network icon indicating copy to clipboard operation
network copied to clipboard

Published 20 hours ago verified publisher icon linux-system-roles

Support for systemd-resolved?

Open Hoeze opened this issue 3 years ago • 3 comments

Hi, is there support for systemd-resolved?

We are using FreeIPA DNS with mutliple replicates. However, when the primary server goes offline, DNS is awfully slow.

systemd-resolved is able to remember currently working DNS servers. Therefore, we'd like to use it in conjunction with NetworkManager.

Hoeze avatar Mar 18 '21 20:03 Hoeze

On your system you need to setup the various parts of DNS to work together. For example, to enable and use systemd-resolved, you possibly need:

  • update nsswitch.conf to use "resolve"
  • symlink /etc/resolv.conf to one of the well-known systemd-resolved files (see man systemd-resolved).
  • possibly tell NetworkManager to use systemd-resolved (via "dns" and "rc-manager" setting in man NetworkManager.conf). But if you setup the symlink, that gets detected automatically
  • enable and run systemd-resolved.

Here I don't mean that you need to configure a certain DNS nameserver or search domain. For that you can use the network role and NetworkManager already. I mean, you first need to configure the underlying parts how name resolution works in principle and to use systemd-resolved.

The network roles does not configure your system in that regard (yet). And it seems out of scope. What exactly would you expect the network role to do here?

thom311 avatar Mar 19 '21 06:03 thom311

Thanks for your answer @thom311. On Centos 8, I set dns=systemd-resolved inside NetworkManager.conf and I got the expected "nameserver 127.0.0.53" in the resolv.conf. DNS resolution still works.

If this is all what is required to enable systemd-resolved it would be nice to have a variable like dns_provider: systemd-resolved that is recognized during the NetworkManager configuration.

Hoeze avatar Mar 23 '21 19:03 Hoeze

On Centos 8, I set dns=systemd-resolved inside NetworkManager.conf and I got the expected "nameserver 127.0.0.53" in the resolv.conf. DNS resolution still works.

Yes, you can do that, and that may be a sensible configuration.

but I think it's better to symlink /etc/resolv.conf to one of the well-known files like /run/systemd/resolve/stub-resolv.conf (read man systemd-resolved). If you do that, then you don't need any dns= or rc-manager= configuration in NetworkManager.conf, because by default NetworkManager would look at /etc/resolv.conf and automatically understand to use systemd-resolved.

All you need after changing that is systemctl reload NetworkManager.service.

So, to enable systemd-resolved via ansible you could do a few things:

  • call ln -snf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
  • call systemctl enable --now systemd-resolved.service
  • call systemctl reload NetworkManager.service.
  • I guess you also need to configure /etc/nsswitch.conf somehow to use resolve. What the desired setting should be, depends on your preferences, which makes it hard to have a simple dns_provider: systemd-resolved.

The role could provide something like dns_provider. But there are so many options what a user might want to do, that it seems hard to provide a sensible API of what is configurable. But yeah, maybe a nice feature!! Patches welcome :)

thom311 avatar Mar 24 '21 06:03 thom311

This issue seems to be stale and is a duplicate of the issue https://github.com/linux-system-roles/network/issues/622, let us close it.

liangwen12year avatar Jul 13 '23 19:07 liangwen12year