Monday, 6 June 2016

Re: ANN: DNS resolver changes in yakkety

On Mon, Jun 06, 2016 at 05:41:06PM +0100, Dimitri John Ledkov wrote:
> On 6 June 2016 at 17:27, Stéphane Graber <[email protected]> wrote:
> > On Mon, Jun 06, 2016 at 03:17:51PM +0100, Robie Basak wrote:
> >
> > Unless the above can be fixed somehow, and I very much doubt resolved
> > will grow a DNS server any time soon, the switch to resolved mostly
> > feels like a regression over the existing resolvconf+dnsmasq setup we've
> > got right now and which in my experience at least, has been working
> > pretty well for us.
> >
> I have in the past tried to drop all config files from /etc.
> Dropping /etc/nsswitch.conf is trivial. Apart from libc and shadow
> very little else parses that, so that has minimal breakage so things
> that do call into libc end up doing the right thing.
> Droping /etc/resolv.conf is hard, and in essence a bunch of stuff
> parses and uses it, for right and wrong reasons (e.g. even when doing
> shared linking with glibc and having it available).
> In those cases, things do go wrong. If there is no split routing,
> everything is fine and the change is mostly harmless. With split
> routing things will break.
> Ideally I would like to still see specified in resolf.conf,
> and I'll be fine with that being implemented on top systemd-resolvd
> api, I don't think that would be hard, however It seems to me like a
> re-implementation of resolvconf+dnsmasq solution.
> I have heard before that it was requested as desirable to have
> plaintext view of the dns config..... can somebody point out how can I
> get dns info out of current stable resolvconf+dnsmasq? E.g. what are
> my current dns servers, default, per- interface, etc? I guess i'm a
> dnsmasq n00b.

Sending SIGUSR1 will dump the list of servers in syslog.

Jun 6 12:48:09 castiana dnsmasq[3429]: time 1465231689
Jun 6 12:48:09 castiana dnsmasq[3429]: cache size 0, 0/0 cache insertions re-used unexpired cache entries.
Jun 6 12:48:09 castiana dnsmasq[3429]: queries forwarded 188289, queries answered locally 4888
Jun 6 12:48:09 castiana dnsmasq[3429]: queries for authoritative zones 0
Jun 6 12:48:09 castiana dnsmasq[3429]: server 2607:f2c0:f00f:2720:216:3eff:fe19:6f91#53: queries sent 945, retried or failed 0
Jun 6 12:48:09 castiana dnsmasq[3429]: server 2607:f2c0:f00f:2720:216:3eff:fec3:3e8d#53: queries sent 1183, retried or failed 0

This isn't exactly user friendly though.

In the past, "nm-tool" would dump you a nice view of your network
configuration, including DNS servers and VPNs but that went away with NM 1.x.

Looks like the nmcli way of doing it nowadays is:

[email protected]:~# nmcli dev show | grep DNS
IP6.DNS[1]: 2607:f2c0:f00f:2720:216:3eff:fe19:6f91
IP6.DNS[2]: 2607:f2c0:f00f:2720:216:3eff:fec3:3e8d

I'd definitely be in favor of a change to dnsmasq to write and maintain
its current DNS configuration as comments in its resolvconf file. That
way a good old "cat /etc/resolv.conf" would show that is the
DNS server but the actual configuration of that server would be included
above it as nice user-readable comments.

Stéphane Graber
Ubuntu developer