Bahsi geçen bu systemd-resolved günümüz linux makinalarının çoğunda yüklü olarak gelmektedir. systemd yanında yancı olan bu uygulama ile DNS çözümleme işlemleri yapılmaktadır ve ön tanımlı olarak kapalı gelir.
root@ankara:/# systemd-resolve --status | grep DNSSEC
Failed to get global data: Unit dbus-org.freedesktop.resolve1.service not found.Özetle aslında sistemde kurulu ancak çalışmıyor, hal böyle oluncada DNSSEC aktif olarak göremiyoruz.
Bu durumdan kurtulmak için önce durumuna bakıyoruz
root@ankara:/# systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/systemd-resolved.service.d
└─resolvconf.conf
Active: inactive (dead)
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clientsDirek olarak servisi başlatmanız yeterli, ancak burada bir kısıtlama var. Eğer sunucu sağlayıcınızın DNS makineleri DNSSEC desteklemiyorsa bunu açmanız bir işe yaramaz(Türkiyede denemedim.)
systemctl start systemd-resolved.service
Ardından servis çalışmaya başladı çıktısı şu şekilde olacak
root@ankara:/etc/security# systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; disabled; vendor preset: enabled)
Drop-In: /usr/lib/systemd/system/systemd-resolved.service.d
└─resolvconf.conf
Active: active (running) since Tue 2020-09-15 13:12:16 CEST; 1s ago
Docs: man:systemd-resolved.service(8)
https://www.freedesktop.org/wiki/Software/systemd/resolved
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Process: 15633 ExecStartPost=/bin/sh -c [ ! -e /run/resolvconf/enable-updates ] || echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd-resolved (code=exited, status=0/SUCCESS)
Main PID: 15632 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 4915)
Memory: 2.4M
CGroup: /system.slice/systemd-resolved.service
└─15632 /lib/systemd/systemd-resolved
Sep 15 13:12:16 ankara systemd[1]: Starting Network Name Resolution...
Sep 15 13:12:16 ankara systemd-resolved[15632]: Positive Trust Anchors:
Sep 15 13:12:16 ankara systemd-resolved[15632]: . IN DS 19036 8 2 49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5
Sep 15 13:12:16 ankara systemd-resolved[15632]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Sep 15 13:12:16 ankara systemd-resolved[15632]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.Sep 15 13:12:16 ankara systemd-resolved[15632]: Using system hostname 'ankara'.
Sep 15 13:12:16 ankara systemd[1]: Started Network Name Resolution.Tekrar kontrol amacıyla komutumuzu veriyoruz ve nihai sonuç aşağıdaki gibi oluyor.
root@ankara:/etc/security# systemd-resolve --status | grep DNSSEC
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
DNSSEC NTA: 10.in-addr.arpa
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
DNSSEC setting: allow-downgrade
DNSSEC supported: yes