Received: from mail.pinknet.de (themis.pinknet.de [5.9.106.70]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id A1AC078105B for ; Wed, 19 Feb 2020 16:19:06 +0000 (UTC) Received: from marco.themis.pinknet.de (marco.pinknet.de [IPv6:2a01:4f8:162:4246:ec0e:67ff:fede:74fc]) by mail.pinknet.de (Postfix) with ESMTPSA id C533422562; Wed, 19 Feb 2020 17:19:05 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=misterunknown.de; s=dkim; t=1582129145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=CqhnTG1DZpamNMWb2h2Q0FOCdZzcmWMNyVvKBhgD7IY=; b=D38e/U/c6H+OA0bH/O/B1d3ItXBHtbEyZzO3y7GbQhQ8Mq6LtQ5WvOC9iYuuOEvrSVxCww SY5sA9P8JZ7JNo3ZH6I2/CeRL78Ui93QbZiQnybRVRLrPpra0/j69sx7nwDJuA7qr3EIJu xrQL3SH4KHaDfMhO+P/39f69jqY22+1PXuGpmnFVTvmJGdrzPJR7PtnertHj1H/xe8hyp8 6NrYXMRhOerTm2dhwTS0xIsyzcP6OPCPbmbldRTW7Ze1cRb2MtC06UiTeitZly20W6La9C QHJu6ZrIlRWvqnhxXO4EDInvHiYNhykRKs6trwWNj6zDEH6+KGZIErpow20PkQ== Date: Wed, 19 Feb 2020 17:19:02 +0100 From: Marco Dickert To: =?utf-8?B?UGF3ZcWC?= Szafer Cc: alpine-user@lists.alpinelinux.org Subject: Re: DNS lookup resolve order Message-ID: <20200219161902.GA20058@marco.themis.pinknet.de> References: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha-256; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: X-Promo: mutt is the best email client in the world. --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable You shouldn't rely on multiple different dns servers in the resolv.conf for "split dns". This is not how it's intended to work, even if glibc linux systems follow the "expected" workflow of asking them round-robin-wise (normally). There was a thread some time ago regarding the systemd-resolved implementation, which was quite interesting [1]. Also the musl libc developer, Rich Felker, commented on this issue [2] and why you should avoid such a setup. Instead you should use equivalent nameservers with zone forwarding, if necessary [3]. [1] https://github.com/systemd/systemd/issues/5755 [2] https://www.openwall.com/lists/musl/2015/09/15/2 [2] https://docs.netgate.com/tnsr/en/latest/dns/fwd-zone.html On 2020-02-19 10:40:45, Pawe=C5=82 Szafer wrote: > In network we have 2 dns servers. >=20 > - pfsense unbound / dns resolver - 10.1.0.1 > - Windows Server DC1 - 10.1.0.8 >=20 > Alpine IP - 10.1.0.14 > resolv.conf file on Alpine looks like this: >=20 > search domain.local > nameserver 10.1.0.1 > nameserver 10.1.0.8 >=20 >=20 > DC1 is used for Windows clients and pfsense dhcp leases are registered in > dns resolver. > *This setup works on every linux distro so far except Alpine.* >=20 > Anyway I want to resolve hostname01.domain.local, which is registered only > in 10.1.0.1 >=20 > No. Time Source Destination Protocol Length Info >=20 > 1 0.000000 10.1.0.14 10.1.0.1 DNS 97 Standard query 0x9956 A > hostname01.domain.local > 2 0.000041 10.1.0.14 10.1.0.8 DNS 97 Standard query 0x9956 A > hostname01.domain.local > 3 0.000072 10.1.0.14 10.1.0.1 DNS 97 Standard query 0x9a84 AAAA > hostname01.domain.local > 4 0.000088 10.1.0.14 10.1.0.8 DNS 97 Standard query 0x9a84 AAAA > hostname01.domain.local > 5 0.000483 10.1.0.1 10.1.0.14 DNS 97 Standard query response 0x9a84 AAAA > hostname01.domain.local > 6 0.000487 10.1.0.1 10.1.0.14 DNS 113 Standard query response 0x9956 A > hostname01.domain.local A 10.18.0.13 > 7 0.000699 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0x9956 No > such name A hostname01.domain.local SOA dc1.domain.local > 8 0.000740 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0x9a84 No > such name AAAA hostname01.domain.local SOA dc1.domain.local >=20 > #Second attempt >=20 > 9 0.163182 10.1.0.14 10.1.0.1 DNS 97 Standard query 0xb19a A > hostname01.domain.local > 10 0.163221 10.1.0.14 10.1.0.8 DNS 97 Standard query 0xb19a A > hostname01.domain.local > 11 0.163242 10.1.0.14 10.1.0.1 DNS 97 Standard query 0xb2cf AAAA > hostname01.domain.local > 12 0.163263 10.1.0.14 10.1.0.8 DNS 97 Standard query 0xb2cf AAAA > hostname01.domain.local > 13 0.163568 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0xb2cf No > such name AAAA hostname01.domain.local SOA dc1.domain.local > 14 0.163573 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0xb19a No > such name A hostname01.domain.local SOA dc1.domain.local > 15 0.163634 10.1.0.1 10.1.0.14 DNS 113 Standard query response 0xb19a A > hostname01.domain.local A 10.18.0.13 > 16 0.163639 10.1.0.1 10.1.0.14 DNS 97 Standard query response 0xb2cf AAAA > hostname01.domain.local >=20 >=20 > My question is - why response "No such name A ..... SOA ..." is more > important than response with IP? >=20 > ----- > Best regards, > Pawe=C5=82 Szafer --=20 Marco Dickert marco@misterunknown.de https://misterunknown.de --Kj7319i9nmIyA2yE Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIOKwYJKoZIhvcNAQcCoIIOHDCCDhgCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B BwGgggsxMIIGEDCCA/igAwIBAgIQTZQsENQ74JQJxYEtOisGTzANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBD aXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVz dCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTgxMTAyMDAwMDAwWhcNMzAxMjMx MjM1OTU5WjCBljELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ MA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMT4wPAYDVQQDEzVT ZWN0aWdvIFJTQSBDbGllbnQgQXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMo87ZQKQf/e+Ua56NY75tqSvysQTqoa vIK9viYcKSoq0s2cUIE/bZQu85eoZ9X140qOTKl1HyLTJbazGl6nBEibivHbSuejQkq6uIgy miqvTcTlxZql19szfBxxo0Nm9l79L9S+TZNTEDygNfcXlkHKRhBhVFHdJDfqB6Mfi/Wlda43 zYgo92yZOpCWjj2mz4tudN55/yE1+XvFnz5xsOFbme/SoY9WAa39uJORHtbC0x7C7aYivTox uIkEQXaumf05Vcf4RgHs+Yd+mwSTManRy6XcCFJE6k/LHt3ndD3sA3If/JBz6OX2ZebtQdHn Kav7Azf+bAhudg7PkFOTuRMCAwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh 2JvAnfKyA2bLMB0GA1UdDgQWBBQJwPL8C9qU21/+K9+omULPyeCtADAOBgNVHQ8BAf8EBAMC AYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQw EQYDVR0gBAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRy dXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEF BQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1 c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0 LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAQUR1AKs5whX13o6VbTJxaIwA3RfXehwQOJDI47G9 FzGR87bjgrShfsbMIYdhqpFuSUKzPM1ZVPgNlT+9istp5UQNRsJiD4KLu+E2f102qxxvM3TE oGg65FWM89YN5yFTvSB5PelcLGnCLwRfCX6iLPvGlh9j30lKzcT+mLO1NLGWMeK1w+vnKhav 2VuQVHwpTf64ZNnXUF8p+5JJpGtkUG/XfdJ5jR3YCq8H0OPZkNoVkDQ5CSSF8Co2AOlVEf32 VBXglIrHQ3v9AAS0yPo4Xl1FdXqGFe5TcDQSqXh3TbjugGnG+d9yZX3lB8bwc/Tn2FlIl7tP bDAL4jNdUNA7jGee+tAnTtlZ6bFz+CsWmCIb6j6lDFqkXVsp+3KyLTZGXq6F2nnBtN4t5jO3 ZIj2gpIKHAYNBAWLG2Q2fG7Bt2tPC8BLC9WIM90gbMhAmtMGquITn/2fORdsNmaV3z/sPKuI n8DvdEhmWVfh0fyYeqxGlTw0RfwhBlakdYYrkDmdWC+XszE19GUi8K8plBNKcIvyg2omAdeb rMIHiAHAOiczxX/aS5ABRVrNUDcjfvp4hYbDOO6qHcfzy/uY0fO5ssebmHQREJJA3PpSgdVn LernF6pthJrGkNDPeUI05svqw1o5A2HcNzLOpklhNwZ+4uWYLcAi14ACHuVvJsmzNicwggUZ MIIEAaADAgECAhBFf37PNlXBgGgmp6fvD6f/MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQG EwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgw FgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENsaWVudCBB dXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTE5MDQzMDAwMDAwMFoXDTIw MDQyOTIzNTk1OVowJzElMCMGCSqGSIb3DQEJARYWbWFyY29AbWlzdGVydW5rbm93bi5kZTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5JtC8rwiOJKkIkUvgNBdfZKLgkdYPs 0ZLZDKj3Ipx1LS3XUNbfIEcOxkNQjmu+A2aNRCmF3G4FP8Q2wh+TY2ekVts/33/vO1i0Qsks IuTfKzTzQKLpqbH8NoErMo4zRFAiutnGbbdnKG09wKsd2PKkoJs7ccCAhRhxfjrnEbsZ6D6W WJOVm12b3P+F1SlvCn3YqVUVXGwaOrLuPDnrNkuo3h8+n3pAGBmeybZFAZtksGTvg1P8/XY1 TdSiKVV3Qi3RgMdokYglNeVfAtiFdK5C0YVmN+uceCAG9OvKRZPv0dVzeUqrsAxSrfXD0hkk qxT6QKFMpLBNlP2vFE1uVOUCAwEAAaOCAc8wggHLMB8GA1UdIwQYMBaAFAnA8vwL2pTbX/4r 36iZQs/J4K0AMB0GA1UdDgQWBBQpoCbO67qGuiYGx6tLPZi8unXeqjAOBgNVHQ8BAf8EBAMC BaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDBAYIKwYBBQUHAwIwQAYDVR0g BDkwNzA1BgwrBgEEAbIxAQIBAQEwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNv bS9DUFMwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybC5zZWN0aWdvLmNvbS9TZWN0aWdv UlNBQ2xpZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBigYIKwYBBQUH AQEEfjB8MFUGCCsGAQUFBzAChklodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FD bGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCMGCCsGAQUFBzABhhdo dHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAhBgNVHREEGjAYgRZtYXJjb0BtaXN0ZXJ1bmtub3du LmRlMA0GCSqGSIb3DQEBCwUAA4IBAQBkB+jN4l6f67IhQG7YZvUEbuwLboKuDt5muUg1zzZb bpzS0eDST35ZhRDLgvbHghTi3u5Jxy9WNMRtxsn8uAbRvG7IxHduUqIlQpEGUu8WGgHrXEpq Riw4Oj2ZUX8/oIGjL38XZ5MYr/lL9kKRA2DzQL8fe+HY3w9E2ZXHDHfGUmh/02iohHbsjw5W XvfHQZAZZSsMlzrJj86TBSuLcexCV4PFmoMpR4mJlbwFu2lKjG63bU7pY5qryuWsWlc3B3MT //vVoFcchwgtazf7xvirBjrQaWzyGwdmW9D4HdzdZDseMhsPMlE4VIYmnEijHrIQKKq6jrdx uv9wBgDDBK86MYICvjCCAroCAQEwgaswgZYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVh dGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGlt aXRlZDE+MDwGA1UEAxM1U2VjdGlnbyBSU0EgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBT ZWN1cmUgRW1haWwgQ0ECEEV/fs82VcGAaCanp+8Pp/8wDQYJYIZIAWUDBAIBBQCggeQwGAYJ KoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMjE5MTYxOTAyWjAv BgkqhkiG9w0BCQQxIgQgQtld+xRSpuwI4veNw9oEJljILknNcWmJVyi11JAczs4weQYJKoZI hvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggq hkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI hvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEAHZgxrYlf3ZltNgzo+UNDHTiz4XTiB8YxkZHp kgJwrYiMu98nN6Kl1vTJ3v1iaiHsgH4tjzbrcH3/1r1YqXrmLBFWyzDaoi+k9n8BdltCtOCm IBkizj24P83CyUDjQB2c0Y/MA7QNNYOxaq31wAyE8/dhCWTx6RtqK/ZTCGFVcytUuWHftKA1 znSuVyG5YQ3HgLog1qJ0ueom32jZf9tI1PwuTwq0GuTO3eyJdXZrm9uiz+LaioGmVNh973nJ huqF6qXRVdtJmWFx2ZJby7vLPocLxQK5L521kkYR4Rk3rpl9kaaet62nInCQe+YK5oWGIc0l DSkJ7ijs29Ng1UEETg== --Kj7319i9nmIyA2yE--