How do I configure search domains in systemd-resolved?

I am having trouble understanding how to get systemd-resolved to work for my use case.

I would like to be able to use DNS Domains so I can ssh to the short Hostname instead of having to type the FQDN every time.

There are a number of Domains I would like DNS to search. For simplicity, we will call these:
example1.com example2.com example3.com

I have created the file /etc/systemd/resolved.conf.d/search.conf with the following:

[Resolve]
Domains=example1.com example2.com example3.com

This resulted in /etc/resolv.conf / /run/systemd/resolve/stub-resolv.conf having the familiar “search” line:

# grep -v ^# /run/systemd/resolve/stub-resolv.conf 

nameserver 127.0.0.53
options edns0 trust-ad
search example1.com example2.com example3.com myname.lan

And the output of resolvectl status looks something like this:

Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: stub
        DNS Domain: example1.com example2.com example3.com

Link 2 (enp0s31f6)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlp2s0)
    Current Scopes: none
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 4 (br0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.254
       DNS Servers: 192.168.1.254 192.168.1.253
        DNS Domain: myname.lan

Link 5 (tun0)
    Current Scopes: LLMNR/IPv4 LLMNR/IPv6
         Protocols: -DefaultRoute LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported

But this is not having the desired effect.

# ping -c1 host
ping: host: Name or service not known

I must still use the FQDN:

# ping -c1 host.example1.com
PING host.example1.com (10.10.10.10) 56(84) bytes of data.
64 bytes from host.example1.com (10.10.10.10): icmp_seq=1 ttl=63 time=15.4 ms

--- host.example1.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 15.399/15.399/15.399/0.000 ms

Only the DNS Domain returned by my DHCP server is working:

ping -c1 lanhost
PING lanhost.myname.lan (192.168.1.8) 56(84) bytes of data.
64 bytes from lanhost.myname.lan (192.168.1.8): icmp_seq=1 ttl=64 time=0.320 ms

--- lanhost.myname.lan ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.320/0.320/0.320/0.000 ms

What must I do so the additional DNS Domains I wish to add will work?

Do you have control of the dns servers for example1.com, example2.com, etc. ?

What will happen if there exists a host machine in each of those domains where the machine name is the same but the domain and IP may be different?

The results could be ambiguous and not as expected since the first found that matched may not be the same every time. Caching may make it even more difficult.

1 Like

Yes.

This typically does not happen, but when a conflict does exist, myself or someone from our team corrects it. In my particular case, the Short Hostname is unique across all top level domains.

Does it make a difference if you disable LLMNR? If you are not using LLMNR in your local network, it is better to disable it.

1 Like

Try this way if the issue persists:

sudo nmcli connection modify br0 \
    ipv4.dns-search example1.com,example2.com,example3.com
sudo nmcli connection up br0