ANN: DNS resolver changes in yakkety
code at flexion.org
Tue May 31 09:51:07 UTC 2016
On my phone and travelling so can't trivially find out the answer to the
following question right now.
Is libnss-resolve automatically seeded via a Depends or does it require
On 31 May 2016 11:36, "Martin Pitt" <martin.pitt at ubuntu.com> wrote:
> Hello all,
> yesterday I landed  in Yakkety which changes how DNS resolution
> works -- i. e. how names like "www.ubuntu.com" get translated to an IP
> address like 126.96.36.199.
> Until now, we used two different approaches for this:
> * On desktops and touch, NetworkManager launched "dnsmasq" configured
> as effectively a local DNS server which forwards requests to the
> "real" DNS servers that get picked up usually via DHCP. Thus
> /etc/resolv.conf said "nameserver 127.0.0.1" and it was rather
> non-obvious to show the real DNS servers. (This was one of the
> complaints/triggers that led to creating this blueprint). But
> dnsmasq does proper rotation and fallback between multiple
> nameservers, i. e. if one does not respond it uses the next one
> without long timeouts.
> * On servers, cloud images etc. we did not have any local DNS server.
> Configured DNS servers (via DHCP or static configuration in
> /etc/network/interfaces) were put into /etc/resolv.conf, and
> every program (via glibc's builtin resolver) directly contacted
> This had the major drawback that if the first DNS server does not
> respond (or is slow), then *every* DNS lookup suffers from a ~ 10s
> timeout, which makes every network operation awfully slow.
> Addressing this was the main motivation for the blueprint. On top
> of that, there was no local caching, thus requesting the same name
> again would do another lookup.
> As of today, we now have one local resolver service for all Ubuntu
> products; we picked "resolved" as that is small and lightweight,
> already present (part of the systemd package), does not require D-Bus
> (unlike dnsmasq), supports DNSSEC, provides transparent fallback to
> contacting the real DNS servers directly (in case anything goes wrong
> with the local resolver), and avoids the first issue above that
> /etc/resolv.conf always shows 127.0.0.1.
> Now DNS resolution goes via a new "libnss-resolve" NSS module which
> talks to resolved . /etc/resolv.conf has the "real" nameservers,
> broken name servers are handled efficiently, and we have local DNS
> caching. NetworkManager now stops launching a dnsmasq instance.
> I've had this running on my laptop for about three weeks now without
> noticing problems, but there may well be some corner cases where this
> causes problems. If you encounter a regression that causes DNS names
> to not get resolved correctly, please do "ubuntu-bug libnss-resolve"
> with the details.
>  This is configured in /etc/nsswitch.conf ("hosts: files ... resolve
> Martin Pitt | http://www.piware.de
> Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-devel