] 21948 [lrwxrwxrwx 1 root root 37 Nov 29 15:28 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf]のようになり、router 上からは dnsmasq を引けない問題は残るが、
LAN 内の DHCP を提供しているマシンへの DNS はきちんと提供できる状態になり、
127.0.0.1 と 127.0.0.53 にループも生じてないのでバーストも起きない。
ところが、resolvconf を入れると以下のような状況になる。
$ systemd-resolve --status Global DNS Servers: 127.0.0.1 DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 3 (ens4) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no Link 2 (ens3) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: xxx.xxx.yyy.bbb xxx.xxx.zzz.ccc xxx.xxx.zzz.ddd
$ checkdns.sh [-rw-r--r-- 1 root root 317 Nov 29 15:35 /run/resolvconf/resolv.conf] # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.1 options edns0 [-rw-r--r-- 1 root root 0 Nov 29 15:35 /run/resolvconf/enable-updates] [-rw-r--r-- 1 root root 21 Nov 29 15:35 /run/resolvconf/interface/lo.dnsmasq] nameserver 127.0.0.1 [-rw-r--r-- 1 systemd-resolve systemd-resolve 715 Nov 29 15:29 /run/resolvconf/interface/original.resolvconf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 [-rw-r--r-- 1 systemd-resolve systemd-resolve 715 Nov 29 15:29 /run/systemd/resolve/stub-resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 [-rw-r--r-- 1 systemd-resolve systemd-resolve 640 Nov 29 15:29 /run/systemd/resolve/resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd [-rw-r--r-- 1 root root 22 Nov 29 15:38 /run/dnsmasq/resolv.conf] nameserver 127.0.0.53 [-rw-r--r-- 1 dnsmasq nogroup 6 Nov 29 15:35 /run/dnsmasq/dnsmasq.pid] 22184 [lrwxrwxrwx 1 root root 29 Nov 29 15:35 /etc/resolv.conf -> ../run/resolvconf/resolv.conf]
/etc/resolv.conf が ../run/resolvconf/resolv.conf への symbolic link となり、dnsmasq の 127.0.0.1 を向くことで、
router 上からも dnsmasq を引けるようになったのは喜ばしいのだが、
見ての通り、systemd-resolve --status の Global のところに 127.0.0.1 が追加されてしまい、
これにより、127.0.0.1 の dnsmasq と 127.0.0.53 の systemd-resolved のループが出来上がることによって、DNS にバーストが生ずる。
/etc/systemd/resolved.conf に
systemd-resolved と dnsmasq を以下のようにして再起動した。
このままだと、/etc/resolv.conf は dnsmasq を見てくれないので
resolvconf を追加してみたところ
念のため、
DNSStubListener=noを設定し、systemd-resolved の stub listener (127.0.0.53) を止めておいて
sudo mv -v /etc/resolv.conf{,$(date -r /etc/resolv.conf +%Y%m%d_%H%M%S)} sudo ln -sv /run/systemd/resolve/resolv.conf /etc/resolv.confとすることで、stub ではなく netplan の設定から得た DNS の方を参照させるように設定した上で、
systemd-resolved と dnsmasq を以下のようにして再起動した。
sudo systemctl restart systemd-resolved dnsmasq
このままだと、/etc/resolv.conf は dnsmasq を見てくれないので
resolvconf を追加してみたところ
$ systemd-resolve --status Global DNS Servers: xxx.xxx.yyy.bbb xxx.xxx.zzz.ccc xxx.xxx.zzz.ddd DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test Link 3 (ens4) Current Scopes: none LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no Link 2 (ens3) Current Scopes: DNS LLMNR setting: yes MulticastDNS setting: no DNSSEC setting: no DNSSEC supported: no DNS Servers: xxx.xxx.yyy.bbb xxx.xxx.zzz.ccc xxx.xxx.zzz.ddd
$ checkdns.sh [-rw-r--r-- 1 root root 303 Nov 29 15:51 /run/resolvconf/resolv.conf] # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.1 [-rw-r--r-- 1 root root 0 Nov 29 15:49 /run/resolvconf/enable-updates] [-rw-r--r-- 1 root root 22 Nov 29 15:51 /run/resolvconf/interface/systemd-resolved] nameserver 127.0.0.53 [-rw-r--r-- 1 root root 21 Nov 29 15:51 /run/resolvconf/interface/lo.dnsmasq] nameserver 127.0.0.1 [-rw-r--r-- 1 systemd-resolve systemd-resolve 640 Nov 29 15:48 /run/resolvconf/interface/original.resolvconf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd [-rw-r--r-- 1 systemd-resolve systemd-resolve 715 Nov 29 15:51 /run/systemd/resolve/stub-resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients to the # internal DNS stub resolver of systemd-resolved. This file lists all # configured search domains. # # Run "systemd-resolve --status" to see details about the uplink DNS servers # currently in use. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver 127.0.0.53 options edns0 [-rw-r--r-- 1 systemd-resolve systemd-resolve 640 Nov 29 15:51 /run/systemd/resolve/resolv.conf] # This file is managed by man:systemd-resolved(8). Do not edit. # # This is a dynamic resolv.conf file for connecting local clients directly to # all known uplink DNS servers. This file lists all configured search domains. # # Third party programs must not access this file directly, but only through the # symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, # replace this symlink by a static file or a different symlink. # # See man:systemd-resolved.service(8) for details about the supported modes of # operation for /etc/resolv.conf. nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd [-rw-r--r-- 1 root root 97 Nov 29 15:51 /run/dnsmasq/resolv.conf] nameserver xxx.xxx.yyy.bbb nameserver xxx.xxx.zzz.ccc nameserver xxx.xxx.zzz.ddd nameserver 127.0.0.53 [-rw-r--r-- 1 dnsmasq nogroup 6 Nov 29 15:51 /run/dnsmasq/dnsmasq.pid] 23388 [lrwxrwxrwx 1 root root 29 Nov 29 15:49 /etc/resolv.conf -> ../run/resolvconf/resolv.conf]のような状態になり、無事ループが解消されると共に、router 上からも dnsmasq が引けるようになった。
念のため、
sudo resolvconf -u sudo systemctl restart systemd-resolved dnsmasqとかもしてみたが、127.0.0.1 同士でループする事もなく、一応解決を見た模様。
上記で用いている checkdns.sh は以下のような内容である。
#!/usr/bin/env bash SGR_reset="\e[0m" SGR_bold="\e[1m" SGR_fg_green="\e[32m" find /run/resolvconf /run/systemd/resolve /run/dnsmasq /etc/resolv.conf -type f -or -type l | while read i; do # echo -e "[${SGR_fg_green}${SGR_bold}$i${SGR_reset}]" echo -e "[${SGR_fg_green}${SGR_bold}$(ls -l "$i")${SGR_reset}]" [ -h "$i" ] && continue cat "$i" | sed -E 's/^/\t/g' done
- StackExchange / Unix & Linux
タグ
コメントをかく