DNS (systemd-resolved) not working on Arch Linux ARM
I'm trying to troubleshoot this DNS I have on a small old Odroid C1 board.
I have set up a static IP, but cannot get DNS to work. The image comes with systemd-resolved by default. I have notes that said to set a static IP, then disable systemd-resolved, and after a reboot the DNS would work, but that didn't work. I've looked into systemd-resolved a little bit, and have configured the DNS servers manually, which is required when using a static address.
[root@alarm alarm]# resolvectl status
Global
LLMNR setting: yes
MulticastDNS setting: yes
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 1.1.1.1
DNS Servers: 192.168.10.254
1.1.1.1
Fallback DNS Servers: 1.1.1.1
9.9.9.10
8.8.8.8
2606:4700:4700::1111
2620:fe::10
2001:4860:4860::8888
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
d.f.ip6.arpa
home
internal
intranet
lan
local
private
test
Link 2 (eth0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
Current DNS Server: 1.1.1.1
DNS Servers: 192.168.10.254
1.1.1.1
[root@alarm alarm]# ping google.com
ping: google.com: Name or service not known
[root@alarm alarm]# ping tweakers.net
ping: tweakers.net: Name or service not known
[root@alarm alarm]# ping 192.168.10.254
PING 192.168.10.254 (192.168.10.254) 56(84) bytes of data.
64 bytes from 192.168.10.254: icmp_seq=1 ttl=64 time=0.329 ms
64 bytes from 192.168.10.254: icmp_seq=2 ttl=64 time=0.243 ms
^C
--- 192.168.10.254 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.243/0.286/0.329/0.043 ms
[root@alarm alarm]# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=22.3 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=58 time=14.3 ms
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 14.258/18.280/22.302/4.022 ms
Alternatives to systemd-resolved welcome, just need it to work.
edit:
The solution was to add DNSSEC=no in /etc/systemd/resolved.conf. I learned this by running journalctl -u systemd-resolved -f, which said DNSSEC validation failed for question google.com IN A: failed-auxiliary.
If you try to resolve a name via resolvectl it'll probably work, pointing to /etc/resolv.conf potentially being wrong or overwritten. With systemd-resolved, it should be a symlink to run/systemd/resolve/stub-resolv.conf. Otherwise things won't be talking to resolved in the first place.
I would also check your /etc/nsswitch.conf to make sure DNS is enabled at all and not only checking /etc/hosts.