Sada je: 29 ožu 2024, 08:02.
Razne diskusije o Linuxu, neovisno o distribuciji.

Moderator/ica: Moderatori/ce

Ako ste na novom 17.04 Ubuntu iskusili da neke stranice kad se spajate preko nekih mreža niste mogli otvoriti, krivac je paket 'systemd-resolved'. Naime, kako kažu sami razvijatelji Ubuntua, greškom je uključen DNSSEC. DNSSEC je DNS security check. Canonicalovo rješenje je isključivanje DNSSEC-a kako je bilo i na ranijim verzijama.

Više o svemu pa i rješenju ovdje :thmbs-up
http://www.hecticgeek.com/2017/04/ubunt ... ns-issues/
Postovi: 286
Postovi: 286
Pridružen/a: 05 stu 2008, 14:40
Podijelio/la zahvalu: 38 puta
Primio/la zahvalu: 32 puta
na žalost DNSSEC još nije standard :(
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Avatar
Moderator
Postovi: 10321
Moderator
Postovi: 10321
Pridružen/a: 07 pro 2007, 18:07
Podijelio/la zahvalu: 181 puta
Primio/la zahvalu: 313 puta
Spol: Y
OS: utuntu 19.10
Ne, ali ovaj me je 'feature' ili 'bug' me je ubijao zadnjih tjedan dana. Klinci igraju flesh igrice i onda odjednom nakon pola sata ne otvara stranice, a wifi radi ?!
Postovi: 286
Postovi: 286
Pridružen/a: 05 stu 2008, 14:40
Podijelio/la zahvalu: 38 puta
Primio/la zahvalu: 32 puta
I znači nas opet kad je DNSSEC na off desi se da ne mogu na linuxzasve. Napravim
Kod: Označi sve
sudo apt-get systemd-resolved www.linuxzasve.com

i dobijem odgovor
Kod: Označi sve
sudo systemd-resolve www.linuxzasve.com
[sudo] password for hrvooje:
www.linuxzasve.com: resolve call failed: Could not resolve 'www.linuxzasve.com', server or network returned error REFUSED

Iako ovdje stoji da je Poettering to riješio u veljači, kad DNS nije dostupan tj. REFUSED da ide na sljedeći.
https://github.com/systemd/systemd/issues/4264

Probat ću sad s Googleovim DNS-ovima, samo IP automatski.

I ovdje ima nešto o tome
https://askubuntu.com/questions/838948/ ... esolve-dns
Postovi: 286
Postovi: 286
Pridružen/a: 05 stu 2008, 14:40
Podijelio/la zahvalu: 38 puta
Primio/la zahvalu: 32 puta
Novosti u vezi ovog problema koji jos nije riješen na Ubuntu i Debian unstable

https://bugs.launchpad.net/ubuntu/+sour ... ug/1682499

Kod: Označi sve
I'm on Ubuntu GNOME 17.04
I see that DNSSEC is now off by default, however, in my log, I would see something like:
  4 May 2 23:29:31 lavender systemd-resolved[1129]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 10.2.5.7.
  5 May 2 23:29:31 lavender systemd-resolved[1129]: Using degraded feature set (UDP) for DNS server 10.2.5.7.
And during that, it seems the systemd-resolved would act just like DNSSEC enabled, and Web would fail some time like before.
I don't quite get what is going on. I have dnsmasq run in my network to provide DNS cache, it's the 10.2.5.7 . My upstream server do not support DNSSEC, so the validation would fail certainly.
What I observed is during this feature set test, dnsmasq cache would receive TCP connection from Ubuntu GNOME 17.04 . And take some time, the test fail.
I know this feature test would fail, as I know the upstream server do not support DNSSEC. I don't know what is EDNS0 or LARGE. But the problem here is that even DNSSEC is now off by default, this feature set test would still do the "DO" test, which stands for DNSSEC OK. It would surely fail, and it can not be turned off via configuration, and it would cut the Web for some time.
There is a patch for this: https://github.com/systemd/systemd/issues/5352
Is it possible to cherry pick it please ?
Postovi: 286
Postovi: 286
Pridružen/a: 05 stu 2008, 14:40
Podijelio/la zahvalu: 38 puta
Primio/la zahvalu: 32 puta
Zanimljivo ja nemam probleme sa time. Probaj si podesiti ručno da se koristi DNS server 8.8.8.8 i 8.8.4.4 u mrežnim postavkama.
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Avatar
Moderator
Postovi: 10321
Moderator
Postovi: 10321
Pridružen/a: 07 pro 2007, 18:07
Podijelio/la zahvalu: 181 puta
Primio/la zahvalu: 313 puta
Spol: Y
OS: utuntu 19.10
Ne vrijedi. Probao ranije.
Postovi: 286
Postovi: 286
Pridružen/a: 05 stu 2008, 14:40
Podijelio/la zahvalu: 38 puta
Primio/la zahvalu: 32 puta
Taj systemd-resolved ne prestaje iznenađivati. Izgleda da je pokidan po dizajnu

This helped me only partially - I still have issues with DNS lookup.

It seems that the systemd-resolved is broken from the very idea.

After solving DNSSEC problem, I see now a switching problem - if one DNS does not respond, resolved switches to another one, which may be a local DNS not serving all the information, however it responds RELIABLY with .... "REFUSED" for majority of queries! Thus, resolved is stuck with this "reliable" DNS, refusing almost all queries until reboot (or networking reload).

There are so many bugs filled about resolved that somebody should gather them in one place and do something.

Moreover, tracing problems is not easy - they are intermittent, depending on current server load. For some people in fixed setup bug may be nonexistent; when travelling across well-configured, simple and non-overloaded networks everything is OK. Then, at some hour, some connection - I start having to reload network every time I start reading mail.....

For now many people are switching to alternative resolver - e.g. "unbound"; what is going on with resolved looks like sabotage.....


https://bugs.launchpad.net/ubuntu/+sour ... ug/1682499
Postovi: 286
Postovi: 286
Pridružen/a: 05 stu 2008, 14:40
Podijelio/la zahvalu: 38 puta
Primio/la zahvalu: 32 puta

Na mreži
Trenutno korisnika/ca: / i 8 gostiju.