systemd'oh! DNS lib underscore bug bites everyone's favorite init tool, blanks Netflix A few Penguinistas spent a weekend working out why they can't get through to Netflix from their Linux machines, because when they tried, their DNS lookups failed. The issue emerged July 22, when Gentoo user Dennis Schridde submitted this bug report to the Systemd project. Essentially, he described a failure within systemd- …
While "hijacking" unresolved names is annoying, it can easily be disabled (and the settings sticks "forever", at least for Comcast). Also, since the DNS queries go in clear, your ISP will know them one way or the other. Might as well use them (unless the ISP is do incompetent that it can't provide well performing DNS) instead of sharing all your browsing habits with yet another party.
There are other choices, but who do you trust?
If I were suggesting a non-ISP address for DNS, I would try to identify the server in human terms as well. Even on The Register one should assume one is being read by humans.
I infer the suggested fix doesn't care which server is used. In my case I would be working through my ADSL modem/router which provides NAT and DNS for the LAN. In turn, it can either automatically use the ISP server, or an explicitly set server such as the Google one at 8.8.8.8
DNS is meant to be a distributed system, and your local resolver should be as close as possible.
You also don't want to use a server you can't trust to not intentionally send bogus results.
So, why all these dumb solutions? If you don't want to use a forwarding DNS to your local ISPs server, just roll your own recursive dns. it's virtually configuration free
Stop giving away all your private information to Google for free!
I dont know where to start.
As others have noted. You are getting a dns.
If you dont want to give information to people for free you will have to live in a box. No wait, that wont work , basicly you'll have to kill yourself - and bocome a suicide statistic to be noted down on some govt database. Otherwise everytime you buy a pint of milk you'll be contributing to the secret and evil shopkeepers database of how many people like milk.
Yes, every DNS server you use is able to collect your personal information. Maybe you can't know which ones don't, but you absolutely DO KNOW which company has the most effective data collection and which already has tons of data on you and is always looking for more to correlate on you.
That's why I'd never use Google's DNS. I'd choose to use one from Microsoft, Amazon, maybe even Facebook, before I'd use Google because they have less personal information about me and it is easier to avoid them being able to correlate my DNS lookups with other personal information they collect on me.
Ironic, as I wrote a paper about data retention after deleting accounts at Microsoft, Google, Facebook and Apple.
Google were by far the best, followed by apple, thrn Microsoft, and worst of all, Facebook.
After deleting all those accounts, 7 years later, logging in using a totally anonymous account, Facebook still knows people I might know, based purely on my IPaddress...
I would seriously question who you trust online. The bad guys might be the least evil of the lot of them.... Perhaps the real bad guys are creating noise and getting a free ride.....
I use Google DNS, I use it because from my own research, Google were the ONLY one that did exactly what they claimed they did in their privacy policy, and the only one with a privacy policy written in a clear and concise manner for regular human consumption.
That's why I'd never use Google's DNS. I'd choose to use one from Microsoft, Amazon, maybe even Facebook, before I'd use Google because they have less personal information about me and it is easier to avoid them being able to correlate my DNS lookups with other personal information they collect on me.
If you really believe that, good luck to you!
I don't believe that any of those companies would hesitate for an instant before gathering, correlating, and monetizing every bit of information about you that they can get their hands on -- indeed, they'd be mad not to, considering that the others do it and it's apparently not illegal.
At least Google gives me free stuff that is occasionally useful, and for that I forgive them -- just a little -- for ravaging my privacy. The others can go swing.
"Yes, every DNS server you use is able to collect your personal information."
Not to mention ever "Web Designer" seems to be using a WYSIWYG that adds Google feature into their damned web pages (or their hosting solution is doing it). Load No Script and just see how many Google-y references there are as you browse.
If you dont want to give information to people for free you will have to live in a box.
I am strongly disinclined to offer a lot of correlatable information to a single entity, especially one known to try and monetise that information. Better to spread it around, a tidbit here, a snippet there, a fragment somewhere else again.
Those google IPs are just incredibly useful. When your DNS is broken, you have a bootstrap problem.
Happened to me just on Saturday. I use auto-configure from home, but the (ISP-supplied) router was failing to resolve DNS when it came back up after a power cut. 8.8.8.8 has the virtue of being memorable without having to go online to look it up first!
I searched and discovered that per its authors: "[i]n contrast to the glibc internal resolver systemd-resolved is aware of multi-homed system, and keeps DNS server and caches separate and per-interface". So the justification for a new resolver was machines with multiple active interfaces, that possibly go to different networks.
The justification for bundling that new resolver with the init system? No idea. For distributions switching to it despite it not functioning very well? Clueless.
Why the fuck is the init process being used as a DNS resolver?
Fuck I hate systemd.
Why the fuck do you think it is the init process that is the DNS resolver?
Fuck I hate the fact so many people repeat this nonsense.
Even more than I hate systemd. And that's saying something.
Even if systemd is spawning another of its own processes, it's still systems which is doing the resolving. Just get my system running, and log errors....
Agreed, and that (along with Lee D's comments, especially destroying loose coupling) is one of many reasons I detest systemd.
But the apparently common misconceptions about how systemd works must be avoided else you look just as stupid as many of the systemd evangelists.
The (predictable) downvotes to my previous comment, ironically, illustrate the exact reason for making that comment in the first place.
Because it's not systemd, it's PoetteringOS.
Rather than have a clearly defined system that relies on others, it chooses to just replace everything from login authentication to DNS lookup with broken implementations that can't handle underscores, or usernames that start with a digit (Hey, just "don't do that"!), and then gives away root or stops the DNS resolution entirely when there's a problem because it lacks any kind of designed failure path despite being a system critical service.
You do things the systemd way or not at all, don't you understand? I mean what kind of loser is going to run a critical Red Hat server that can't afford to give away root access or have its DNS resolution stop for no easily-discernible reason? God, anyone would think it was a server OS backed by a major company specialising in selling server OS, certifications on best practices, and commercial services.
This is feature creep of the HIGHEST ORDER, from "I'll fix init dependencies" to "what do you mean you don't want every DNS lookup going through root-owned code via the init processes?"
SystemD evangelists, please just sit down and think for a moment. Put the prejudices and your personal experience aside and just think. Why do you need a "systemd" DNS resolver? You don't. You can have it start up the resolver of choice of the user and use that instead. If it can't manage that, and get the order right so that when it needs to map network drives, etc. the DNS resolver is ready, then what happened to systemd's original purpose?
He's reinventing the wheel, again, badly, to solve a problem that shouldn't exist if his software did what was promised in the first place. "When things are hard to do using existing and mature software, write your own things to replace them, badly, just enough to do what you needed to do and then sod everyone else, Jack". It's the epitome of childish coding, and yet we still tolerate it.
Systemd is not (just) an init system. That was just the story that was told to get their foot in the door during a time of init-system transition.
Once that thin end of the systemd wedge had been inserted into almost every Linux distro, they have been able to hammer in that wedge ever deeper using non-stable interfaces to force close coupling of otherwise unrelated services.
I think everyone is completely misunderstanding how useful systemd is.
Everyone who doesn't want to look to the past, and who believe in following leaders with strong personalities and innovative legacy-discarding ideas, can all band together and sail off to create a new future.
Leaving everyone who actually gives a sh*t about good engineering in peace, while their ship catches fire, runs aground, and establishes some kind of Lord of the Flies cannibal tribe.
Put systemd in your interview questions for new hires, and leave the true-believers free to go innovate someone else into the ground.
In very simple environments, it works fairly well.
But it sucks when you need to add a new service...
People
* keep having to add sleep times before they start...
* keep trying to get the service started
* resort to even using cron to start them via @boot
* still lose log data
* still have to put up with boot/shutdown hanging... sometimes
But in a simple environment... it isn't too bad. Last time I checked though, Slackware still booted faster.
I believe anyway. I have been a debian user since 2.0 hamm back in 98 and am strongly considering moving to the deuvian. I have had about 10 minutes exposure to systemd on a recent debian release (installed maybe 4 months ago whatever the version was at the time I am not at the system ), and wasn't impressed (at the end of the day it comes down for me it wasn't broken so don't fix it).
My main "home" servers(hosted at a colo) are debian 7 still, so no systemd, my laptops are linux mint 17(MATE) which has no systemd. My work linux boxes all 1000 of em also lack systemd for the moment anyway.
I can certainly see some use cases for a systemd approach on desktops and laptops hot plugging and shit. But the negatives outweigh the positives as someone who has run linux on my desktops and laptops since 1997.
I don't mind giving people choice but it seems the choices are rapidly dwindling, which is quite sad.
some folks have fled to BSD. I like the BSD kernels but have never liked the userland stuff(openbsd is still my home firewall of choice).
I have been able to just ignore systemd for a long time but that time is running out.
Same goes for some shit about replacing ifconfig?? Been reading about that recently, again have yet to run into it, another case of it was working fine for me for the past 21 years don't see a need to change it.
Other than driver updates with newer hardware linux on my systems has been "good enough" for a decade already.
Maybe I am too old. Or perhaps a case of the hipster agile devops shit going too far.
Or maybe a bit of both.
I'm in the process of updating my personal server with Debian 9 and I'm all like what the fuck is this fuckwittery.
No mysql without pissing about, no eth0 now it uses another name.
Can't restart networking without pissing about.
Fuckwits the lot of them.
@AC
The change to the names of network interfaces isn't a Poetteringerism but something from Dell. They sorta have a point. OS names like eth0, eth1 don't give any clue as to which physical connector they relate to. So Dell came up with a naming scheme that would let some guy in a data centre receive a call saying that enp0s3 looks like it's become unplugged and [s]he knows which physical connector to give a tug.
Dunno about your distro, but on CentOS/RHEL it is possible to set flags (yes, several places because Poetteringerisms abound) that revert to the old naming scheme.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
