View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0017626CentOS-8systemdpublic2020-07-28 22:462020-07-28 22:56
Reportervodolaz095 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version8.2.2004 
Target VersionFixed in Version 
Summary0017626: Systemd-resolved do not works with MDNS
DescriptionI have local network with few Fedora 31 laptops and Centos8 server. I'm using systemd-resolved on any of this machines.

When i try to resolve active local hostnames by resolvectl, it works for fedora 31

```
[vodolaz095@steel ansible]$ resolvectl query holod.local
holod.local: 192.168.1.3 -- link: wlp1s0

-- Information acquired via protocol mDNS/IPv4 in 177.9ms.
-- Data is authenticated: no
```

but not works on centos 8
```
[root@holod vodolaz095]# resolvectl query steel.local
steel.local: resolve call failed: 'steel.local' not found
```


I provided `/etc/nsswitch.conf`, `/etc/systemd/resolved.conf` and `resolvectl status` in additional in additional information.
Config on all machines are identical, but mdns not works for centos, and works for Fedora 31.
Imho configuration i provided in additional information seems sane, and i have no idea why it doesn't works.
I'll be very grateful for help.



I have feeling systemd-resolved is broken for mDNS in systemd of version 239 provided with Centos8, and its fixed in systemd of version 241 provided with Fedora 31.
Steps To Reproduceedit `/etc/nsswitch.conf`, `/etc/systemd/resolved.conf` as provided in additional information.
Make `/etc/resolve.conf` symlink to `/run/systemd/resolve/stub-resolv.conf`

```
# systemctl enable --now systemd-resolved
# systemctl disable --now avahi-daemon.service
# systemctl disable --now avahi-daemon.socket
# resolvectl mdns enp3s0 yes
# systemctl restart systemd-resolved
# resolvectl query something.local
```

Additional InformationOn Centos8.

```
[root@holod vodolaz095]# systemctl --version
systemd 239
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy
```


On Fedora 31
```
systemd 243 (v243.8-1.fc31)
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified
```


Its worth notice, that `/etc/resolve.conf` is symlink to `/run/systemd/resolve/stub-resolv.conf` on all machines.



Avahi is disabled on all machines.

Network is controlled by network manager. All interfaces has mdns enabled.

```
[vodolaz095@holod ~]$ cat /etc/sysconfig/network-scripts/ifcfg-enp3s0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp3s0
UUID=5ed1973d-5613-4f75-a791-877b2969b448
DEVICE=enp3s0
ONBOOT=yes
ZONE=home
MDNS=yes
```

On both fedora and centos machines

```
[vodolaz095@steel ansible]$ cat /etc/systemd/resolved.conf
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
DNS=192.168.1.3 10.0.0.2 10.0.0.3
#FallbackDNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
#Domains=
LLMNR=yes
MulticastDNS=yes
DNSSEC=no
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
```

Command `resolvectl status` gives this output for Fedora machine

```
[vodolaz095@steel ansible]$ cat /tmp/resolvectl
Global
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 192.168.1.3
         DNS Servers: 192.168.1.3
                      10.0.0.2
                      10.0.0.3
Fallback DNS Servers: 1.1.1.1
                      8.8.8.8
                      1.0.0.1
                      8.8.4.4
                      2606:4700:4700::1111
                      2001:4860:4860::8888
                      2606:4700:4700::1001
                      2001:4860:4860::8844
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 27 (vethe6d98c5)
      Current Scopes: LLMNR/IPv6
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 15 (veth3a5a1eb)
      Current Scopes: LLMNR/IPv6
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 6 (docker_gwbridge)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 5 (docker0)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 4 (virbr0-nic)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 3 (virbr0)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 2 (wlp1s0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 192.168.1.3
         DNS Servers: 192.168.1.3
                      192.168.1.1
          DNS Domain: ~.
```


Command `resolvectl status` gives this output for Centos machine


```
Global
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 10.0.0.2
         DNS Servers: 192.168.1.3
                      10.0.0.2
                      10.0.0.3
          DNS Domain: ~.
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 72 (veth0c565fe)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 64 (veth9d9ad3f)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 60 (vethd005098)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 54 (vethf29aec4)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 43 (veth0eb93fc)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 39 (veth7e95100)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 33 (veth1bac4a5)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 31 (veth44e985b)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 25 (veth5d0b068)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 12 (vethc820800)
      Current Scopes: LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 6 (docker_gwbridge)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 5 (docker0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 4 (tun0)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 3 (enp3s0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 192.168.1.3
         DNS Servers: 192.168.1.3
                      192.168.1.1
          DNS Domain: ~.

Link 2 (enp4s0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
```

Its worth notice that avahi-daemon is disabled on all machines



`/etc/nsswitch.conf` has this string for hosts on both machines (Fedora 31/ Centos 8)

```
hosts: files resolve dns
```


Tagsavahi, hostname, mdns, systemd, systemd-resolved

Activities

vodolaz095

vodolaz095

2020-07-28 22:55

reporter   ~0037437

This is what `journalctl -u systemd-resolved -e` says on centos8 machine when i try to `resolvectl query steel.local` where `steel.local` is fedora 31 laptop working on same network

```
Jul 29 01:53:30 holod systemd-resolved[27136]: Processing query...
Jul 29 01:53:35 holod systemd-resolved[27136]: Got message type=method_call sender=:1.223 destination=org.freedesktop.resolve1 path=/org/freedesktop/resolve1 interface=org.>
Jul 29 01:53:35 holod systemd-resolved[27136]: idn2_lookup_u8: steel.local → steel.local
Jul 29 01:53:35 holod systemd-resolved[27136]: Looking up RR for steel.local IN A.
Jul 29 01:53:35 holod systemd-resolved[27136]: Looking up RR for steel.local IN AAAA.
Jul 29 01:53:35 holod systemd-resolved[27136]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedeskto>
Jul 29 01:53:35 holod systemd-resolved[27136]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedeskto>
Jul 29 01:53:35 holod systemd-resolved[27136]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.219 path=n/a interface=n/a member=n/a cookie=11 rep>
Jul 29 01:53:35 holod systemd-resolved[27136]: NXDOMAIN cache hit for steel.local IN A
Jul 29 01:53:35 holod systemd-resolved[27136]: Transaction 5722 for <steel.local IN A> on scope dns on */* now complete with <rcode-failure> from cache (unsigned).
Jul 29 01:53:35 holod systemd-resolved[27136]: NXDOMAIN cache hit for steel.local IN A
Jul 29 01:53:35 holod systemd-resolved[27136]: Transaction 16251 for <steel.local IN A> on scope dns on enp3s0/* now complete with <rcode-failure> from cache (unsigned).
Jul 29 01:53:35 holod systemd-resolved[27136]: Freeing transaction 5722.
Jul 29 01:53:35 holod systemd-resolved[27136]: Freeing transaction 16251.
Jul 29 01:53:35 holod systemd-resolved[27136]: Sent message type=error sender=n/a destination=:1.223 path=n/a interface=n/a member=n/a cookie=30 reply_cookie=2 signature=s >
Jul 29 01:53:35 holod systemd-resolved[27136]: Sent message type=method_call sender=n/a destination=org.freedesktop.DBus path=/org/freedesktop/DBus interface=org.freedeskto>
Jul 29 01:53:35 holod systemd-resolved[27136]: Got message type=method_return sender=org.freedesktop.DBus destination=:1.219 path=n/a interface=n/a member=n/a cookie=10 rep>
```
vodolaz095

vodolaz095

2020-07-28 22:56

reporter   ~0037438

Firewalld is tunned to allow `mdns` in home zone. and all active connections are in home zone for all machines

```
[root@holod vodolaz095]# firewall-cmd --list-services --zone=home
amqp amqps dhcpv6-client dns docker-swarm http https imap imaps lmtp mdns nfs openvpn samba-client smtp smtp-submission ssh syncthing syncthing-gui
```

Issue History

Date Modified Username Field Change
2020-07-28 22:46 vodolaz095 New Issue
2020-07-28 22:46 vodolaz095 Tag Attached: systemd-resolved
2020-07-28 22:46 vodolaz095 Tag Attached: avahi
2020-07-28 22:46 vodolaz095 Tag Attached: mdns
2020-07-28 22:50 vodolaz095 Tag Attached: hostname
2020-07-28 22:53 vodolaz095 Tag Attached: systemd
2020-07-28 22:55 vodolaz095 Note Added: 0037437
2020-07-28 22:56 vodolaz095 Note Added: 0037438