View previous topic :: View next topic |
Author |
Message |
davidshen84 Apprentice

Joined: 09 Aug 2008 Posts: 286
|
Posted: Mon Sep 07, 2020 12:41 pm Post subject: ping *.local gives me System Error |
|
|
Hi,
I have systemd-resolved disabled, emerged avahi-daemon and configured /etc/nsswitch.conf. I was able to ping the hosts in my LAN such as gentoo.local. But today, when I try to ping any ".local" host, I got "System Error"
If I ping a wrong name, such as "gentoo.local2", I got name not resolved. So I think the name resolution is working, but ping is failing. However, I can ping google.com and host in LAN using IP.
The only thing I can think of is that I enabled a bunch of conn_track related kernel configuration and emerged "minikube" package.
There's no error log anywhere. _________________ David Shen |
|
Back to top |
|
 |
mike155 Advocate

Joined: 17 Sep 2010 Posts: 2564 Location: Frankfurt, Germany
|
Posted: Mon Sep 07, 2020 4:27 pm Post subject: |
|
|
Reset /etc/nsswitch.conf to its original contents and retry. Does ping work now? |
|
Back to top |
|
 |
davidshen84 Apprentice

Joined: 09 Aug 2008 Posts: 286
|
Posted: Mon Sep 07, 2020 11:01 pm Post subject: |
|
|
mike155 wrote: | Reset /etc/nsswitch.conf to its original contents and retry. Does ping work now? |
I did, I even re-compiled glibc and restart the computer.
One interesting thing is that on boot the avahi-daemon log shows everything is fine. But if I restart the service I got a warning "WARNING: Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended.". I have disabled systemd-resolved on my system and I have checked that the service is not running. I just could not figure out what other services could cause this conflict. _________________ David Shen |
|
Back to top |
|
 |
alamahant l33t

Joined: 23 Mar 2019 Posts: 653
|
Posted: Mon Sep 07, 2020 11:45 pm Post subject: |
|
|
Maybe you disabled systemd-resolved but maybe it somehow started...
Systemd is very paternalistic about things like that.
It knows best.
Code: |
systemctl status systemd-resolved #####and also to be sure
systemctl mask systemd-resolved
systemd-resolve --flush-caches
|
Do you have dnsmasq?
Also check
From the above
Quote: |
MulticastDNS=
Takes a boolean argument or "resolve". Controls Multicast DNS support (RFC 6762[2]) on the local host.
If true, enables full Multicast DNS responder and resolver support. If false, disables both. If set to
"resolve", only resolution support is enabled, but responding is disabled. Note that systemd-
networkd.service( also maintains per-link Multicast DNS settings. Multicast DNS will be enabled on a
link only if the per-link and the global setting is on.
|
Are you using systemd-networkd for network?
Maybe if you switched to NM?
Do you really feel enthusiastic about avahi?
Would you be averse to using maybe bind instead? |
|
Back to top |
|
 |
davidshen84 Apprentice

Joined: 09 Aug 2008 Posts: 286
|
Posted: Tue Sep 08, 2020 8:48 am Post subject: |
|
|
I disabled and stopped my "avahi-daemon" and configured "systemd-resolved". After playing for a while and checking the log, I don't know why my system can connect to Internet now...
I have dnscrypt-proxy running on my host and it reports working. But "resolvectl status" shows my DNS does not support DNSSEC.
Code: |
Global
LLMNR setting: yes
MulticastDNS setting: yes
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: no
Current DNS Server: 127.0.0.1
DNS Servers: 127.0.0.1
::1
Fallback DNS Servers: 1.1.1.1
8.8.8.8
1.0.0.1
8.8.4.4
2606:4700:4700::1111
2001:4860:4860::8888
2606:4700:4700::1001
2001:4860:4860::8844
DNS Domain: ~.
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
|
Code: | resolvectl query openwrt.lan
openwrt.lan: 192.168.86.13 -- link: wlan0
-- Information acquired via protocol DNS in 7.9ms.
-- Data is authenticated: no
|
Code: | ping openwrt.lan
ping: openwrt.lan: Name or service not known |
Code: | resolvectl query openwrt.local
openwrt.local: resolve call failed: 'openwrt.local' does not have any RR of the requested type |
Code: | ping openwrt.local
ping: openwrt.local: System error |
_________________ David Shen |
|
Back to top |
|
 |
Ant P. Watchman

Joined: 18 Apr 2009 Posts: 6867
|
Posted: Tue Sep 08, 2020 9:17 am Post subject: |
|
|
Which version of nss-mdns do you have? |
|
Back to top |
|
 |
davidshen84 Apprentice

Joined: 09 Aug 2008 Posts: 286
|
Posted: Tue Sep 08, 2020 9:35 am Post subject: |
|
|
Ant P. wrote: | Which version of nss-mdns do you have? |
0.14.1 _________________ David Shen |
|
Back to top |
|
 |
davidshen84 Apprentice

Joined: 09 Aug 2008 Posts: 286
|
Posted: Tue Sep 08, 2020 9:37 am Post subject: |
|
|
BTW, the reason I use avahi-daemon before was that I want to use "dnscrypt-proxy" and it is recommended to not use systemd-resolved with it. I just learned that "systemd-resolved" can work as a client and rely on the configured DNS, so I tried. _________________ David Shen |
|
Back to top |
|
 |
Ant P. Watchman

Joined: 18 Apr 2009 Posts: 6867
|
Posted: Tue Sep 08, 2020 9:39 am Post subject: |
|
|
Unless dnscrypt-proxy has some built in mdns support, you'll need nsswitch.conf configured as shown in libnss-mdns's readme to resolve .local addresses. |
|
Back to top |
|
 |
davidshen84 Apprentice

Joined: 09 Aug 2008 Posts: 286
|
Posted: Tue Sep 08, 2020 10:26 am Post subject: |
|
|
Ant P. wrote: | Unless dnscrypt-proxy has some built in mdns support, you'll need nsswitch.conf configured as shown in libnss-mdns's readme to resolve .local addresses. |
That's why I had "avahi-daemon" running for mdns. _________________ David Shen |
|
Back to top |
|
 |
Ant P. Watchman

Joined: 18 Apr 2009 Posts: 6867
|
Posted: Tue Sep 08, 2020 2:43 pm Post subject: |
|
|
avahi-daemon does not provide a glibc name resolution plugin of its own. |
|
Back to top |
|
 |
davidshen84 Apprentice

Joined: 09 Aug 2008 Posts: 286
|
Posted: Wed Sep 09, 2020 12:46 am Post subject: |
|
|
OK. Eventually, I want to use dnscrypt-proxy for general DNS and mDNS for my local network. What tools, packages and configurations would you recommend on gentoo? _________________ David Shen |
|
Back to top |
|
 |
|