Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ping *.local gives me System Error
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
davidshen84
Apprentice
Apprentice


Joined: 09 Aug 2008
Posts: 286

PostPosted: Mon Sep 07, 2020 12:41 pm    Post subject: ping *.local gives me System Error Reply with quote

Hi,

I have systemd-resolved disabled, emerged avahi-daemon and configured /etc/nsswitch.conf. I was able to ping the hosts in my LAN such as gentoo.local. But today, when I try to ping any ".local" host, I got "System Error"

If I ping a wrong name, such as "gentoo.local2", I got name not resolved. So I think the name resolution is working, but ping is failing. However, I can ping google.com and host in LAN using IP.

The only thing I can think of is that I enabled a bunch of conn_track related kernel configuration and emerged "minikube" package.

There's no error log anywhere.
_________________
David Shen
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 2415
Location: Frankfurt, Germany

PostPosted: Mon Sep 07, 2020 4:27 pm    Post subject: Reply with quote

Reset /etc/nsswitch.conf to its original contents and retry. Does ping work now?
Back to top
View user's profile Send private message
davidshen84
Apprentice
Apprentice


Joined: 09 Aug 2008
Posts: 286

PostPosted: Mon Sep 07, 2020 11:01 pm    Post subject: Reply with quote

mike155 wrote:
Reset /etc/nsswitch.conf to its original contents and retry. Does ping work now?


I did, I even re-compiled glibc and restart the computer.

One interesting thing is that on boot the avahi-daemon log shows everything is fine. But if I restart the service I got a warning "WARNING: Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended.". I have disabled systemd-resolved on my system and I have checked that the service is not running. I just could not figure out what other services could cause this conflict.
_________________
David Shen
Back to top
View user's profile Send private message
alamahant
Guru
Guru


Joined: 23 Mar 2019
Posts: 550

PostPosted: Mon Sep 07, 2020 11:45 pm    Post subject: Reply with quote

Maybe you disabled systemd-resolved but maybe it somehow started...
Systemd is very paternalistic about things like that.
It knows best.
Code:

systemctl status systemd-resolved #####and also to be sure
systemctl mask systemd-resolved
systemd-resolve --flush-caches

Do you have dnsmasq?
Also check
Code:

man resolved.conf

From the above
Quote:

MulticastDNS=
Takes a boolean argument or "resolve". Controls Multicast DNS support (RFC 6762[2]) on the local host.
If true, enables full Multicast DNS responder and resolver support. If false, disables both. If set to
"resolve", only resolution support is enabled, but responding is disabled. Note that systemd-
networkd.service(8) also maintains per-link Multicast DNS settings. Multicast DNS will be enabled on a
link only if the per-link and the global setting is on.



Are you using systemd-networkd for network?
Maybe if you switched to NM?
Do you really feel enthusiastic about avahi?
Would you be averse to using maybe bind instead?
Back to top
View user's profile Send private message
davidshen84
Apprentice
Apprentice


Joined: 09 Aug 2008
Posts: 286

PostPosted: Tue Sep 08, 2020 8:48 am    Post subject: Reply with quote

I disabled and stopped my "avahi-daemon" and configured "systemd-resolved". After playing for a while and checking the log, I don't know why my system can connect to Internet now...

I have dnscrypt-proxy running on my host and it reports working. But "resolvectl status" shows my DNS does not support DNSSEC.

Code:

Global
       LLMNR setting: yes                 
MulticastDNS setting: yes                 
  DNSOverTLS setting: no                 
      DNSSEC setting: allow-downgrade     
    DNSSEC supported: no                 
  Current DNS Server: 127.0.0.1           
         DNS Servers: 127.0.0.1           
                      ::1                 
Fallback DNS Servers: 1.1.1.1             
                      8.8.8.8             
                      1.0.0.1             
                      8.8.4.4             
                      2606:4700:4700::1111
                      2001:4860:4860::8888
                      2606:4700:4700::1001
                      2001:4860:4860::8844
          DNS Domain: ~.                 
          DNSSEC NTA: 10.in-addr.arpa     
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp               
                      d.f.ip6.arpa       
                      home               
                      internal           
                      intranet           
                      lan                 
                      local               
                      private             
                      test               


Code:
resolvectl query openwrt.lan                                                                                     
openwrt.lan: 192.168.86.13                     -- link: wlan0

-- Information acquired via protocol DNS in 7.9ms.
-- Data is authenticated: no


Code:
ping openwrt.lan                                                                                                 
ping: openwrt.lan: Name or service not known


Code:
resolvectl query openwrt.local                                                                                   
openwrt.local: resolve call failed: 'openwrt.local' does not have any RR of the requested type


Code:
ping openwrt.local                                                                                               
ping: openwrt.local: System error

_________________
David Shen
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6714

PostPosted: Tue Sep 08, 2020 9:17 am    Post subject: Reply with quote

Which version of nss-mdns do you have?
Back to top
View user's profile Send private message
davidshen84
Apprentice
Apprentice


Joined: 09 Aug 2008
Posts: 286

PostPosted: Tue Sep 08, 2020 9:35 am    Post subject: Reply with quote

Ant P. wrote:
Which version of nss-mdns do you have?


0.14.1
_________________
David Shen
Back to top
View user's profile Send private message
davidshen84
Apprentice
Apprentice


Joined: 09 Aug 2008
Posts: 286

PostPosted: Tue Sep 08, 2020 9:37 am    Post subject: Reply with quote

BTW, the reason I use avahi-daemon before was that I want to use "dnscrypt-proxy" and it is recommended to not use systemd-resolved with it. I just learned that "systemd-resolved" can work as a client and rely on the configured DNS, so I tried.
_________________
David Shen
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6714

PostPosted: Tue Sep 08, 2020 9:39 am    Post subject: Reply with quote

Unless dnscrypt-proxy has some built in mdns support, you'll need nsswitch.conf configured as shown in libnss-mdns's readme to resolve .local addresses.
Back to top
View user's profile Send private message
davidshen84
Apprentice
Apprentice


Joined: 09 Aug 2008
Posts: 286

PostPosted: Tue Sep 08, 2020 10:26 am    Post subject: Reply with quote

Ant P. wrote:
Unless dnscrypt-proxy has some built in mdns support, you'll need nsswitch.conf configured as shown in libnss-mdns's readme to resolve .local addresses.


That's why I had "avahi-daemon" running for mdns.
_________________
David Shen
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6714

PostPosted: Tue Sep 08, 2020 2:43 pm    Post subject: Reply with quote

avahi-daemon does not provide a glibc name resolution plugin of its own.
Back to top
View user's profile Send private message
davidshen84
Apprentice
Apprentice


Joined: 09 Aug 2008
Posts: 286

PostPosted: Wed Sep 09, 2020 12:46 am    Post subject: Reply with quote

OK. Eventually, I want to use dnscrypt-proxy for general DNS and mDNS for my local network. What tools, packages and configurations would you recommend on gentoo?
_________________
David Shen
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum