====== systemd-resolved ======
Paket:
* ''systemd-resolved''
Dienst starten:
systemctl enable --now systemd-resolved.service
Testen:
resolvectl query www.linuxhotel.de
===== nss konfigurieren =====
…
hosts: files … resolve [!UNAVAIL=return] … myhostname
…
Testen:
getent ahosts www.linuxhotel.de
===== /etc/resolv.conf =====
readlink /etc/resolv.conf
-> ''../run/systemd/resolve/stub-resolv.conf''
grep nameserver /etc/resolv.conf
-> ''nameserver 127.0.0.53''
Testen:
host www.linuxhotel.de
dig www.linuxhotel.de
===== Link-Spezifische Namensauflösung konfigurieren =====
von Hand:
resolvectl dns br0 192.168.236.11
resolvectl domain br0 z36.internal
automatisch: z.B. per DHCP
Einstellungen ansehen:
resolvectl status br0
Testen:
resolvectl query vm1
getent hosts vm1
===== DNSSEC =====
DNSSEC aktivieren, um z.B. SSHFP zu ermöglichen:
grep options /etc/resolv.conf
-> ''options edns0 trust-ad''
mkdir /etc/systemd/resolved.conf.d
[Resolve]
DNSSEC=allow-downgrade
systemctl kill --signal=HUP systemd-resolved.service
Testen:
resolvectl status
-> ''DNSSEC=allow-downgrade/supported''
dig NS de
-> ''flags: … ad''