-
-
Notifications
You must be signed in to change notification settings - Fork 482
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unstable systemd-resolved with multiple DNS servers #1040
Comments
Im not sure where @gustavo-iniguez-goya is but ill try to help. From what I can tell its trying to resolve your main DNS server then using 1.1.1.1 when it fails or there could be malware logging your DNS requests to that localhost IP Either way this isnt a opensnitch problem And for securitys sake, please configure your router properly and use wireshark to insure your traffic isnt being leaked |
Looks to me like you are blocking some connections that PS: Why do you have both a LAN and external DNS? (If they supply conflicting answers you will have other problems also later.)
TIP: You can try https://gitlab.com/TriMoon/dnsdig to check your DNS responses... |
Hi all,
I had never seen this error before, but reviewing the logs I've realized that I have some. I usually allow systemd-resolved connect to a port, how did you create the rule for systemd-resolved? Do you also see any delay or error with nslookup or dig? They will query directly to the DNS servers without using systemd-resolved. |
Describe the bug
I realized that my DNS was unstable from my machine for a while when I was connected to my home network where my router advertised multiple DNS servers. I found out that my current DNS server was constantly switching due to the systemd-resolved rules defined in OpenSnitch.
Include the following information:
1.6.3-1
Arch Linux
KDE
Linux personal 6.4.12-arch1-1 #1 SMP PREEMPT_DYNAMIC Thu, 24 Aug 2023 00:38:14 +0000 x86_64 GNU/Linux
To Reproduce
First, I enabled the debug logs of systemd-resolved,
ends up in the
override.conf
viasudo systemctl edit systemd-resolved
.I observed that the DNS resolver was timing out, then it was forever switching to the alternative in the circular buffer. After I saw the host
detectportal.firefox.com
in the logs, I realized that OpenSnitch causes it.Screenshots
Additional context
Solutions I've found to remediate:
Disable OpenSnitch (duh!!!)
Disable any rules touching systemd-resolved (duh!!)
In the systemd-resolved, hard-code the current the DNS server (duh!)
I'm not sure if this can be considered a bug in the end, because that's how systemd-resolved works(?); however, it caused some trouble to me so I'd be happy if there's a better way to fix it.
The text was updated successfully, but these errors were encountered: