User Tools

Site Tools


dns

If you want to send us your comments, please do so. Thanks
More on comments


/

DNS

In DNS, a fully qualified domain name (FQDN) includes the hostname and its full domain, such as “example.com.” When a hostname is not fully qualified, the resolver appends search domains to the hostname to attempt to resolve it. The ~. wildcard indicates that the resolver should search all domains for such hostnames

Multicast DNS1)

Setup

Add the IP address of the domain server to /run/systemd/resolve/resolv.conf: nameserver 'IP address'
Example:

nameserver 9.9.9.9

Pre Debian 12 Bookworm

resolvectl is a multi-call binary. When invoked as “resolvconf” (generally achieved by means of a symbolic link of this name to the resolvectl binary)
systemd: resolvectl is not active by default
Example command: resolvectl status

Domains=~.

“Domains=~.” represents a wildcard domain search. When used in the Domains= option within the [Resolve] section of systemd-resolved configuration, ~. signifies that the resolver should search all domains for hostnames that are not fully qualified.
In DNS, a fully qualified domain name (FQDN) includes the hostname and its full domain, such as “example.com.” When a hostname is not fully qualified, the resolver appends search domains to the hostname to attempt to resolve it. The ~. wildcard indicates that the resolver should search all domains for such hostnames.

Clear the DNS cache

Only applicable if a DNS cache is running which is not the case by the default installation of Debian
What is running, on Debian 10, is /etc/init.d/networking. Run /etc/init.d/networking status to see if it is running. Options: force-reload, reload, restart, start, stop
To clear the web browser or router cache, if any, restart the web browser or router.

Lookup programs

NameRemark
bind9-dnsutilsContains: dig, nslookup, nsupdate
digPart of bind9-dnsutils
djbdns-utilsContains: dnsfilter, dnsip, dnsipq, dnsmx, dnsname, dnsq, dnsqr, dnstrace, dnstxt, random-ip
dnsutilsObsolete. Install bind9-dnsutils
hosts
nslookupPart of bind9-dnsutils. Set timeout=t does not work. Use -timeout=t where t is a time in seconds greater then 0. This is not accurate. -timeout=1 takes about 5 seconds if the DNS server is not available. Whereas resolving takes less than a second when the DNS server is available. Some versions of nslookup will always bypass any local caches and will instead read /etc/resolv.conf and automatically contact the nameserver(s) found in there directly (unless the command line includes a specific nameserver to query)
pingwill always use the currently configured resolver, which may or may not include a caching feature

Source for some text

Public servers

A full list showing the Netherlands

IPOwnerRemark
1.1.1.1Cloudflare
2.2.2.2France TelecomNo DNS
3.3.3.3Amazon Technologies Inc.No DNS
4.4.4.4Level 3 Parent, LLCNo DNS
5.5.5.5Telefonica Germany GmbH & Co.OHGNo DNS
6.6.6.6Headquarters, USAISC (HEADQU-3)No DNS
7.7.7.7DoD Network Information Center (DNIC)No DNS
8.8.8.8Google
9.9.9.9Quad nine
193.110.81.92)zero.dns0.eu
NextDNS

dnsmasq

Clear the dnsmasq dns cache

 service dnsmasq restart

TXT field

To check the TXT fields of a DNS entry you can do

dig -t txt example.com | grep TXT
nslookup -q=TXT example.com

DNS server

How to configure bind as an authoritative only dns server on ubuntu 14-04
An other possibility: knot

Dynamic DNS setting

  • Driver= (for the driver name of the network interface)
  • Gateway=
  • MACAddress=
  • Name= (for the network interface)
  • Path= (for the path of the network interface's .device unit in the systemd unit hierarchy)

Create files in /etc/systemd/resolved.conf.d, one per location.

Headers of sections can be

  • [Match]
  • [Network]
  • [Resolve] allows you to configure global DNS resolution options, such as the DNS servers to be used by default, the fallback DNS servers, and other related settings

Example to set the DNS server depending on the gateway IP address:

[Match]
Gateway=192.168.1.1
 
[Network]
DNS=9.9.9.9

Restart the DNS service: systemctl restart systemd-resolved.service

[Resolve]
DNS=9.9.9.9
Domains=~.

Slow DNS

Work in progress

/etc/systemd/resolved.conf
/etc/systemd/network/
tcpdump -i wlan0 udp -w udp_traffic.pcap (log UDP traffic on wlan0 to the udp_traffic.pcap file)

/etc/systemd/resolved.conf.d/dns_servers.conf

[Resolve]
DNS=192.168.1.1
Domains=~.
DNSSEC=no

/lib/systemd/system/systemd-resolved.service.d/resolvconf.conf

resolvectl service restart Resolve call failed: All attempts to contact name servers or networks failed

  • Ensure, with dig or nslookup, that the DNS servers configured in the network configuration like files /etc/systemd/resolved.conf are responsive and reliable
  • Check the status of the DNS cache: systemd-resolve --statistics
  • Flush the DNS cache: systemd-resolve --flush-caches
  • Check /etc/network/interfaces
  • Disable DNS Security Extensions (DNSSEC) to check if DNSSEC cause delays in DNS resolution. Add DNSSEC=no under the [Resolve] section in the /etc/network/interfaces file
  • Consider adding fallback DNS servers. Add to the resolved configuration file FallbackDNS= with the IP addresses of additional DNS servers
  • systemctl restart systemd-resolved.service to activate the changes
  • A large number of domains in your search domains list can increase DNS lookup times

Show the gateway the computer is connected to: ip route | grep default
Show all connection details: ip route

default via 10.10.10.1 dev wlan0 
10.10.10.0/22 dev wlan0 proto kernel scope link src 10.10.10.110
  • Check if network-manager is installed
  • Check if /lib/systemd/systemd-resolved is installed
    • Add /lib/systemd to the path of the root user

To get more information from resolved add

[Service]
Environment=SYSTEMD_LOG_LEVEL=debug

to override.conf of systemd-resolved via

systemctl edit systemd-resolved

then open a new terminal window and login as root

journalctl -u systemd-resolved -f

go back to the previous terminal window

systemctl restart systemd-resolved

When done debugging undo the change to override.conf with

systemctl revert systemd-resolved
systemctl restart systemd-resolved
systemctl service-log-level systemd-resolved debug

is not persistent. Results in: “Unknown operation service-log-level”

resolvectl query webevaluation.nl

results in

webevaluation.nl: 46.235.42.123                -- link: wlan0

-- Information acquired via protocol DNS in 180.4ms.
-- Data is authenticated: yes

Checking the loopback interface with

lsof -i @127.0.0.53:53

should result in something like

COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r 7251 systemd-resolve   17u  IPv4 463540      0t0  UDP 127.0.0.53:domain 
systemd-r 7251 systemd-resolve   18u  IPv4 463541      0t0  TCP 127.0.0.53:domain (LISTEN)

Files:

ll /run/systemd/resolve

results in

total 8,0K
-rw-r--r-- 1 systemd-resolve systemd-resolve 708 dec 31 20:26 stub-resolv.conf
-rw-r--r-- 1 systemd-resolve systemd-resolve 584 dec 31 20:26 resolv.conf
resolvectl status

should result in something like

Global
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
  Current DNS Server: 9.9.9.9
         DNS Servers: 9.9.9.9
          DNS Domain: ~.
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 3 (wlan0)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
resolvctl

results in something like

Global
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
  Current DNS Server: 9.9.9.9
         DNS Servers: 9.9.9.9
          DNS Domain: ~.
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 3 (wlan0)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes

Link 2 (eth0)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
resolvectl statistics

should result in something like

DNSSEC supported by current servers: yes

Transactions
Current Transactions: 0
  Total Transactions: 28

Cache
  Current Cache Size: 0
          Cache Hits: 0
        Cache Misses: 32

DNSSEC Verdicts
              Secure: 24
            Insecure: 7
               Bogus: 0
       Indeterminate: 0

Issues

No DNS resolution

Check if /run/systemd/resolve/resolv.conf exists
If not, run aptitude install systemd-resolved and check /run/systemd/resolve/stub-resolv.conf

What is a DNS pointer


Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy

RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2024 Webevaluation.nl and the authors
Changes reserved.

2)
Also 185.253.5.9
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
dns.txt · Last modified: 16-02-2024 17:08 by wim