27

I'm currently working on a project that has required some DNS troubleshooting. However I am fairly new to the wonderful world of networking and I'm at a bit of a loss as to where to begin.

My specific problem probably belongs on the Raspberry Pi Stack Exchange, so I'll avoid crossposting. Just looking for information here.

Looking for information, I was lead to the resolv.conf(5) file, resolvconf(8), systemd-resolve(1), and the beast that avahi appears to be.

My Raspberry Pi with Raspbian Buster appears to have avahi-daemon running.

My Ubuntu 18.04.4 LTS has systemd-resolved AND avahi-daemon.

Does resolvconf(8) (man page only on Ubuntu) coordinate the two?

When is /etc/resolv.conf used/ignored?

On Ubuntu:

$ cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN # 127.0.0.53 is the systemd-resolved stub resolver. # run "systemd-resolve --status" to see details about the actual nameservers. nameserver 127.0.0.53 search telus

On Raspbian:

$ cat /etc/resolv.conf # Generated by resolvconf nameserver 192.168.0.1 nameserver 8.8.8.8 nameserver fd51:42f8:caae:d92e::1

Which utilities are responsible for this?

I don't really understand enough jargon to sift through the man pages and differentiate all these, and I'd love an explanation of how their roles are related.

Improve this question

2 Answers 2

Reset to default
29

When you run a command such as ping foobar the system needs to work out how to convert foobar to an ip address.

Typically the first place it looks is /etc/nsswitch.conf.

This might have a line such as:

hosts: files dns mdns4

This tells the lookup routine to first look in "files", which is /etc/hosts. If that doesn't find a match then it will then try to do a DNS lookup. And if we still don't know the answer then it'll try to do a mDNS lookup.

The DNS lookup is where the system then looks at /etc/resolv.conf. This tells it what DNS servers to look at. On my machines I have this auto-configured by DHCP.

% cat /etc/resolv.conf # Generated by NetworkManager search mydomain nameserver 10.0.0.1 nameserver 10.0.0.10

How resolv.conf is built can change, depending on the operating system, what optional components you got, other configuration entries, boot sequence... In your case, on Ubuntu, you're running the systemd programs that configure this file to point to your local systemd-resolved and that will know how to talk to the real DNS servers.

On my primary servers, which have static IP addresses and no systemd-resolved, I manually edit this file.

Finally mdns4 tells the routines to try asking avahi-daemon if it knows the name.

You can change the rules. eg if /etc/nsswitch.conf just said:

hosts: files

then only the local /etc/hosts file is used.

Other entries are possible; eg ldap would make it do an LDAP lookup.

Improve this answer
3
  • 6
    The /etc/resolv.conf file is just an implementation detail, it is not as essential as this answer implies. The definitive mechanism for applications to do name resolution is via library functions. These functions can make use of resolv.conf or they may not. Depending on how it is configured, systemd-resolved can make use of an existing resolv.conf provided by e.g. resolvconf(8), or it can optionally provide /etc/resolv.conf via a symlink to a systemd-resolved maintained version of the file. See freedesktop.org/software/systemd/man/… Commented Jul 3, 2020 at 4:49
  • 1
    Everything is "implementation detail" if you go deep enough. For example, nsswitch.conf is a libc feature and alternate libc libraries need follow this. I described how glibc and the attendent NSS libraries work. Ubuntu and Debian, out of box, do as I describe. Commented Jul 3, 2020 at 11:21
  • 9
    @StephenHarris What about resolvconf? Commented Aug 26, 2021 at 6:45
5

The question: "What is the difference between resolvconf, systemd-resolve, and avahi?"
The answer: "As for resolvconf :
In the old days you edited /etc/resolv.conf manually. Now often some programs want to edit this file. We will have conflict. So there is another way - these programs send dns changes to resolvconf utility and it changes /etc/resolv.conf A program sends dns change to resolvocnf. resolvconf saves the change in its so called database(actually it is files inside /run/resolvonf/...) then resolvoconf analyzes the list of all dns servers it has in database and write to /etc/resolv.conf up to 3 dns servers. It selects dns servers for writing using the following algorythm: suppose we have lo interface, enp0s3 interface, tun0 interface. resolvconf gets dns server ip from a program and analyzes which network interface is needed to reach this dns. For instance we send 1.1.1.1 to resolvconf. It finds out 1.1.1.1 is reachable via enp0s3 and it writes 1.1.1.1 in file "

# cat /run/resolvconf/interface/enp0s3.inet nameserver 1.1.1.1

Next we pass 127.0.0.34 to resolvoconf, it finds out 127.0.0.34 is reachable via lo interface, resolvconf writes the info in its database

# cat /run/resolvconf/interface/lo.dnsmasq nameserver 127.0.0.1

Suppose we have finally the following database:

 # cat /run/resolvconf/interface/enp0s3.inet nameserver 1.1.1.1 nameserver 2.2.2.2 # cat /run/resolvconf/interface/lo.dnsmasq nameserver 127.0.0.1 # cat /run/resolvconf/interface/tun0.inet nameserver 192.168.1.10 nameserver 192.168.1.11

The next step resolconf have a file "interface-order" that ranks the interfaces:

lo.* tun*.* ... ...

So resolvconf will take the dns server from "lo" file, after that it will take dns server from "tun" file until it gets 3 nameservers and write them to /etc/resolv.conf
So /etc/resolv.conf will look like

nameserver 127.0.0.1 nameserver 192.168.1.10 nameserver 192.168.1.11

Also, when we push some new dns server to resolvconf it not only modifies /etc/resolv.conf it also pushes dns changes inside some programs as well.
For instance it pushes dns changes to dnsmasq. To be specific it changes the file /run/dnsmasq/resolv.conf
The funny thing is there are multiple "resolvconf" packages: resolvconf, openresolve etc.

As for systemd-resolve:
It is the client for server systemd-resolved. Now systemd-resolve is replaced by resolvectl. systemd-resolved is dns resolver ans dns caching server.

As for avahi:
avahi is mDNS and DNS-SD daemon
Id like to talk about mDNS. When we have LAN and want to make name resolution (convert dns names to ip) without dedicated dns server - in this case we can use mDNS. avahi (mDNS) lets us to resolve domain names ".local" to ip inside LAN . mDNS is based on multicast traffic. So avahi is about resolving domain names ".local" inside LAN. It's useless for dns resolution for servers in the Internet.
When you have avahi daemon on the host and the host name is johndo the you can successfully ping

 # ping johndo.local

Suppose your raspberry has "rasp" hostname and your ubuntu host has "ub1" hostname. The following ping should work

 # ping rasp.local # ping ub1.local

The resolving works via avahi.

The question: "Which utilities are responsible for this?"
The answer: " resolvonf package is installed on both hosts. It generates /etc/resolv.conf"

avahi daemon on both hosts is sufficient to make dns resolution between hosts inside LAN. If you need to make dns resolution of servers from Internet you need to use smth in addition. systemd-resolved installed on Ubuntu host can make such resolution however you can use some other dns resolver like dnsmasq or built-in in linux "glibc dns resolver".

As for the post of first answer, id like to add some tips.
When we use some program or utility that works with network we often put as an argument dns name of server in it. for instance

 $ ping -c1 g.com

the program like ping treats the argument as dns server name. to make connection to the server dns name is not suitables. we need ip address instead. The ping needs to make some way the conversion from dns name to ip. In linux there is NSS subsystem\api \ glibc library whatever. If the program uses NSS it passes dns name to NSS. That is - the program uses some NSS function to make dns resolving. NSS function abstracts how actually dns resolving is made. NSS has nsswitch.conf file, inside we have the line like this.

hosts: resolve files myhostname dns

The line sepcifies how actually dns request is performed via NSS. resolve, files, myhostname, dns - are NSS plugins, they all are shared libraries

# find /usr/lib/ -type f -name "libnss*.so*" /usr/lib/libnss_winbind.so.2 /usr/lib/libnss_wins.so.2 /usr/lib/samba/libnss-info-private-samba.so /usr/lib/libnss_mdns_minimal.so.2 /usr/lib/libnssutil3.so /usr/lib/libnsssysinit.so /usr/lib/libnss3.so /usr/lib/libnss_mdns6_minimal.so.2 /usr/lib/libnss_mymachines.so.2 /usr/lib/libnss_myhostname.so.2 /usr/lib/libnss_systemd.so.2 /usr/lib/libnss_resolve.so.2 /usr/lib/libnss_mdns6.so.2 /usr/lib/libnss_mdns4_minimal.so.2 /usr/lib/libnss_dns.so.2 /usr/lib/libnss_db.so.2 /usr/lib/libnss_files.so.2 /usr/lib/libnss_hesiod.so.2 /usr/lib/libnss_mdns.so.2 /usr/lib/libnss_mdns4.so.2 /usr/lib/libnss_compat.so.2

when NSS subsystem processes dns request it executes these plugins one by one untul the request is successfully resolved or plugins are exhausted Each plugin works in its way. Plugin "files" searches dns names inside a file /etc/hosts (man man nsswitch.conf). Plugin "dns" is built-in dns resolver. it reads its configuration from /etc/resolv.conf , in particular it reads uplink dns servers from this file. dns plugin makes requests to uplink servers to resolve our dns request. Plugin "resolve" forward the request to systemd-resolved daemon. Plugin "mdns4" is used to resolve mDNS domains "*.local", the plugin forwards the request to avahi daemon (according the docs)

So every plugin tries to accomplish initial dns request in its own way. NSS tries to resolve dns request invoking every plugin one-by-one from left to right until it succeeds.

I'd like to point out that the program might use NSS but also might NOT use NSS. For instance "dig" do NOT use NSS. In this case settings in nsswitch.conf do not make any influence. dig just reads /etc/resolv.conf and tries to make dns request by itself to uplink dns server specified in /etc/resolv.conf Another example. resolvectl do not use NSS and do not read /etc/resolv.conf, it forwards the request to systemd-resolved daemon and just waits the answer.
Another example getent uses NSS. Another example ping and curl use NSS. How to determine if the program uses NSS - they all open nsswitch.conf in this case.

# strace -e openat ping -4 -c1 google.com 2>&1 | grep nssw openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 4

Generally i'd like to underline that a user program for dns resolving might use NSS subsystem, but also might not.

By the way systemd-resolved also can work as mDNS client+server, i didnt test but i suspect that mdns4 can work not only with avahi but systemd-resolved.

As for /etc/resolv.conf ,a dns resolver(one of many) may read the file for configuration , but also may not. It depends on particular dns resolver. For instance systemd-resolved do not use /etc/resolv.conf for configuration (inspite the docs say it does). dnsmask does not read /etc/resolv.conf

Hope it helps

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.