On 11 October 2017 at 15:25, Matthias Fratz <[email protected]> wrote: > Tried that, and it started using the DHCP-provided search path (yay!). > > Setting the search path in NetworkManager (which is responsible for the > interface in question) works, ie. honors the search path and doesn't > break resolving for those domains, with both single and multiple search > paths: > > [ipv4] > dns-search=disy.inf.uni-konstanz.de;inf.uni-konstanz.de;uni-konstanz.de > method=auto > > [ipv6] > addr-gen-mode=stable-privacy > dns-search=disy.inf.uni-konstanz.de;inf.uni-konstanz.de;uni-konstanz.de > method=auto > > Having to do this for each connection and for both IPv4 and IPv6 sucks, > but it's better than not having a search path. > > > Trying to set the search path to Domains=ubuntu.com globally in resolved.conf > still breaks ubuntu.com, of course. Out of curiosity, I then put this in > resolved.conf: > > Domains=uni-konstanz.de inf.uni-konstanz.de disy.inf.uni-konstanz.de > ubuntu.com > > This works for the domains listed in the interface, honoring the search > path and correctly resolving both short (git) and long (git.uni- > konstanz.de) domains. But it breaks resolution completely for ubuntu.com > and subdomains. > > So: Does systemd-resolved need to have a network interface "associated" > with each search domain?? This is very much not how DNS works but it's a > boundary case that might be easy to get wrong. > > (This is all on the 17.10 VM, and with resolved.conf empty apart from > [Resolve] and the Domains= line, where mentioned.) >
If there is per-interface configuration available resolved will use that, and it is preferred mode of operation. Anything else is ambiguous. This is to support split-dns situations such that company.internal.vpn on a a VPN interface can have Domains specified and thus not leak VPN-intended queries to the general intenet / gateway nameserver. I'm still struggling to comprehend the obsession of adding "ubuntu.com" in your examples. Please stop doing that. This is not a domain you control, and not something one should be trying to override, as that carries risk of failing to resolve or miss-resolve domain names used for updates. If DHCP is not providing you the correct domains all clients should be using on a given connection -> please fix your DHCP server config. If that is not possilbe -> you can fix that up locally on per-connection basis. Lease ubuntu.com alone. Can you describe in general terms, what network configuration exists, and how is it broken by default when artful is used as a DHCP client? It is intentional that DHCP server is not providing the correct search domains? Why are you overriding them on each client? Why are you trying to override resolution of ubuntu.com domains? It is intentional that one has to maintain correct per-link configuration. This used to happen with resolvconf, as each dhcp v4 and v6 configs were kept separately internally, and were correctly removed each time a lease/link was lost. Now in addition to keeping track of which nameserver belogs to which link, we also only send queries to the right nameservers and matching domains by default. This improves security and privacy. https://www.freedesktop.org/software/systemd/man/systemd.network.html#UseDomains= for more information on a tri-state option for this, in Ubuntu this option is set to 'true' by default. -- Regards, Dimitri. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1714803 Title: Search list in resolv.conf breaks resolving for that domain To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1714803/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
