Difference between revisions of "DNS"

From Ever changing code
Jump to navigation Jump to search
 
(13 intermediate revisions by the same user not shown)
Line 6: Line 6:
*'''CNAME''' - Canonical name record - the canonical name (or Fully Qualified Domain Name) for an alias; Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. Used when multiple services have the single network address, but each service has its own entry in DNS
*'''CNAME''' - Canonical name record - the canonical name (or Fully Qualified Domain Name) for an alias; Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. Used when multiple services have the single network address, but each service has its own entry in DNS
*'''MX''' - mail exchange record; maps a domain name to a list of mail exchange servers (MTA) for that domain
*'''MX''' - mail exchange record; maps a domain name to a list of mail exchange servers (MTA) for that domain
*'''SRV''' - Service Locator, multi line record of form of eg in AWS <code>[priority] [weight] [port] [server host name]</code>, multiline must start with <code>_</code> a new line delimiter
*'''SOA''' - Start of [a zone of] authority record - Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
*'''SOA''' - Start of [a zone of] authority record - Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
*'''PTR''' - Pointer record - pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups
*'''PTR''' - Pointer record - pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups
Line 59: Line 60:
10.10.22.22 k8s.acme.cloud echo-1.ingress.k8s.acme.cloud
10.10.22.22 k8s.acme.cloud echo-1.ingress.k8s.acme.cloud
</source>
</source>
= flush dns =
<source lang=bash>
sudo systemctl is-active systemd-resolved.service
# -> active
# Ubuntu 18.04, 20.04
resolvectl statistics              # show statistics, the same output as 'systemd-resolve --statistics'
sudo systemd-resolve --statistics  # or --reset-statistics - resets resolver statistics
sudo systemd-resolve --flush-caches # Flush Ubuntu DNS Cache - Ubuntu <22.04 (old)
resolvectl flush-caches            # Flush Ubuntu DNS Cache - Ubuntu  22.04
sudo systemctl restart nscd          # Other distros, eg arch Linux
# Resolve a name without using local cache
sudo systemd-resolve --flush-caches
resolvectl flush-caches
systemd-resolve --statistics | grep 'Current Cache Size' # -> Current Cache Size: 0
dig +short tvp.info @8.8.8.8
systemd-resolve --statistics | grep 'Current Cache Size' # -> Current Cache Size: 0
dig +short tvp.info
systemd-resolve --statistics | grep 'Current Cache Size' # -> Current Cache Size: 1
# Display cached dns entries
sudo killall -USR1 systemd-resolved # it doesn't stop the service, it tells systemd-resolved to write all the current cache entries to the system log
journalctl -u systemd-resolved      # list the cached entries from the log
## Oneliner
sudo killall -USR1 systemd-resolved; journalctl -u systemd-resolved --since "5s ago"
</source>
= Netplan =
Netplan is the default network management tool on Ubuntu 18.04, replacing the /etc/resolv.conf and /etc/network/interfaces configuration files that have been used to configure the network in the previous Ubuntu versions.
Back in the days, whenever you wanted to configure DNS resolvers in Linux you would simply open the /etc/resolv.conf file, edit the entries, save the file and you are good to go. This file still exists but it is a symlink controlled by the systemd-resolved service and should not be edited manually.
{{Note|Info As of 18/05/2020 Network Manager doesn’t respect the Netplan option nameservers: addresses [8.8.8.8,8.8.4.4] option even when you specify dhcp4-overrides: use-dns: false it still uses (and give priority to) the default DHCP DNS servers. This renders any custom DNS servers redundant. The only way around this AFAIK is to specify the Ethernet connection as static.}}
<source lang=bash>
sudo vi /etc/netplan/enp0s3.yaml
network:
    version: 2
    renderer: NetworkManager
    ethernets:
      enp0s3:
          dhcp4: false
          addresses: [192.168.1.114/24]
          gateway4: 192.168.1.1
          nameservers:
            addresses: [8.8.8.8, 8.8.4.4]
# Using this method you’ll lose the Network Manager GUI and network icon and let Netplan to manage all devices
sudo netplan apply
systemd-resolve --status | grep 'DNS Servers' -A2
</source>
= AWS =
*[https://aws.amazon.com/blogs/security/simplify-dns-management-in-a-multiaccount-environment-with-route-53-resolver/ DNS resolver in multi-accout environment | shared dns-resolver ] 28 MAY 2019


= References =
= References =
*[https://en.wikipedia.org/wiki/List_of_DNS_record_types List of DNS record types] Wikipedia
*[https://en.wikipedia.org/wiki/List_of_DNS_record_types List of DNS record types] Wikipedia

Latest revision as of 16:08, 21 October 2022

This is a source of general information about Domain Name System aka DNS.

The DNS server stores different types of resource records used to resolve names, records like:

  • A - Address record - returns a 32-bit IPv4 address, most commonly used to map hostnames to an IP address of the host
  • NS - Name server record - an authoritative name server, delegates a DNS zone to use the given authoritative name servers
  • CNAME - Canonical name record - the canonical name (or Fully Qualified Domain Name) for an alias; Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. Used when multiple services have the single network address, but each service has its own entry in DNS
  • MX - mail exchange record; maps a domain name to a list of mail exchange servers (MTA) for that domain
  • SRV - Service Locator, multi line record of form of eg in AWS [priority] [weight] [port] [server host name], multiline must start with _ a new line delimiter
  • SOA - Start of [a zone of] authority record - Specifies authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.
  • PTR - Pointer record - pointer to a canonical name. Unlike a CNAME, DNS processing stops and just the name is returned. The most common use is for implementing reverse DNS lookups

The ipconfig /displaydns command displays all of the cached DNS entries on a Windows computer system.

/etc/hosts

dig (domain information groper) and nslookup (query Internet name servers interactively) are tools that query name servers. Unless a specific name server is specified as a commandline argument they will query the name server(s) found in /etc/resolv.conf. They simply don't look at alternative sources of host information such as the /etc/hosts file or other sources specified in /etc/nsswitch.conf.


To force all dns queries through dnsmasq on your host, the /etc/resolv.conf there should point to dnsmasq, i.e. it should look like: 

#/etc/resolv.conf on sun
nameserver 127.0.0.1


Hosts file is part of Name Service Switch. Configured at 

$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat systemd
group:          compat systemd
shadow:         compat
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files


Example entries in /etc/hosts 

10.10.11.11                 echo-1.service.k8s.acme.cloud # via app-service LoadBalancer
10.10.22.22  k8s.acme.cloud echo-1.ingress.k8s.acme.cloud # via ingress-service (k8s entry point)

can be verified using getent utility, to get entries from Name Service Switch libraries 

$ getent hosts 10.10.11.11
10.10.11.11 echo-1.service.k8s.acme.cloud
$ getent hosts echo-1.ingress.k8s.acme.cloud
10.10.22.22 k8s.acme.cloud echo-1.ingress.k8s.acme.cloud

flush dns

sudo systemctl is-active systemd-resolved.service
# -> active

# Ubuntu 18.04, 20.04
resolvectl statistics               # show statistics, the same output as 'systemd-resolve --statistics'
sudo systemd-resolve --statistics   # or --reset-statistics - resets resolver statistics

sudo systemd-resolve --flush-caches # Flush Ubuntu DNS Cache - Ubuntu <22.04 (old)
resolvectl flush-caches             # Flush Ubuntu DNS Cache - Ubuntu  22.04


sudo systemctl restart nscd          # Other distros, eg arch Linux

# Resolve a name without using local cache
sudo systemd-resolve --flush-caches
resolvectl flush-caches

systemd-resolve --statistics | grep 'Current Cache Size' # -> Current Cache Size: 0
dig +short tvp.info @8.8.8.8
systemd-resolve --statistics | grep 'Current Cache Size' # -> Current Cache Size: 0
dig +short tvp.info
systemd-resolve --statistics | grep 'Current Cache Size' # -> Current Cache Size: 1

# Display cached dns entries
sudo killall -USR1 systemd-resolved # it doesn't stop the service, it tells systemd-resolved to write all the current cache entries to the system log
journalctl -u systemd-resolved      # list the cached entries from the log

## Oneliner
sudo killall -USR1 systemd-resolved; journalctl -u systemd-resolved --since "5s ago"

Netplan

Netplan is the default network management tool on Ubuntu 18.04, replacing the /etc/resolv.conf and /etc/network/interfaces configuration files that have been used to configure the network in the previous Ubuntu versions.


Back in the days, whenever you wanted to configure DNS resolvers in Linux you would simply open the /etc/resolv.conf file, edit the entries, save the file and you are good to go. This file still exists but it is a symlink controlled by the systemd-resolved service and should not be edited manually.


Note: Info As of 18/05/2020 Network Manager doesn’t respect the Netplan option nameservers: addresses [8.8.8.8,8.8.4.4] option even when you specify dhcp4-overrides: use-dns: false it still uses (and give priority to) the default DHCP DNS servers. This renders any custom DNS servers redundant. The only way around this AFAIK is to specify the Ethernet connection as static. 

sudo vi /etc/netplan/enp0s3.yaml
network:
    version: 2
    renderer: NetworkManager
    ethernets:
       enp0s3:
          dhcp4: false
          addresses: [192.168.1.114/24]
          gateway4: 192.168.1.1
          nameservers:
             addresses: [8.8.8.8, 8.8.4.4]

# Using this method you’ll lose the Network Manager GUI and network icon and let Netplan to manage all devices
sudo netplan apply
systemd-resolve --status | grep 'DNS Servers' -A2

AWS

References

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=DNS&oldid=6928