[systemd-devel] nss-mymachines: slow name resolution
Hello! I've followed the man page guide to setup mymachines name resolution in nsswitch.conf. It works. But it takes around 4-5 seconds to resolve a name. This is unexpected and cannot be used in production. I'm using systemd-networkd and systemd-resolved. This is my config: # /etc/nsswitch.conf: # $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1 2006/09/29 23:52:23 vapier Exp $ passwd: compat mymachines shadow: compat group: compat mymachines # passwd:db files nis # shadow:db files nis # group: db files nis hosts: files resolve mymachines myhostname networks:files services:db files protocols: db files rpc: db files ethers: db files netmasks:files netgroup:files bootparams: files automount: files aliases: files Not sure if the errors below are related: $ systemctl status systemd-{network,resolve}d ● systemd-networkd.service - Network Service Loaded: loaded (/usr/lib64/systemd/system/systemd-networkd.service; enabled; vendor preset: enabled) Active: active (running) since Sa 2016-02-13 13:40:51 CET; 24h ago Docs: man:systemd-networkd.service(8) Main PID: 763 (systemd-network) Status: "Processing requests..." Tasks: 1 (limit: 512) Memory: 1.1M CPU: 400ms CGroup: /system.slice/systemd-networkd.service └─763 /usr/lib/systemd/systemd-networkd Feb 14 13:11:27 jupiter.sol.local systemd-networkd[763]: Could not send rtnetlink message: Invalid argument Feb 14 13:11:27 jupiter.sol.local systemd-networkd[763]: Could not remove route: Invalid argument Feb 14 13:18:22 jupiter.sol.local systemd-networkd[763]: Could not send rtnetlink message: Invalid argument Feb 14 13:18:22 jupiter.sol.local systemd-networkd[763]: Could not remove route: Invalid argument Feb 14 13:25:43 jupiter.sol.local systemd-networkd[763]: Could not send rtnetlink message: Invalid argument Feb 14 13:25:43 jupiter.sol.local systemd-networkd[763]: Could not remove route: Invalid argument Feb 14 13:30:23 jupiter.sol.local systemd-networkd[763]: Could not send rtnetlink message: Invalid argument Feb 14 13:30:23 jupiter.sol.local systemd-networkd[763]: Could not remove route: Invalid argument Feb 14 13:39:57 jupiter.sol.local systemd-networkd[763]: Could not send rtnetlink message: Invalid argument Feb 14 13:39:57 jupiter.sol.local systemd-networkd[763]: Could not remove route: Invalid argument ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/usr/lib64/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Active: active (running) since Sa 2016-02-13 13:40:51 CET; 24h ago Docs: man:systemd-resolved.service(8) Main PID: 824 (systemd-resolve) Status: "Processing requests..." Tasks: 1 (limit: 512) Memory: 1.0M CPU: 2.122s CGroup: /system.slice/systemd-resolved.service └─824 /usr/lib/systemd/systemd-resolved Feb 13 13:40:51 jupiter.sol.local systemd[1]: Starting Network Name Resolution... Feb 13 13:40:51 jupiter.sol.local systemd-resolved[824]: Using system hostname 'jupiter'. Feb 13 13:40:51 jupiter.sol.local systemd[1]: Started Network Name Resolution. Feb 13 13:40:56 jupiter.sol.local systemd-resolved[824]: Switching to DNS server 192.168.4.254 for interface enp5s0. -- Regards, Kai Replies to list-only preferred. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] nss-mymachines: slow name resolution
Am Sun, 14 Feb 2016 13:49:01 +0100 schrieb Kai Krakow : > Hello! > > I've followed the man page guide to setup mymachines name resolution > in nsswitch.conf. It works. But it takes around 4-5 seconds to > resolve a name. This is unexpected and cannot be used in production. > > I'm using systemd-networkd and systemd-resolved. Some further investigation shows it is exactly 5 seconds because that is the timeout e.g. "ping" and "ssh" use for the poll() call when I strace the programs. I then tried "ltrace" and it shows hanging in gethostbyname(). This behaviour is independent of resolver order in nsswitch.conf. In contrast: dig immediately returns, with expected result NXDOMAIN has my nspawns machines are not registered in a DNS zone. "getent hosts" returns immediately, yielding the correct IP. gethostip shows the same behavior as ping and ssh. What is special in this case? Why the timeout of 5 seconds? > This is my config: > > # /etc/nsswitch.conf: > # > $Header: /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v > 1.1 2006/09/29 23:52:23 vapier Exp $ > > passwd: compat mymachines > shadow: compat > group: compat mymachines > > # passwd:db files nis > # shadow:db files nis > # group: db files nis > > hosts: files resolve mymachines myhostname > networks:files > > services:db files > protocols: db files > rpc: db files > ethers: db files > netmasks:files > netgroup:files > bootparams: files > > automount: files > aliases: files > > > Not sure if the errors below are related: > > $ systemctl status systemd-{network,resolve}d > ● systemd-networkd.service - Network Service >Loaded: loaded > (/usr/lib64/systemd/system/systemd-networkd.service; enabled; vendor > preset: enabled) Active: active (running) since Sa 2016-02-13 > 13:40:51 CET; 24h ago Docs: man:systemd-networkd.service(8) Main PID: > 763 (systemd-network) Status: "Processing requests..." > Tasks: 1 (limit: 512) >Memory: 1.1M > CPU: 400ms >CGroup: /system.slice/systemd-networkd.service >└─763 /usr/lib/systemd/systemd-networkd > > Feb 14 13:11:27 jupiter.sol.local systemd-networkd[763]: Could not > send rtnetlink message: Invalid argument Feb 14 13:11:27 > jupiter.sol.local systemd-networkd[763]: Could not remove route: > Invalid argument Feb 14 13:18:22 jupiter.sol.local > systemd-networkd[763]: Could not send rtnetlink message: Invalid > argument Feb 14 13:18:22 jupiter.sol.local systemd-networkd[763]: > Could not remove route: Invalid argument Feb 14 13:25:43 > jupiter.sol.local systemd-networkd[763]: Could not send rtnetlink > message: Invalid argument Feb 14 13:25:43 jupiter.sol.local > systemd-networkd[763]: Could not remove route: Invalid argument Feb > 14 13:30:23 jupiter.sol.local systemd-networkd[763]: Could not send > rtnetlink message: Invalid argument Feb 14 13:30:23 jupiter.sol.local > systemd-networkd[763]: Could not remove route: Invalid argument Feb > 14 13:39:57 jupiter.sol.local systemd-networkd[763]: Could not send > rtnetlink message: Invalid argument Feb 14 13:39:57 jupiter.sol.local > systemd-networkd[763]: Could not remove route: Invalid argument > > ● systemd-resolved.service - Network Name Resolution >Loaded: loaded > (/usr/lib64/systemd/system/systemd-resolved.service; enabled; vendor > preset: enabled) Active: active (running) since Sa 2016-02-13 > 13:40:51 CET; 24h ago Docs: man:systemd-resolved.service(8) Main PID: > 824 (systemd-resolve) Status: "Processing requests..." > Tasks: 1 (limit: 512) >Memory: 1.0M > CPU: 2.122s >CGroup: /system.slice/systemd-resolved.service >└─824 /usr/lib/systemd/systemd-resolved > > Feb 13 13:40:51 jupiter.sol.local systemd[1]: Starting Network Name > Resolution... Feb 13 13:40:51 jupiter.sol.local > systemd-resolved[824]: Using system hostname 'jupiter'. Feb 13 > 13:40:51 jupiter.sol.local systemd[1]: Started Network Name > Resolution. Feb 13 13:40:56 jupiter.sol.local systemd-resolved[824]: > Switching to DNS server 192.168.4.254 for interface enp5s0. -- Regards, Kai Replies to list-only preferred. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] nss-mymachines: slow name resolution
On Sun, 14.02.16 13:49, Kai Krakow (hurikha...@gmail.com) wrote: > Hello! > > I've followed the man page guide to setup mymachines name resolution in > nsswitch.conf. It works. But it takes around 4-5 seconds to resolve a > name. This is unexpected and cannot be used in production. This sounds like the LLMNR timeout done. I figure we should fix the docs to suggest that "mymachines" appears before "resolve" in nsswitch.conf. That should fix your issue... Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] nss-mymachines: slow name resolution
Am Mon, 15 Feb 2016 14:28:19 +0100 schrieb Lennart Poettering : > On Sun, 14.02.16 13:49, Kai Krakow (hurikha...@gmail.com) wrote: > > > Hello! > > > > I've followed the man page guide to setup mymachines name > > resolution in nsswitch.conf. It works. But it takes around 4-5 > > seconds to resolve a name. This is unexpected and cannot be used in > > production. > > This sounds like the LLMNR timeout done. I figure we should fix the > docs to suggest that "mymachines" appears before "resolve" in > nsswitch.conf. That should fix your issue... Apparently it doesn't fix it - although I will leave it in this order according to your recommendation. Is there a way to globally disable LLMNR altogether to nail it down? I tried setting LLMNR=false in *.network - didn't help. -- Regards, Kai Replies to list-only preferred. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] nss-mymachines: slow name resolution
On Mon, 15.02.16 21:32, Kai Krakow (hurikha...@gmail.com) wrote: > Am Mon, 15 Feb 2016 14:28:19 +0100 > schrieb Lennart Poettering : > > > On Sun, 14.02.16 13:49, Kai Krakow (hurikha...@gmail.com) wrote: > > > > > Hello! > > > > > > I've followed the man page guide to setup mymachines name > > > resolution in nsswitch.conf. It works. But it takes around 4-5 > > > seconds to resolve a name. This is unexpected and cannot be used in > > > production. > > > > This sounds like the LLMNR timeout done. I figure we should fix the > > docs to suggest that "mymachines" appears before "resolve" in > > nsswitch.conf. That should fix your issue... > > Apparently it doesn't fix it - although I will leave it in this order > according to your recommendation. > > Is there a way to globally disable LLMNR altogether to nail it down? I > tried setting LLMNR=false in *.network - didn't help. Use the LLMNR= setting in /etc/systemd/resolved.conf Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] nss-mymachines: slow name resolution
Am Tue, 16 Feb 2016 15:35:24 +0100 schrieb Lennart Poettering : > On Mon, 15.02.16 21:32, Kai Krakow (hurikha...@gmail.com) wrote: > > > Am Mon, 15 Feb 2016 14:28:19 +0100 > > schrieb Lennart Poettering : > > > > > On Sun, 14.02.16 13:49, Kai Krakow (hurikha...@gmail.com) wrote: > > > > > > > Hello! > > > > > > > > I've followed the man page guide to setup mymachines name > > > > resolution in nsswitch.conf. It works. But it takes around 4-5 > > > > seconds to resolve a name. This is unexpected and cannot be > > > > used in production. > > > > > > This sounds like the LLMNR timeout done. I figure we should fix > > > the docs to suggest that "mymachines" appears before "resolve" in > > > nsswitch.conf. That should fix your issue... > > > > Apparently it doesn't fix it - although I will leave it in this > > order according to your recommendation. > > > > Is there a way to globally disable LLMNR altogether to nail it > > down? I tried setting LLMNR=false in *.network - didn't help. > > Use the LLMNR= setting in /etc/systemd/resolved.conf Yeah! *thumbsup* You da man, Lennart! Setting LLMNR to "resolve" or to "no" globally solves the problem which proves your first suspicion. Now, how can I figure out which interface is the problematic one? Do I actually need LLMNR in a simple home network? The long term is to use this in a container based hosting environment. I'm pretty sure I actually don't need LLMNR there. So I'm just curious how to "optimize" my home setup. -- Regards, Kai Replies to list-only preferred. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] nss-mymachines: slow name resolution
Am Tue, 16 Feb 2016 19:39:26 +0100 schrieb Kai Krakow : > Am Tue, 16 Feb 2016 15:35:24 +0100 > schrieb Lennart Poettering : > > > On Mon, 15.02.16 21:32, Kai Krakow (hurikha...@gmail.com) wrote: > > > > > Am Mon, 15 Feb 2016 14:28:19 +0100 > > > schrieb Lennart Poettering : > > > > > > > On Sun, 14.02.16 13:49, Kai Krakow (hurikha...@gmail.com) wrote: > > > > > > > > > Hello! > > > > > > > > > > I've followed the man page guide to setup mymachines name > > > > > resolution in nsswitch.conf. It works. But it takes around 4-5 > > > > > seconds to resolve a name. This is unexpected and cannot be > > > > > used in production. > > > > > > > > This sounds like the LLMNR timeout done. I figure we should fix > > > > the docs to suggest that "mymachines" appears before "resolve" > > > > in nsswitch.conf. That should fix your issue... > > > > > > Apparently it doesn't fix it - although I will leave it in this > > > order according to your recommendation. > > > > > > Is there a way to globally disable LLMNR altogether to nail it > > > down? I tried setting LLMNR=false in *.network - didn't help. > > > > Use the LLMNR= setting in /etc/systemd/resolved.conf > > Yeah! *thumbsup* You da man, Lennart! > > Setting LLMNR to "resolve" or to "no" globally solves the problem > which proves your first suspicion. BTW: Enabling and starting avahi also fixed the problem (at least it looks like, did a few other steps), although I don't see it listening on port 5353. > Now, how can I figure out which interface is the problematic one? Do I > actually need LLMNR in a simple home network? > > The long term is to use this in a container based hosting environment. > I'm pretty sure I actually don't need LLMNR there. So I'm just curious > how to "optimize" my home setup. -- Regards, Kai Replies to list-only preferred. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel