Notes client DNS

Voir aussi les clients DNS :

• Unbound

Voir aussi :

• https://linuxfr.org/news/happydomain-on-devrait-tous-avoir-un-nom-de-domaine#toc-%C3%80-quoi-sert-happydomain

Voir aussi:

• /etc/nsswitch.conf

NOTE : Le comportement est différent avec musl libc (alternative à glibc)

You need to be aware of the hard limits for name servers, domain name, and search domains when you create or edit the /etc/resolv.conf file.

The hard limits for the /etc/resolv.conf file are as follows:

• Maximum number of name servers is 3. (is hardcoded as the 4th will never be used)
• Maximum line size is 256. (avant glibc 2.26 ?)
• Maximum domain name length is 256 characters. (avant glibc 2.26 ?)
• Maximum search domains limit is 6.
  • In glibc 2.25 and earlier, the search list is limited to six domains with a total of 256 characters. Since glibc 2.26, the search list is unlimited (RHEL 6 ; sous RHEL 7 et 8 ça dépend de la version de la glibc)
• Total number of characters for all search domains is 256. (avant glibc 2.26)
• Note: You should use only tab or space to separate host names in the search domain list.

Si plus de 3 serveurs dans /etc/resolv.conf : “Nameserver limits were exceeded, some nameservers have been omitted…”

Note: There is no limit on file size.

Le mot-clé search du fichier resolv.conf du système peut être surchargé indépendamment pour chaque processus en remplissant la variable d'environnement LOCALDOMAIN avec une liste de domaines de recherche séparés par des espaces.

Le mot-clé options du fichier resolv.conf du système peut être surchargé indépendamment pour chaque processus en remplissant la variable d'environnement RES_OPTIONS en une liste d'options de la bibliothèque resolver (séparées par des espaces)…

sudo socat -v -v udp4-listen:53,reuseaddr,fork udp4:8.8.8.8:53

# UDP
#host -U -W 1 127.0.0.1 8.8.8.8
host -W 1 127.0.0.1 8.8.8.8
 
# TCP
host -T -W 1 127.0.0.1 8.8.8.8

echo "127.0.0.1,192.168.1.1,8.8.8.8" |tr "," "\n" |xargs -L1 -I% bash -c "host -W 1 plop.plop % |grep -q 'not found' && echo OK % || echo NOK %"

- name: Check DNS connectivity - UDP
  command: "host -W 1 127.0.0.1 {{ item | quote }}"
  check_mode: false
  changed_when: false
  register: cmd_host_udp
  failed_when: not ( cmd_host_udp.rc == 0 or ( cmd_host_udp.rc == 1 and cmd_host_udp.stdout_lines is search('not found') ) )
  with_items: "{{ resolv_new_nameservers }}"

- name: Check DNS connectivity - TCP
  command: "host -T -W 1 127.0.0.1 {{ item | quote }}"
  check_mode: false
  changed_when: false
  register: cmd_host_tcp
  failed_when: not ( cmd_host_tcp.rc == 0 or ( cmd_host_tcp.rc == 1 and cmd_host_tcp.stdout_lines is search('not found') ) )
  with_items: "{{ resolv_new_nameservers }}"

Ou encore :

curl --dns-servers 192.168.0.1,192.168.0.2 https://example.com
curl --dns-servers 10.0.0.1:53 https://example.com
 
systemd-resolve HOSTNAME SERVERNAME

  my-app:
     build: my-app
     dns:
       - 10.20.20.1  # dns server 1
       - 10.21.21.2  # dns server 2
     dns_search: ibm-edv.ibmnet.int

spec:
  containers:
  - name: test
    image: nginx
    dnsConfig:
      options:
      - name: timeout
        value: "2"

extra_hosts:
 - "somehost:162.242.195.82"
 - "otherhost:50.31.209.229"

Voir aussi :

• https://geekflare.com/fr/setup-dns-caching-dnsmasq-on-ubuntu/
• https://doc.ubuntu-fr.org/unbound
• Rescached
  • https://wiki.archlinux.org/title/rescached
  • https://github.com/shuLhan/rescached-go

/etc/systemd/resolved.conf

DNS=1.1.1.1 1.0.0.1

sudo mv /etc/resolv.conf /etc/resolv.conf.orig
 
sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

/etc/resolv.conf

nameserver 127.0.0.53
options edns0

Voir aussi /etc/nsswitch.conf

sudo pkill -USR1 systemd-resolve
sudo systemd-resolve --flush-caches
sudo resolvectl flush-caches
 
sudo journalctl -u systemd-resolved > ~/resolved.txt
 
sudo systemd-resolve --statistics

Vider le cache DNS SystemD

systemd-resolve --flush-caches

Clear BIND Server DNS Cache

sudo rndc restart

Clear DNS cache for a particular domain, use the below command.

sudo rndc flushname <Domain_Name>

Clear the dnsmasq Server DNS Cache

sudo systemctl restart dnsmasq

Flush nscd server DNS Cache

sudo systemctl restart nscd

pdnsd

pdnsd-ctl empty-cache

No ipv6 AAAA

# since glibc 2.36
options         no-aaaa

no-tld-query (since glibc 2.14)

/etc/resolv.conf

# options rotate timeout:1 retries:1
# options rotate timeout:2 attempts: 1
options         timeout:0 attempts:1
nameserver      192.168.10.10
nameserver      192.168.11.10
search          domain1.local domain2.local
domain          domain2.local

Résolution FQDN OK

# getent hosts srv01.domain1.local
192.168.1.101  srv01.domain1.local

Résolution FQDN NOK

# getent hosts srv01
#

Placer search après domain ou alors commenter domain

According to the implementation of Glibc, if domain and search directives are both used, only the last instance will be used for DNS queries.
Source : https://access.redhat.com/solutions/5958611

The domain directive is an obsolete name for the search directive that handles one search list entry only.
Source : https://man7.org/linux/man-pages/man5/resolv.conf.5.html

/etc/resolv.conf

options rotate timeout:1 retries:1
# options rotate timeout:2 attempts: 1
nameserver      192.168.10.10
nameserver      192.168.11.10
domain          domain2.local
search          domain1.local domain2.local

# getent hosts srv01
192.168.1.101  srv01.domain1.local

# getent hosts srv01.domain1.local
192.168.1.101  srv01.domain1.local

$ getent hosts plop
192.168.21.25    plop.acme.local
 
$ getent hosts plop.acme.local
$
 
$ dig +short plop.acme.local
192.168.21.25

Vérif avec dig / nslookup et si OK le pb est ailleurs, par exemple dans la conf libc

/etc/nsswitch.conf

#hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname
hosts:          files dns myhostname

the step-by-step name resolution, you can do this:

dig +add +trace @8.8.8.8 www.google.com

kdig client (part of Knot):

kdig +tls @localhost -p 8353 foobar.test

https://framagit.org/bortzmeyer/check-soa

blaeu-resolve -r 100 - -type NS meteofrance.com

# /etc/systemd/resolved.conf
sudo systemctl restart systemd-resolved.service

Conf

systemd-resolve --set-dns=192.168.1.1 -i wlan1

Status

systemd-resolve --status

Disable and stop the systemd-resolved service

sudo systemctl disable systemd-resolved.service
sudo systemctl stop systemd-resolved

/etc/NetworkManager/NetworkManager.conf

[main]
dns=default

unlink /etc/resolv.conf
sudo service network-manager restart

DHCP DNS ?

/etc/systemd/network/enp0s31f6.network

[DHCP]
UseDNS=true

Autre

ps aux |grep dnsmasq 

resolv.py

import socket
for x in range(5):
   print(socket.getaddrinfo('gnu.org', 80))

# strace -e trace=connect python resolv.py 2>&1 | grep 53
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.10.10")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.20.20")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.1.5")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.10.10")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.20.20")}, 16) = 0

lsof -i udp:53
time tcpdump udp port 53 -Qout -n |nl
time strace -f -e trace=%network -p 29976 2>&1 |grep 'htons(53)' |nl

# sysdig -c lsof "'fd.l4proto=udp and fd.port=53'"
COMMAND             PID     TID     USER    FD      TYPE        NAME
systemd-resolve     2870470 2870470 systemd 12      ipv4        127.0.0.53:53

csysdig -v connections fd.ip=10.172.93.224
iftop -f "host 10.172.93.224"

windows

nslookup
set detail

Root serveur. MX Transfer de zone. audit

https://github.com/bortzmeyer/check-soa

check-soa -i dz