#1 Le 25/03/2019, à 13:18
- maxire
/etc/resolv.conf : présence inexpliquée de l'option edns0
Salut,
Tout est dans le titre, je viens de m'apercevoir de la présence de l'option edns0 dans /etc/resolv.conf et je ne comprends pas pourquoi.
Je ne trouve pas d'explication dans les configurations de NetworkManager et systemd-resolved utilisé comme cache dns.
Si quelqu'un a une explication je suis preneur.
bionic@k72f-J48-ubgnome:~$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
search home
bionic@k72f-J48-ubgnome:~$Informations système :
bionic@k72f-J48-ubgnome:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.2 LTS
Release: 18.04
Codename: bionic
bionic@k72f-J48-ubgnome:bionic@k72f-J48-ubgnome:~$ NetworkManager --version
1.10.6
bionic@k72f-J48-ubgnome:~$bionic@k72f-J48-ubgnome:~$ systemd-resolve --version
systemd 237
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid
bionic@k72f-J48-ubgnome:~$bionic@k72f-J48-ubgnome:~$ systemd-resolve --status
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (wls1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: yes
DNSSEC supported: yes
DNS Servers: 192.168.1.1
DNS Domain: home
Link 2 (ens5)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: yes
DNSSEC supported: yesbionic@k72f-J48-ubgnome:~$ NetworkManager --print-config
# NetworkManager configuration: /etc/NetworkManager/NetworkManager.conf (lib: 10-dns-resolved.conf, 20-connectivity-ubuntu.conf, no-mac-addr-change.conf) (etc: 10-globally-managed-devices.conf, default-wifi-powersave-on.conf)
[main]
# rc-manager=symlink
# auth-polkit=true
# dhcp=dhclient
dns=systemd-resolved
plugins=ifupdown,keyfile
[connectivity]
uri=http://connectivity-check.ubuntu.com/
[ifupdown]
managed=false
[logging]
# backend=journal
# audit=true
[device]
wifi.scan-rand-mac-address=no
[device-mac-addr-change-wifi]
match-device=driver:rtl8723bs,driver:rtl8189es,driver:r8188eu,driver:8188eu,driver:eagle_sdio,driver:wl
wifi.scan-rand-mac-address=no
wifi.cloned-mac-address=preserve
ethernet.cloned-mac-address=preserve
[connection]
wifi.powersave=3
bionic@k72f-J48-ubgnome:~$Dernière modification par maxire (Le 25/03/2019, à 13:50)
Maxire
Archlinux/Mate + Ubuntu 22.04 + Archlinux/Gnome sur poste de travail
Hors ligne
#2 Le 25/03/2019, à 13:28
- rogn...
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
edns0, est-ce une interface réseau ?
Sinon dans ton /etc/NetworkManager:NetworkManager.conf, si tu supprimes cette ligne
dns=systemd-resolvedque tu supprimes /etc/resolv.conf
et que tu redémarres NetworkManager qui va te récréer un fichier /etc/resolv.conf,
qu'est-ce que cela donne ?
#3 Le 25/03/2019, à 13:32
- nany
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
Bonjour,
edns0 (depuis la glibc 2.6)
active RES_USE_EDNSO dans _res.options. Ceci active la prise en charge des
extensions DNS décrites dans la RFC 2671.
Hors ligne
#4 Le 25/03/2019, à 13:36
- maxire
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
Euh, non rogn, edns0 est une option du résolveur pas du tout une interface réseau :
edns0 (since glibc 2.6)
Sets RES_USE_EDNSO in _res.options. This enables support for the DNS extensions described in RFC 2671.
De plus mon objectif n'est pas du tout de la faire disparaître dans un premier temps mais plutôt de comprendre sa présence alors qu'elle ne semble pas être dans la liste des options par défaut.
Maxire
Archlinux/Mate + Ubuntu 22.04 + Archlinux/Gnome sur poste de travail
Hors ligne
#5 Le 25/03/2019, à 13:45
- maxire
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
À tout hasard, voici la configuration de dhclient utilisée :
bionic@k72f-J48-ubgnome:~$ cat /var/lib/NetworkManager/dhclient-wls1.conf
# Créé par NetworkManager
# Fusionné depuis /etc/dhcp/dhclient.conf
# Configuration file for /sbin/dhclient.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
# man page for more information about the syntax of this file
# and a more comprehensive list of the parameters understood by
# dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
# not leave anything out (like the domain name, for example), then
# few changes must be made to this file, if any.
#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
#send dhcp-lease-time 3600;
#supersede domain-name "fugue.com home.vix.com";
#prepend domain-name-servers 127.0.0.1;
#require subnet-mask, domain-name-servers;
#retry 60;
#reboot 10;
#select-timeout 5;
#initial-interval 2;
#script "/sbin/dhclient-script";
#media "-link0 -link1 -link2", "link0 link1";
#reject 192.33.137.209;
#alias {
# interface "eth0";
# fixed-address 192.5.5.213;
# option subnet-mask 255.255.255.255;
#}
#lease {
# interface "eth0";
# fixed-address 192.33.137.200;
# medium "link0 link1";
# option host-name "andare.swiftmedia.com";
# option subnet-mask 255.255.255.0;
# option broadcast-address 192.33.137.255;
# option routers 192.33.137.250;
# option domain-name-servers 127.0.0.1;
# renew 2 2000/1/12 00:00:01;
# rebind 2 2000/1/12 00:00:01;
# expire 2 2000/1/12 00:00:01;
#}
send host-name "k72f-J48-ubgnome"; # added by NetworkManager
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
option ms-classless-static-routes code 249 = array of unsigned integer 8;
option wpad code 252 = string;
request; # override dhclient defaults
also request subnet-mask;
also request broadcast-address;
also request time-offset;
also request routers;
also request domain-name;
also request domain-name-servers;
also request domain-search;
also request host-name;
also request dhcp6.name-servers;
also request dhcp6.domain-search;
also request dhcp6.fqdn;
also request dhcp6.sntp-servers;
also request netbios-name-servers;
also request netbios-scope;
also request interface-mtu;
also request rfc3442-classless-static-routes;
also request ntp-servers;
also request ms-classless-static-routes;
also request static-routes;
also request wpad;
bionic@k72f-J48-ubgnome:~$Je me demande si l'explication ne serait pas ici.
Maxire
Archlinux/Mate + Ubuntu 22.04 + Archlinux/Gnome sur poste de travail
Hors ligne
#6 Le 25/03/2019, à 13:58
- maxire
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
Non, ce n'est pas dhclient car si je le remplace par le client dhcp interne de NetworkManager, même résultat :
bionic@k72f-J48-ubgnome:~$ NetworkManager --print-config
# NetworkManager configuration: /etc/NetworkManager/NetworkManager.conf (lib: 10-dns-resolved.conf, 20-connectivity-ubuntu.conf, no-mac-addr-change.conf) (etc: 10-globally-managed-devices.conf, default-wifi-powersave-on.conf, dhcp.conf)
[main]
# rc-manager=symlink
# auth-polkit=true
dns=systemd-resolved
plugins=ifupdown,keyfile
dhcp=internal
[connectivity]
uri=http://connectivity-check.ubuntu.com/
[ifupdown]
managed=false
[logging]
# backend=journal
# audit=true
[device]
wifi.scan-rand-mac-address=no
[device-mac-addr-change-wifi]
match-device=driver:rtl8723bs,driver:rtl8189es,driver:r8188eu,driver:8188eu,driver:eagle_sdio,driver:wl
wifi.scan-rand-mac-address=no
wifi.cloned-mac-address=preserve
ethernet.cloned-mac-address=preserve
[connection]
wifi.powersave=3
bionic@k72f-J48-ubgnome:~$ et j'ai toujours
bionic@k72f-J48-ubgnome:~$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
search home
bionic@k72f-J48-ubgnome:~$Maxire
Archlinux/Mate + Ubuntu 22.04 + Archlinux/Gnome sur poste de travail
Hors ligne
#7 Le 25/03/2019, à 14:18
- inbox
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
Un problème résolu ? Indiquez le en modifiant le titre du sujet.
Hors ligne
#8 Le 25/03/2019, à 14:30
- maxire
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
OUI INBOX, j'ai pensé un moment que la présence de cette option était liée à l'activation de dnssec dans systemd-resolved mais si je désative dnssec l'option est toujours présente.
bionic@k72f-J48-ubgnome:~$ systemd-resolve --status --no-pager
Global
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (wls1)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
DNS Servers: 192.168.1.1
DNS Domain: home
Link 2 (ens5)
Current Scopes: none
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: no
DNSSEC supported: no
bionic@k72f-J48-ubgnome:~$bionic@k72f-J48-ubgnome:~$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0
search home
bionic@k72f-J48-ubgnome:~$Je signale que je me suis intéressé de plus près à /etc/resolv.conf suite à l'impossiblité d'accéder aux dépôts Ubuntu localisés en fr.archive.ubuntu.com.
Il semble que l'activation de DNSSEC empêche d'y accéder, j'obtiens une message indiquant que l'url est temporairement inaccessible.
Si je désactive DNSSEC, fr.archive.ubuntu.com devient accessible.
Ceci est vrai aussi bien en activant DNSSEC via dnsmasq qu'en l'activant via systemd-resolved.
Maxire
Archlinux/Mate + Ubuntu 22.04 + Archlinux/Gnome sur poste de travail
Hors ligne
#9 Le 25/03/2019, à 14:40
- maxire
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
Une comparaison avec Archlinux qui semble ne pas avoir besoin de cette option :
[pirate@asus-arch ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search home asus-arch.home
nameserver 127.0.0.53
[pirate@asus-arch ~]$ lsb_release -a
LSB Version: 1.4
Distributor ID: Arch
Description: Arch Linux
Release: rolling
Codename: n/a
[pirate@asus-arch ~]$ NetworkManager --print-config
# NetworkManager configuration: /etc/NetworkManager/NetworkManager.conf (lib: 20-connectivity.conf) (etc: dns.conf)
[main]
# plugins=keyfile,ibft
# rc-manager=symlink
# auth-polkit=true
# dhcp=internal
dns=systemd-resolved
[connectivity]
uri=http://www.archlinux.org/check_network_status.txt
[keyfile]
unmanaged-devices=interface-name:ap0
[logging]
# backend=journal
# audit=true
[pirate@asus-arch ~]$ resolvectl
Global
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Fallback DNS Servers: 1.1.1.1
9.9.9.10
8.8.8.8
2606:4700:4700::1111
2620:fe::10
2001:4860:4860::8888
DNS Domain: home
asus-arch.home
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (wls1)
Current Scopes: DNS
DefaultRoute setting: yes
[pirate@asus-arch ~]$ resolvectl --no-pager
Global
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Fallback DNS Servers: 1.1.1.1
9.9.9.10
8.8.8.8
2606:4700:4700::1111
2620:fe::10
2001:4860:4860::8888
DNS Domain: home
asus-arch.home
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 3 (wls1)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: no
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 192.168.1.1
DNS Servers: 192.168.1.1
DNS Domain: ~.
home
Link 2 (ens5)
Current Scopes: none
DefaultRoute setting: no
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
[pirate@asus-arch ~]dnssec est activé.
Maxire
Archlinux/Mate + Ubuntu 22.04 + Archlinux/Gnome sur poste de travail
Hors ligne
#10 Le 26/03/2019, à 08:59
- maxire
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
Je signale que je me suis intéressé de plus près à /etc/resolv.conf suite à l'impossiblité d'accéder aux dépôts Ubuntu localisés en fr.archive.ubuntu.com.
Il semble que l'activation de DNSSEC empêche d'y accéder, j'obtiens une message indiquant que l'url est temporairement inaccessible.
Si je désactive DNSSEC, fr.archive.ubuntu.com devient accessible.
Ceci est vrai aussi bien en activant DNSSEC via dnsmasq qu'en l'activant via systemd-resolved.
Solutions :
- systemd-resolved, utiliser dnssec=allow-downgrade dans /etc/systemd/resolved.conf
- dnsmasq, ne pas utiliser le client dhcp interne de NetworkManager mais dhclient ou dhcpcd par contre systemd-resolved est indifférent
Mais je ne sais toujours pas pourquoi cette option edns0 apparaît comme par miracle, je ne sais même pas si elle sert encore à quelque chose de nos jours.
Maxire
Archlinux/Mate + Ubuntu 22.04 + Archlinux/Gnome sur poste de travail
Hors ligne
#11 Le 21/08/2020, à 10:53
- gron
Re : /etc/resolv.conf : présence inexpliquée de l'option edns0
cf https://bugs.launchpad.net/ubuntu/+sour … ug/1817903, et aller à #9.
Hors ligne