[dns-operations] which breakage is this? FreeBSD.org / systemd-resolved
Jeroen Massar
jeroen at massar.ch
Fri Oct 30 10:19:37 UTC 2020
> On 20201030, at 05:29, Paul Vixie <paul at redbarn.org> wrote:
>
> On Thu, Oct 29, 2020 at 09:43:28PM -0400, Viktor Dukhovni wrote:
>> On Thu, Oct 29, 2020 at 09:21:56PM -0400, Phil Pennock wrote:
>>> ...
>>> systemd-resolved is on 127.0.0.53 as a host-local resolver, so the
>>> details of transport to it are pretty irrelevant: this is systemd
>>> rejecting answers which two other implementations of validating
>>> resolvers, on the local network, accept just fine.
>>
>> There are many such defects in systemd-resolved, get in line...
>
> systemd is pretty configurable. there should be some way to turn this
> DNS-like but not-actually-DNS listener off, and then either run a real
> DNS listener (unbound, bind9, powerdns, knot, etc) there. bind9 in
> particular will do the right thing even with /dev/null as a config file,
> but that may be true of some of the others also.
>
> several of my vm's are suse linux, which has systemd, so i'd be very
> thankful to anyone with a HOWTO or URI on getting systemd out of my
> DNS resolution path. yes, i manage the resolv.conf files, but the
> risk of some local client ignoring that and sending to 0.0.0.0:53
> and thus talking to systemd-resolved is too high
Disabling the service will likely do the trick:
https://www.ctrl.blog/entry/resolvconf-tutorial.html
systemctl disable --now systemd-resolved.service
But as per https://manpages.debian.org/stretch/systemd/systemd-resolved.service.8.en.html
seems systemd really wants to lock tools into their thing, as they even have a special API over dbus for doing this.
funnily that mentions "for example, properly returns DNSSEC validation status" :)
bye bye getaddrinfo, thou art not welcome anymore...
Greets,
Jeroen
More information about the dns-operations
mailing list