Systemd-resolver to mDNS multiple records

Hello

I am not sure if what I am trying to do is legit, probably not since I can’t figure it out.

I would like to advertise two routes from a server running two services via nginx. I wrote those entries in the /etc/hosts file:

127.0.0.1 homeassistant
127.0.0.1 3dprinter

Then I configured NixOS as follow:

  systemd.network.networks.wlan0.networkConfig.MulticastDNS = true;
  services.resolved = {
    extraConfig = ''
      MulticastDNS=true
    '';
    domains = [
      "local"
    ];
    enable = true;
  };


  networking.firewall.allowedTCPPorts = [ 80 7125 5353 ];

This is the out from resolvectl

resolvectl status
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
    resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google
          DNS Domain: local

Link 2 (eth0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported

Link 3 (eth1)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported

Link 4 (eth2)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported

Link 5 (eth3)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported

Link 6 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
Current DNS Server: fe80::8216:5ff:feba:6bb2
       DNS Servers: fe80::8216:5ff:feba:6bb2
        DNS Domain: station

Link 7 (docker0)
    Current Scopes: none
         Protocols: -DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported

When I ping from anther machine the hostname of this server it resolve correctly but when I try to resolve 3dprinter.local or 3dprinter I get an error:

ping 3dprinter.local
ping: 3dprinter.local: System error

I tried to add .local in the /etc/host but I get the same error

Logs from systemd-resolver:

Oct 24 19:01:21 lab systemd[1]: Starting Network Name Resolution...
Oct 24 19:01:21 lab systemd-resolved[110382]: Positive Trust Anchors:
Oct 24 19:01:21 lab systemd-resolved[110382]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Oct 24 19:01:21 lab systemd-resolved[110382]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.>
Oct 24 19:01:22 lab systemd-resolved[110382]: Using system hostname 'lab'.
Oct 24 19:01:22 lab systemd-resolved[110382]: mDNS-IPv4: There appears to be another mDNS responder running, or previously systemd-resolved crashed with some outstanding transfers.
Oct 24 19:01:22 lab systemd-resolved[110382]: mDNS-IPv6: There appears to be another mDNS responder running, or previously systemd-resolved crashed with some outstanding transfers.
Oct 24 19:01:22 lab systemd[1]: Started Network Name Resolution.

There appears to be another mDNS responder running, or previously systemd-resolved crashed with some outstanding transfers.

Make sure avahi is disabled when resolved is enabled.

Hello! Thank for your suggestion. I checked avhai and it is not running unfortunately.

$ ps aux | grep avhai
root      115359  0.0  0.0   6476  2448 pts/1    S+   23:59   0:00 grep avhai

I am not sure about what is running that triggers such warning but I rebooted and it disapperead:

-- Boot cf23c83a322f4c5a960c9578baf491ae --
Oct 25 00:03:26 lab systemd[1]: Starting Network Name Resolution...
Oct 25 00:03:27 lab systemd-resolved[704]: Positive Trust Anchors:
Oct 25 00:03:27 lab systemd-resolved[704]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Oct 25 00:03:27 lab systemd-resolved[704]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.i>
Oct 25 00:03:27 lab systemd-resolved[704]: Using system hostname 'lab'.
Oct 25 00:03:27 lab systemd[1]: Started Network Name Resolution.
Oct 25 00:03:34 lab systemd-resolved[704]: wlan0: Bus client set DNS server list to: fe80::8216:5ff:feba:6bb2
Oct 25 00:03:34 lab systemd-resolved[704]: wlan0: Bus client set search domain list to: station
Oct 25 00:03:42 lab systemd-resolved[704]: wlan0: Bus client set DNS server list to: 192.168.1.1
Oct 25 00:03:48 lab systemd-resolved[704]: Using degraded feature set UDP+EDNS0 instead of UDP+EDNS0+DO for DNS server 192.168.1.1.
Oct 25 00:03:48 lab systemd-resolved[704]: [🡕] Server 192.168.1.1 does not support DNSSEC, downgrading to non-DNSSEC mode.

I noticed that when restarting the systemd-resolver during a new deploy the log comes back:

Oct 25 00:09:11 lab systemd-resolved[1650]: Using system hostname 'lab'.
Oct 25 00:09:11 lab systemd-resolved[1650]: mDNS-IPv4: There appears to be another mDNS responder running, or previously systemd-resolved cra>
Oct 25 00:09:11 lab systemd-resolved[1650]: mDNS-IPv6: There appears to be another mDNS responder running, or previously systemd-resolved cra>
Oct 25 00:09:11 lab systemd[1]: Started Network Name Resolution.

I think I am probably doing a silly mistake. The laptop I am using as source the ping command does not run a resolver. Should it run sytemd-resolver as well? (I tried quickly but it does not work)

Trying to debug these issues caused by DNS, LLMNR and mDNS interacting is not fun. Unless you are a DNS wizard, if you want to use resolved, I would stay away from referring to machines via hostname and hostname.local.

You could also disable both LLMNR and mDNS and save yourself some pain resolved.conf(5) - Linux manual page

My goal ideally is to figure out how to advertise two routes in my internal network without having to run my own DNS. I started with avahi but I read that systemd-resolver is a better way.

But yeah it looks a bit like a nightmare at the moment

try again with avahi, not avhai

# ps aux | grep avahi
root       10196  0.0  0.0   6476  2452 pts/1    S+   10:10   0:00 grep avahi

Resolved is infact a DNS server. You can expose it on your LAN using the option DNSStubListenerExtra. I’m not exactly sure what you mean by expose routes (we are talking about a layer 2, switched network here right?), but if you put some rows in the /etc/hosts of a machine running resolved, expose it on some port using DNSStubListnerExtra, then other machines on the LAN can use it as a DNS. Basically, any machine running resolved has the same functionality as a pihole

I see thanks @danielbarter my home was to get the same “magic” like: “I can get an IP via its hostname” but with something that is not its hostname.

I am not sure if DNSStubListenerExtra does that because I will try it tomorrow but if it acts like a DNS it means that I need to point my other machines to such DNS and it is something I would like to avoid.

I see thanks @danielbarter my home was to get the same “magic” like: “I can get an IP via its hostname” but with something that is not its hostname.

This is not possible using LLMNR or mDNS. Both are broadcast protocols that ask on LAN for machines to respond to their hostname. mDNS works with the .local postfix. Both of these protocols are supposed to be configuration free (i.e there is no way to configure a hostname translation or w/e)

The only way you can get what you want using resolved is to disable both LLMNR and mDNS and configure the behavior you want on some DNS server or repeater.

IMO, disabling these on a home network is the way to go.

Thank you for your explanation and your time! I will around to see if a dns repeater can be the “maintainable enough” solution I am looking for or if I should go with my own dns.

Maybe I can configure something at the router level for now, I will check that as well.