Ping resolves internal DNS entries with external IP’s. Nslookup works fine.
Ping resolves internal DNS entries with external IP’s:
C:\Windows\system32>ping atlas-c01
Pinging atlas-c01.nix.mds.xyz [3.64.163.50] with 32 bytes of data:
Control-C
^C
C:\Windows\system32>ping atlas-c01
Pinging atlas-c01.nix.mds.xyz [3.64.163.50] with 32 bytes of data:
Control-C
^C
C:\Windows\system32>
Nslookup works great:
C:\Windows\system32>nslookup atlas-c01.nix.mds.xyz
Server: dns.mds.xyz
Address: 192.168.0.224
Non-authoritative answer:
Name: atlas-c01.nix.mds.xyz
Address: 10.0.0.77
C:\Windows\system32>
Even from a locally installed Ubuntu server, resolution returns external IP addresses:
root@g73sw01:~# ping atlas-c01
PING atlas-c01.mds.xyz (3.64.163.50) 56(84) bytes of data.
From _gateway (192.168.0.1) icmp_seq=1 Redirect Network(New nexthop: _gateway (192.168.0.6))
The Linux box is surprising since normally, it should get the IP and DNS from the netplan:
root@g73sw01:~# cat /etc/netplan/01-network-manager-all.yaml
# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
ethernets:
enp5s0:
dhcp4: no
addresses: [192.168.0.15/24]
gateway4: 192.168.0.1
nameservers:
addresses: [192.168.0.224,192.168.0.46,192.168.0.51]
root@g73sw01:~#
Still, /etc/resolv.conf has the localhost IP as the nameserver, regardless what netplan has:
root@g73sw01:~# grep -v "#" /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search mds.xyz
root@g73sw01:~#
And there is a DNS server running on the Ubuntu new install:
root@g73sw01:~# netstat -pnltu|grep -Ei 53
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 1750/systemd-resolv
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1801/avahi-daemon:
udp 0 0 127.0.0.53:53 0.0.0.0:* 1750/systemd-resolv
udp6 0 0 :::5353 :::* 1801/avahi-daemon:
root@g73sw01:~#
Turns out that the local DNS resolver service is running on Ubuntu resolving local domain’s with external IP’s. Turning this off:
root@g73sw01:~# systemctl status systemd-resolved
? systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Sun 2023-11-19 18:30:48 EST; 2s ago
Docs: man:systemd-resolved.service(8)
man:org.freedesktop.resolve1(5)
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Process: 1750 ExecStart=/lib/systemd/systemd-resolved (code=exited, status=0/SUCCESS)
Main PID: 1750 (code=exited, status=0/SUCCESS)
Status: "Shutting down..."
CPU: 8.759s
Nov 19 17:23:24 g73sw01.nix.mds.xyz systemd-resolved[1750]: Grace period over, resuming full feature set (UDP>
Nov 19 17:24:05 g73sw01.nix.mds.xyz systemd-resolved[1750]: Using degraded feature set TCP instead of UDP for>
Nov 19 17:27:25 g73sw01.nix.mds.xyz systemd-resolved[1750]: Using degraded feature set UDP instead of TCP for>
Nov 19 17:33:04 g73sw01.nix.mds.xyz systemd-resolved[1750]: Using degraded feature set UDP instead of UDP+EDN>
Nov 19 17:38:19 g73sw01.nix.mds.xyz systemd-resolved[1750]: Using degraded feature set TCP instead of UDP for>
Nov 19 18:03:09 g73sw01.nix.mds.xyz systemd-resolved[1750]: Using degraded feature set TCP instead of UDP for>
Nov 19 18:30:48 g73sw01.nix.mds.xyz systemd[1]: Stopping Network Name Resolution...
Nov 19 18:30:48 g73sw01.nix.mds.xyz systemd[1]: systemd-resolved.service: Deactivated successfully.
Nov 19 18:30:48 g73sw01.nix.mds.xyz systemd[1]: Stopped Network Name Resolution.
Nov 19 18:30:48 g73sw01.nix.mds.xyz systemd[1]: systemd-resolved.service: Consumed 8.759s CPU time.
root@g73sw01:~#
resolves the issue:
C:\Windows\system32>ping atlas-c01.nix.mds.xyz
Pinging atlas-c01.nix.mds.xyz [10.0.0.77] with 32 bytes of data:
Control-C
^C
C:\Windows\system32>ping atlas-c01.nix.mds.xyz
digging in further to find out how this is configured. In this case we want to disable the resolution entirely, so the Ubuntu server doesn’t act as a DNS for the rest of the network:
root@g73sw01:~# grep -v "#" /etc/systemd/resolved.conf
[Resolve]
root@g73sw01:~#
root@g73sw01:~# systemctl disable systemd-resolved
Removed /etc/systemd/system/dbus-org.freedesktop.resolve1.service.
Removed /etc/systemd/system/multi-user.target.wants/systemd-resolved.service.
root@g73sw01:~# systemctl disable systemd-resolved
root@g73sw01:~#
root@g73sw01:~# grep -v "#" /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search mds.xyz
root@g73sw01:~#
On Ubuntu, /etc/resolv.conf is managed by the above mentioned service, so we need to install another to edit the resolv.conf entries:
/etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
apt install resolvconf
systemctl status resolvconf
Next edit the following file:
/etc/resolvconf/resolv.conf.d/head
And add the name servers for your network. For example:
root@g73sw01:~# grep -v "#" /etc/resolvconf/resolv.conf.d/head
nameserver 192.168.0.224
nameserver 192.168.0.46
nameserver 192.168.0.51
root@g73sw01:~#
In this case we want to only enable the following service:
systemctl restart resolvconf
and do not wish to have our Ubuntu server resolve for the rest of the network. So the following service will remain disabled:
systemctl disabled systemd-resolved
However, in other environments, as needed, the service can now be reenabled. But that was not the case here it appears. Had to enable both services:
root@g73sw01:~# vi /etc/resolv.conf
root@g73sw01:~# vi /etc/resolvconf/resolv.conf.d/head
root@g73sw01:~#
root@g73sw01:~#
root@g73sw01:~#
root@g73sw01:~# systemctl restart systemd-resolved resolvconf
root@g73sw01:~# grep -v "#" /etc/resolvconf/resolv.conf.d/head
nameserver 192.168.0.224
nameserver 192.168.0.46
nameserver 192.168.0.51
domain nix.mds.xyz
search mds.xyz nix.mds.xyz mws.mds.xyz
root@g73sw01:~# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.
nameserver 192.168.0.224
nameserver 192.168.0.46
nameserver 192.168.0.51
nameserver 127.0.0.53
search nix.mds.xyz mds.xyz mws.mds.xyz
root@g73sw01:~#
Yet this didn’t work either. Finally, disabling the Ubuntu service altogether resolved it:
root@g73sw01:~# grep -v "#" /etc/resolv.conf
nameserver 192.168.0.224
nameserver 192.168.0.46
nameserver 192.168.0.51
search nix.mds.xyz mds.xyz mws.mds.xyz
root@g73sw01:~# systemctl disable systemd-resolved resolvconf
Synchronizing state of resolvconf.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable resolvconf
root@g73sw01:~#
Summary
What did work, is removing the resolvconf package and simply updating the DNS entries with nmcli (NetworkManager) commands like this:
# nmcli con add type ethernet con-name ens160 ifname ens160 ipv4.addresses 192.168.0.30/24 ipv4.gateway 192.168.0.1 ipv4.dns “192.168.0.46 192.168.0.51 192.168.0.224” ipv4.method manual ipv4.dns-search “mds.xyz nix.mds.xyz mws.mds.xyz”
Followed by:
nmcli c s ens160
nmcli c u ens160
ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
unlink /etc/resolv.conf
The summary of the above commands, namely the following that did not work:
apt install resolvconf
systemctl enable resolvconf
systemctl start resolvconf
Disable the previous service:
systemctl stop systemd-resolved
systemctl disable systemd-resolved
Add DNS entries to:
/etc/resolvconf/resolv.conf.d/head
Regenerate the entries using:
sudo resolvconf -u
Problem Solved!
Cheers,
