Skip to content

Instantly share code, notes, and snippets.

@mtilson

mtilson/README.md

Last active July 5, 2022 07:37
Show Gist options
  • Save mtilson/575f38ed4b9d4f21ed44cb09c5869179 to your computer and use it in GitHub Desktop.
Save mtilson/575f38ed4b9d4f21ed44cb09c5869179 to your computer and use it in GitHub Desktop.
Download ZIP
how to setup static DNS servers in DHCP environment [ubuntu 18.04] [bash] [systemd] [systemd-networkd] [systemd-resolved]
Raw
README.md

How to setup static DNS servers in DHCP environment for Ubuntu 18.04

Enable systemd-networkd debugging

$ sudo mkdir -p /etc/systemd/system/systemd-networkd.service.d/

$ sudo cat > /etc/systemd/system/systemd-networkd.service.d/05-enable-debugging.conf << _EOF
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
_EOF
$ sudo systemctl daemon-reload
$ sudo systemctl restart systemd-networkd

Use journalctl to look through logs

$ journalctl -b -u systemd-networkd
...

Look at the current systemd-networkd configuration

$ ls -1 /etc/netplan/
50-cloud-init.yaml

$ cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        eth0:
            dhcp4: true
            dhcp6: false
            match:
                macaddress: 02:8c:6e:21:a0:88
            set-name: eth0
    version: 2
$ journalctl -b -u systemd-networkd
...

Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: Ignoring /run/systemd/network/10-netplan-eth0.network, because it's not a regular file with suffix .netdev.
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: Ignoring /run/systemd/network/10-netplan-eth0.link, because it's not a regular file with suffix .netdev.
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: Ignoring /lib/systemd/network/80-container-vz.network, because it's not a regular file with suffix .netdev.
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: Ignoring /lib/systemd/network/80-container-host0.network, because it's not a regular file with suffix .netdev.
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: Ignoring /lib/systemd/network/80-container-ve.network, because it's not a regular file with suffix .netdev.
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: Ignoring /lib/systemd/network/99-default.link, because it's not a regular file with suffix .netdev.
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: Ignoring /run/systemd/network/10-netplan-eth0.link, because it's not a regular file with suffix .network.
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: Ignoring /lib/systemd/network/99-default.link, because it's not a regular file with suffix .network.

...

Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: eth0: Link state is up-to-date
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: eth0: found matching network '/run/systemd/network/10-netplan-eth0.network'
Jul 05 06:14:21 ip-172-31-27-173 systemd-networkd[23077]: eth0: IPv6 successfully enabled

...
$ ls -1 /run/systemd/network
10-netplan-eth0.link
10-netplan-eth0.network

$ ls -1 /lib/systemd/network
80-container-host0.network
80-container-ve.network
80-container-vz.network
99-default.link
$ cat /run/systemd/network/10-netplan-eth0.link
[Match]
MACAddress=02:8c:6e:21:a0:88

[Link]
Name=eth0
WakeOnLan=off
$ cat /run/systemd/network/10-netplan-eth0.network
[Match]
MACAddress=02:8c:6e:21:a0:88
Name=eth0

[Network]
DHCP=ipv4
LinkLocalAddressing=ipv6

[DHCP]
RouteMetric=100
UseMTU=true
$ systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 3 (docker0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 2 (eth0)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 172.31.0.2
          DNS Domain: eu-central-1.compute.internal

Disable DNS servers from DHCP

  • All configuration files in /lib/systemd/network, /run/systemd/network, /etc/systemd/network are collectively sorted and processed in lexical order, regardless of the directories in which they live
  • We need to create .network file for eth0 in /etc/systemd/network with the name of lexical order priority
$ ls -1 /etc/systemd/network

$ sudo cat > /etc/systemd/network/09-static-dns-eth0.network << _EOF
[Match]
MACAddress=02:8c:6e:21:a0:88
Name=eth0

[Network]
DHCP=ipv4
LinkLocalAddressing=ipv6

[DHCP]
UseDNS=false
RouteMetric=100
UseMTU=true
_EOF
$ diff /run/systemd/network/10-netplan-eth0.network /etc/systemd/network/09-static-dns-eth0.network
9a10
> UseDNS=false

Look at the changed systemd-networkd configuration

$ sudo systemctl daemon-reload
$ sudo systemctl restart systemd-networkd
$ journalctl -b -u systemd-networkd
...

Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /etc/systemd/network/09-static-dns-eth0.network, because it's not a regular file with suffix .netdev.
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /run/systemd/network/10-netplan-eth0.network, because it's not a regular file with suffix .netdev.
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /run/systemd/network/10-netplan-eth0.link, because it's not a regular file with suffix .netdev.
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /lib/systemd/network/80-container-vz.network, because it's not a regular file with suffix .netdev.
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /lib/systemd/network/80-container-host0.network, because it's not a regular file with suffix .netdev.
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /lib/systemd/network/80-container-ve.network, because it's not a regular file with suffix .netdev.
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /lib/systemd/network/99-default.link, because it's not a regular file with suffix .netdev.
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /run/systemd/network/10-netplan-eth0.link, because it's not a regular file with suffix .network.
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: Ignoring /lib/systemd/network/99-default.link, because it's not a regular file with suffix .network.

...

Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: eth0: Link state is up-to-date
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: eth0: found matching network '/etc/systemd/network/09-static-dns-eth0.network'
Jul 05 06:46:23 ip-172-31-27-173 systemd-networkd[23391]: eth0: IPv6 successfully enabled

...
$ systemd-resolve --status
Global
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 3 (docker0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 2 (eth0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
          DNS Domain: eu-central-1.compute.internal

Look at the current systemd-resolved configuration

$ cat /etc/systemd/resolved.conf
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#Cache=yes
#DNSStubListener=yes
$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0
search eu-central-1.compute.internal
$ dig google.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54167
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com.			IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jul 05 07:06:34 UTC 2022
;; MSG SIZE  rcvd: 39

Enable static DNS servers

$ cat > /etc/systemd/resolved.conf << _EOF
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
DNS=8.8.8.8 1.1.1.1
#FallbackDNS=
#Domains=
#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#Cache=yes
#DNSStubListener=yes
_EOF

Look at the changed systemd-resolved configuration

$ sudo systemctl daemon-reload
$ sudo systemctl restart systemd-resolved # !!! HERE is systemd-resolved ... NOT systemd-networkd
$ systemd-resolve --status
Global
         DNS Servers: 8.8.8.8
                      1.1.1.1
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 3 (docker0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 2 (eth0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
          DNS Domain: eu-central-1.compute.internal
$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "systemd-resolve --status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0
search eu-central-1.compute.internal
$ dig google.com

; <<>> DiG 9.11.3-1ubuntu1.17-Ubuntu <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26977
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		7	IN	A	216.58.212.142

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Tue Jul 05 07:16:12 UTC 2022
;; MSG SIZE  rcvd: 55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment