Ssh or ping shortname not working in Fedora36 - nslookup works

Dear guys,

I updated to Fedora 36 and ping/ssh are not working when using shortnames. The resolv.conf contains line search mydomain.com.br and if execute nslookup machine it gets the ip address.

[forhelio@uecnbk6044 etc]$ cat resolv.conf

nameserver 172.26.169.131
nameserver 172.26.169.132
search mydomain.com.br


[forhelio@uecnbk6044 etc]$ nslookup dc1hjed0
Server:		172.26.169.131
Address:	172.26.169.131#53

Non-authoritative answer:
Name:	dc1hjed0.mydomain.com.br
Address: 172.28.130.230


[forhelio@uecnbk6044 etc]$ ping dc1hjed0
ping: dc1hjed0: Name or service not known




[forhelio@uecnbk6044 etc]$ ping dc1hjed0.mydomain.com.br
PING dc1hjed0.mydomain.com.br (172.28.130.230) 56(84) bytes of data.
64 bytes from dc1hjed0.mydomain.com.br (172.28.130.230): icmp_seq=1 ttl=248 time=68.1 ms
64 bytes from dc1hjed0.mydomain.com.br (172.28.130.230): icmp_seq=2 ttl=248 time=60.4 ms

--- dc1hjed0.mydomain.com.br ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 60.350/64.225/68.101/3.875 ms

Helio Paixao

Out of curiosity, what is the result of this command?
resolvectl

Hi Alesio,

[forhelio@uecnbk6044 ~]$ resolvectl
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: uplink
DNS Domain: mydomain.com.br

Link 2 (enp0s31f6)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp3s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 172.26.169.131
DNS Servers: 172.26.169.131 172.26.169.132
[forhelio@uecnbk6044 ~]$

I found what was changed with update : nsswitch.conf

I fixed the problem putting dns just after files (hosts) resolution

[forhelio@uecnbk6044 etc]$ cat nsswitch.conf
# Generated by authselect on Sun May 22 15:14:54 2022
# Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
# You can stop authselect from managing your configuration by calling 'authselect opt-out'.
# See authselect(8) for more details.

# In order of likelihood of use to accelerate lookup.
passwd:     files sss systemd
shadow:     files
group:      files sss systemd
# hosts:      files myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns
hosts:      files dns myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] 

Thanks

1 Like

Yeah. Great.
Take this into account

You found the problem and it works. For the moment. There might be some surprises to be expected during updates and upgrades. And as mentioned above, authselect modifies the file. What is the problem: nslookup reads resolv.conf and starts communication with one of the nameservers, using the search domain. Other programs are lazy and just call a GetHostByName function, which ends with systemd-resolved in a default installation. Your problem does surprise me a bit, because systemd-resolved reads /etc/resolv.conf upon startup including the search domain, so unless you added it to /etc/resolv.conf without restart, it should have worked.

There are two solutions:
Oldfashioned: stop and disable the systemd-resolved.service. The “!UNAVAILABLE” /etc/nsswitch.conf sees the service as not available and goes on with dns. The same as your current situation.

Current level: use the facilities of systemd-resolved. But to have nslookup using the same facilities, /etc/resolv.conf has to be a symbolic link to /run/systemd/resolve/stub-resolv.conf. nslookup contacts nameserver 127.0.0.53, which is systemd-resolved. Configuration is now in /etc/systemd/resolved.conf, but since systemd-resolved cooperates with NetworkManager there is hardly configuration necessary.

Note: there is a parameter ResolveUnicastSingleLabel in resolved.conf controlling single name hostnames, but this only for configurations with no public DNS servers. Use the “Domains” parameter if not already added by NetworkManager or DHCP.

1 Like