ANN: DNS resolver changes in yakkety

Dave Morley davmor2 at davmor2.co.uk
Tue May 31 10:02:19 UTC 2016


On Tue, 31 May 2016 11:34:41 +0200
Martin Pitt <martin.pitt at ubuntu.com> wrote:

> Hello all,
> 
> yesterday I landed [1] in Yakkety which changes how DNS resolution
> works -- i. e. how names like "www.ubuntu.com" get translated to an IP
> address like 1.2.3.4.
> 
> Until now, we used two different approaches for this:
> 
>  * On desktops and touch, NetworkManager launched "dnsmasq" configured
>    as effectively a local DNS server which forwards requests to the
>    "real" DNS servers that get picked up usually via DHCP. Thus
>    /etc/resolv.conf said "nameserver 127.0.0.1" and it was rather
>    non-obvious to show the real DNS servers. (This was one of the
>    complaints/triggers that led to creating this blueprint).  But
>    dnsmasq does proper rotation and fallback between multiple
>    nameservers, i. e. if one does not respond it uses the next one
>    without long timeouts.
> 
>  * On servers, cloud images etc. we did not have any local DNS server.
>    Configured DNS servers (via DHCP or static configuration in
>    /etc/network/interfaces) were put into /etc/resolv.conf, and
>    every program (via glibc's builtin resolver) directly contacted
>    those.
> 
>    This had the major drawback that if the first DNS server does not
>    respond (or is slow), then *every* DNS lookup suffers from a ~ 10s
>    timeout, which makes every network operation awfully slow.
>    Addressing this was the main motivation for the blueprint. On top
>    of that, there was no local caching, thus requesting the same name
>    again would do another lookup.
> 
> As of today, we now have one local resolver service for all Ubuntu
> products; we picked "resolved" as that is small and lightweight,
> already present (part of the systemd package), does not require D-Bus
> (unlike dnsmasq), supports DNSSEC, provides transparent fallback to
> contacting the real DNS servers directly (in case anything goes wrong
> with the local resolver), and avoids the first issue above that
> /etc/resolv.conf always shows 127.0.0.1.
> 
> Now DNS resolution goes via a new "libnss-resolve" NSS module which
> talks to resolved [2]. /etc/resolv.conf has the "real" nameservers,
> broken name servers are handled efficiently, and we have local DNS
> caching. NetworkManager now stops launching a dnsmasq instance.
> 
> I've had this running on my laptop for about three weeks now without
> noticing problems, but there may well be some corner cases where this
> causes problems. If you encounter a regression that causes DNS names
> to not get resolved correctly, please do "ubuntu-bug libnss-resolve"
> with the details.
> 
> Thanks,
> 
> Martin
> 
> [1]
> https://blueprints.launchpad.net/ubuntu/+spec/foundations-y-local-resolver
> [2] This is configured in /etc/nsswitch.conf ("hosts: files ...
> resolve dns")

How will this work on the phone if it is only enabled in yakkety? Ho
w will this affect landing phone silos? Have you tests with a 3g/4g
dongle so you have 2 dns servers up at the same time, how is suspend,
reboot and flight mode scenarios handled?

I think that is all the questions I can think of :)

-- 
You Make It, I'll Break It!

I Love My Job :)

http://www.canonical.com
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20160531/cf9e81f0/attachment-0001.pgp>


More information about the ubuntu-devel mailing list