[arch-general] BIND, systemd-resolved, and nscd

frederik at ofb.net frederik at ofb.net
Wed Sep 12 20:14:40 UTC 2018


Hello Arch General,

I hope this is the right mailing list; I'm a new subscriber.

After a recent upgrade I found that DNS broke in two different ways on
my computer,

1. BIND enabled DNSSEC by default, causing hostname resolution to stop
working (for some reason my home wireless router broke the "trust
chain", which I know nothing about)

    https://kb.isc.org/article/AA-01636/81/BIND-9.13.2-Release-Notes.html

    The default setting for dnssec-validation is now auto, which
    activates DNSSEC validation using the IANA root key.

I had to add "dnssec-validation yes;" to /etc/named.conf. I have a
forwarding BIND configuration so that Spamassassin's DNSBL queries can
be handled specially.

2. There is a bug relating to systemd-resolved and nscd. It is also
related to a decision made by systemd-resolved maintainers to never
use DNS to resolve single-label hostnames:

    https://github.com/systemd/systemd/issues/2514
    https://sourceware.org/bugzilla/show_bug.cgi?id=23546

This was very confusing to me because I had assumed that my computers
were still using DNS to find each other via my router, as I had not
changed anything related to that configuration.

While trying to debug these problems, I remember checking the "Arch
Linux - News" page (https://www.archlinux.org/news/) but I didn't find
anything relevant there.

I wonder it makes sense to expect that changes which break hostname
resolution on home networks, or which may require reconfiguration on
common setups to maintain existing functionality, should be announced
on this page. I would be in favor of that but I don't know how I would
phrase the announcement. For what it's worth, I was not able to find
help with these problems on #archlinux or the BBS or superuser.com.
Any thoughts?

Best wishes,

Frederick


More information about the arch-general mailing list