Ako ste na novom 17.04 Ubuntu iskusili da neke stranice kad se spajate preko nekih mreža niste mogli otvoriti, krivac je paket 'systemd-resolved'. Naime, kako kažu sami razvijatelji Ubuntua, greškom je uključen DNSSEC. DNSSEC je DNS security check. Canonicalovo rješenje je isključivanje DNSSEC-a kako je bilo i na ranijim verzijama.
Više o svemu pa i rješenju ovdje
http://www.hecticgeek.com/2017/04/ubunt ... ns-issues/
Sada je: 29 ožu 2024, 08:02.
Moderator/ica: Moderatori/ce
8 post(ov)a
• Stranica: 1/1.
na žalost DNSSEC još nije standard
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Ne, ali ovaj me je 'feature' ili 'bug' me je ubijao zadnjih tjedan dana. Klinci igraju flesh igrice i onda odjednom nakon pola sata ne otvara stranice, a wifi radi ?!
I znači nas opet kad je DNSSEC na off desi se da ne mogu na linuxzasve. Napravim
i dobijem odgovor
Iako ovdje stoji da je Poettering to riješio u veljači, kad DNS nije dostupan tj. REFUSED da ide na sljedeći.
https://github.com/systemd/systemd/issues/4264
Probat ću sad s Googleovim DNS-ovima, samo IP automatski.
I ovdje ima nešto o tome
https://askubuntu.com/questions/838948/ ... esolve-dns
- Kod: Označi sve
sudo apt-get systemd-resolved www.linuxzasve.com
i dobijem odgovor
- Kod: Označi sve
sudo systemd-resolve www.linuxzasve.com
[sudo] password for hrvooje:
www.linuxzasve.com: resolve call failed: Could not resolve 'www.linuxzasve.com', server or network returned error REFUSED
Iako ovdje stoji da je Poettering to riješio u veljači, kad DNS nije dostupan tj. REFUSED da ide na sljedeći.
https://github.com/systemd/systemd/issues/4264
Probat ću sad s Googleovim DNS-ovima, samo IP automatski.
I ovdje ima nešto o tome
https://askubuntu.com/questions/838948/ ... esolve-dns
Novosti u vezi ovog problema koji jos nije riješen na Ubuntu i Debian unstable
https://bugs.launchpad.net/ubuntu/+sour ... ug/1682499
https://bugs.launchpad.net/ubuntu/+sour ... ug/1682499
- Kod: Označi sve
I'm on Ubuntu GNOME 17.04
I see that DNSSEC is now off by default, however, in my log, I would see something like:
4 May 2 23:29:31 lavender systemd-resolved[1129]: Grace period over, resuming full feature set (UDP+EDNS0+DO+LARGE) for DNS server 10.2.5.7.
5 May 2 23:29:31 lavender systemd-resolved[1129]: Using degraded feature set (UDP) for DNS server 10.2.5.7.
And during that, it seems the systemd-resolved would act just like DNSSEC enabled, and Web would fail some time like before.
I don't quite get what is going on. I have dnsmasq run in my network to provide DNS cache, it's the 10.2.5.7 . My upstream server do not support DNSSEC, so the validation would fail certainly.
What I observed is during this feature set test, dnsmasq cache would receive TCP connection from Ubuntu GNOME 17.04 . And take some time, the test fail.
I know this feature test would fail, as I know the upstream server do not support DNSSEC. I don't know what is EDNS0 or LARGE. But the problem here is that even DNSSEC is now off by default, this feature set test would still do the "DO" test, which stands for DNSSEC OK. It would surely fail, and it can not be turned off via configuration, and it would cut the Web for some time.
There is a patch for this: https://github.com/systemd/systemd/issues/5352
Is it possible to cherry pick it please ?
Zanimljivo ja nemam probleme sa time. Probaj si podesiti ručno da se koristi DNS server 8.8.8.8 i 8.8.4.4 u mrežnim postavkama.
Es gibt keinen Gott, kein Universum, keine menschliche Rasse, kein irdisches Leben, keinen Himmel, keine Hölle. Es ist alles ein Traum - ein grotesker und dummer Traum. Nichts existiert außer dir. Und du bist nur ein Gedanke - ein vagabundierender Gedanke, ein nutzloser Gedanke, ein heimatloser Gedanke, der verloren in der leeren Ewigkeit wandelt!
Taj systemd-resolved ne prestaje iznenađivati. Izgleda da je pokidan po dizajnu
This helped me only partially - I still have issues with DNS lookup.
It seems that the systemd-resolved is broken from the very idea.
After solving DNSSEC problem, I see now a switching problem - if one DNS does not respond, resolved switches to another one, which may be a local DNS not serving all the information, however it responds RELIABLY with .... "REFUSED" for majority of queries! Thus, resolved is stuck with this "reliable" DNS, refusing almost all queries until reboot (or networking reload).
There are so many bugs filled about resolved that somebody should gather them in one place and do something.
Moreover, tracing problems is not easy - they are intermittent, depending on current server load. For some people in fixed setup bug may be nonexistent; when travelling across well-configured, simple and non-overloaded networks everything is OK. Then, at some hour, some connection - I start having to reload network every time I start reading mail.....
For now many people are switching to alternative resolver - e.g. "unbound"; what is going on with resolved looks like sabotage.....
https://bugs.launchpad.net/ubuntu/+sour ... ug/1682499
This helped me only partially - I still have issues with DNS lookup.
It seems that the systemd-resolved is broken from the very idea.
After solving DNSSEC problem, I see now a switching problem - if one DNS does not respond, resolved switches to another one, which may be a local DNS not serving all the information, however it responds RELIABLY with .... "REFUSED" for majority of queries! Thus, resolved is stuck with this "reliable" DNS, refusing almost all queries until reboot (or networking reload).
There are so many bugs filled about resolved that somebody should gather them in one place and do something.
Moreover, tracing problems is not easy - they are intermittent, depending on current server load. For some people in fixed setup bug may be nonexistent; when travelling across well-configured, simple and non-overloaded networks everything is OK. Then, at some hour, some connection - I start having to reload network every time I start reading mail.....
For now many people are switching to alternative resolver - e.g. "unbound"; what is going on with resolved looks like sabotage.....
https://bugs.launchpad.net/ubuntu/+sour ... ug/1682499
8 post(ov)a
• Stranica: 1/1.
Na mreži
Trenutno korisnika/ca: / i 8 gostiju.