systemd-networkd does not pick up dns-search from DHCP

Bug #1703882 reported by Stefan Bader on 2017-07-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Undecided
Unassigned

Bug Description

When using networkd as renderer for netplan the nameserver gets set via DHCP but the search list is not picked up. This did work with ifupdown:

ubuntu@bar-zesty6401:~$ cat /etc/network/interfaces
...
# The primary network interface
auto eth0
iface eth0 inet dhcp

ubuntu@bar-zesty6401:~$ cat /etc/resolv.conf
...
nameserver 192.168.2.1
nameserver 127.0.0.53
search smbhome.net

ubuntu@bar-artful6401:~$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: yes

ubuntu@bar-artful6401:~$ networkctl status eth0
● 2: eth0
       Link File: /lib/systemd/network/99-default.link
    Network File: /run/systemd/network/10-netplan-eth0.network
            Type: ether
           State: routable (configured)
            Path: xen-vif-0
          Driver: vif
      HW Address: 00:16:3e:71:31:57 (Xensource, Inc.)
         Address: 192.168.2.159
                  fe80::216:3eff:fe71:3157
         Gateway: 192.168.2.1 (PC Engines GmbH)
             DNS: 192.168.2.1

Dimitri John Ledkov (xnox) wrote :

Correct this is an identified regression in systemd, we will be switching the default to trust search domains by default.

tags: added: artful
tags: added: regression-release
removed: artful
Dimitri John Ledkov (xnox) wrote :

This should be fixed with the upcoming upload:

systemd (234-1ubuntu2) artful; urgency=medium

  * Set UseDomains to true, by default, on Ubuntu.
    On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries
    to a preset 3rd party by default. In resolved, dnssec is also disabled by
    default, as too much of the internet is broken and using Ubuntu users to debug
    the internet is not very productive - most of the time the end-user cannot fix
    or know how to notify the site owners about the dnssec mistakes. Inherintally
    the DHCP acquired DNS servers are therefore trusted, and are free to spoof
    records. Not trusting DNS search domains, in such scenario, provides limited
    security or privacy benefits. From user point of view, this also appears to be
    a regression from previous Ubuntu releases which do trust DHCP acquired search
    domains by default.
    Therefore we are enabling UseDomains by default on Ubuntu.
    Users may override this setting in the .network files by specifying
    [DHCP|IPv6AcceptRA] UseDomains=no|route options.
  * resolved: create private stub resolve file for integration with resolvconf.
    The stub-resolve.conf file points at resolved stub resolver, but also lists the
    available search domains. This is required to correctly resolve domains without
    using resolve nss module.
  * Enable systemd-resolved by default
  * Create /etc/resolv.conf at postinst, pointing at the stub resolver.
    The stub resolver file is dynamically managed by systemd-resolved. It points at
    the stub resolver as the nameserver, however it also dynamically updates the
    search stanza, thus non-nss dns tools work correctly with unqualified names and
    correctly use the DHCP acquired search domains.
  * libnss-resolve: do not disable and stop systemd-resolved
    resolved is always used by default on ubuntu via stub resolver, therefore it
    should continue to operate without libnss-resolve module installed.

 -- Dimitri John Ledkov <email address hidden> Fri, 21 Jul 2017 17:07:17 +0100

Changed in systemd (Ubuntu):
status: New → Fix Committed
Changed in systemd (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers