~alpine/users

1

DNS lookup resolve order

Paweł Szafer <pszafer@gmail.com>
Details
Message ID
<CAJrMv70PmM3okhF-nDF6vwnJ4Cb8qHPqfgKxw_724H2yfV_NXQ@mail.gmail.com>
DKIM signature
missing
Download raw message
Hello,

In network we have 2 dns servers.

   - pfsense unbound / dns resolver - 10.1.0.1
   - Windows Server DC1 - 10.1.0.8

Alpine IP - 10.1.0.14
resolv.conf file on Alpine looks like this:

search domain.local
nameserver 10.1.0.1
nameserver 10.1.0.8


DC1 is used for Windows clients and pfsense dhcp leases are registered in
dns resolver.
*This setup works on every linux distro so far except Alpine.*

Anyway I want to resolve hostname01.domain.local, which is registered only
in 10.1.0.1

No. Time Source Destination Protocol Length Info

1 0.000000 10.1.0.14 10.1.0.1 DNS 97 Standard query 0x9956 A
hostname01.domain.local
2 0.000041 10.1.0.14 10.1.0.8 DNS 97 Standard query 0x9956 A
hostname01.domain.local
3 0.000072 10.1.0.14 10.1.0.1 DNS 97 Standard query 0x9a84 AAAA
hostname01.domain.local
4 0.000088 10.1.0.14 10.1.0.8 DNS 97 Standard query 0x9a84 AAAA
hostname01.domain.local
5 0.000483 10.1.0.1 10.1.0.14 DNS 97 Standard query response 0x9a84 AAAA
hostname01.domain.local
6 0.000487 10.1.0.1 10.1.0.14 DNS 113 Standard query response 0x9956 A
hostname01.domain.local A 10.18.0.13
7 0.000699 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0x9956 No
such name A hostname01.domain.local SOA dc1.domain.local
8 0.000740 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0x9a84 No
such name AAAA hostname01.domain.local SOA dc1.domain.local

#Second attempt

9 0.163182 10.1.0.14 10.1.0.1 DNS 97 Standard query 0xb19a A
hostname01.domain.local
10 0.163221 10.1.0.14 10.1.0.8 DNS 97 Standard query 0xb19a A
hostname01.domain.local
11 0.163242 10.1.0.14 10.1.0.1 DNS 97 Standard query 0xb2cf AAAA
hostname01.domain.local
12 0.163263 10.1.0.14 10.1.0.8 DNS 97 Standard query 0xb2cf AAAA
hostname01.domain.local
13 0.163568 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0xb2cf No
such name AAAA hostname01.domain.local SOA dc1.domain.local
14 0.163573 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0xb19a No
such name A hostname01.domain.local SOA dc1.domain.local
15 0.163634 10.1.0.1 10.1.0.14 DNS 113 Standard query response 0xb19a A
hostname01.domain.local A 10.18.0.13
16 0.163639 10.1.0.1 10.1.0.14 DNS 97 Standard query response 0xb2cf AAAA
hostname01.domain.local


My question is - why response "No such name A ..... SOA ..." is more
important than response with IP?

-----
Best regards,
Paweł Szafer
Marco Dickert <marco@misterunknown.de>
Details
Message ID
<20200219161902.GA20058@marco.themis.pinknet.de>
In-Reply-To
<CAJrMv70PmM3okhF-nDF6vwnJ4Cb8qHPqfgKxw_724H2yfV_NXQ@mail.gmail.com> (view parent)
DKIM signature
missing
Download raw message
You shouldn't rely on multiple different dns servers in the resolv.conf
for "split dns". This is not how it's intended to work, even if glibc
linux systems follow the "expected" workflow of asking them
round-robin-wise (normally).

There was a thread some time ago regarding the systemd-resolved
implementation, which was quite interesting [1]. Also the musl libc
developer, Rich Felker, commented on this issue [2] and why you should
avoid such a setup.

Instead you should use equivalent nameservers with zone forwarding,
if necessary [3].

[1] https://github.com/systemd/systemd/issues/5755
[2] https://www.openwall.com/lists/musl/2015/09/15/2
[2] https://docs.netgate.com/tnsr/en/latest/dns/fwd-zone.html

On 2020-02-19 10:40:45, Paweł Szafer wrote:
> In network we have 2 dns servers.
> 
>    - pfsense unbound / dns resolver - 10.1.0.1
>    - Windows Server DC1 - 10.1.0.8
> 
> Alpine IP - 10.1.0.14
> resolv.conf file on Alpine looks like this:
> 
> search domain.local
> nameserver 10.1.0.1
> nameserver 10.1.0.8
> 
> 
> DC1 is used for Windows clients and pfsense dhcp leases are registered in
> dns resolver.
> *This setup works on every linux distro so far except Alpine.*
> 
> Anyway I want to resolve hostname01.domain.local, which is registered only
> in 10.1.0.1
> 
> No. Time Source Destination Protocol Length Info
> 
> 1 0.000000 10.1.0.14 10.1.0.1 DNS 97 Standard query 0x9956 A
> hostname01.domain.local
> 2 0.000041 10.1.0.14 10.1.0.8 DNS 97 Standard query 0x9956 A
> hostname01.domain.local
> 3 0.000072 10.1.0.14 10.1.0.1 DNS 97 Standard query 0x9a84 AAAA
> hostname01.domain.local
> 4 0.000088 10.1.0.14 10.1.0.8 DNS 97 Standard query 0x9a84 AAAA
> hostname01.domain.local
> 5 0.000483 10.1.0.1 10.1.0.14 DNS 97 Standard query response 0x9a84 AAAA
> hostname01.domain.local
> 6 0.000487 10.1.0.1 10.1.0.14 DNS 113 Standard query response 0x9956 A
> hostname01.domain.local A 10.18.0.13
> 7 0.000699 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0x9956 No
> such name A hostname01.domain.local SOA dc1.domain.local
> 8 0.000740 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0x9a84 No
> such name AAAA hostname01.domain.local SOA dc1.domain.local
> 
> #Second attempt
> 
> 9 0.163182 10.1.0.14 10.1.0.1 DNS 97 Standard query 0xb19a A
> hostname01.domain.local
> 10 0.163221 10.1.0.14 10.1.0.8 DNS 97 Standard query 0xb19a A
> hostname01.domain.local
> 11 0.163242 10.1.0.14 10.1.0.1 DNS 97 Standard query 0xb2cf AAAA
> hostname01.domain.local
> 12 0.163263 10.1.0.14 10.1.0.8 DNS 97 Standard query 0xb2cf AAAA
> hostname01.domain.local
> 13 0.163568 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0xb2cf No
> such name AAAA hostname01.domain.local SOA dc1.domain.local
> 14 0.163573 10.1.0.8 10.1.0.14 DNS 169 Standard query response 0xb19a No
> such name A hostname01.domain.local SOA dc1.domain.local
> 15 0.163634 10.1.0.1 10.1.0.14 DNS 113 Standard query response 0xb19a A
> hostname01.domain.local A 10.18.0.13
> 16 0.163639 10.1.0.1 10.1.0.14 DNS 97 Standard query response 0xb2cf AAAA
> hostname01.domain.local
> 
> 
> My question is - why response "No such name A ..... SOA ..." is more
> important than response with IP?
> 
> -----
> Best regards,
> Paweł Szafer

-- 
Marco Dickert
marco@misterunknown.de
https://misterunknown.de
Reply to thread Export thread (mbox)