I already knew about the "_gateway" variable in CentOS/RHEL (I think up to 7 it was just "gateway", without the _ sign). Today I setup AdGuard DNS server in my home lab, on the same machine is a reverse proxy to serve some internal services, I added a second IP to the host because I needed multiple HTTP ports. Nevermind, I set a wildcard DNS entry on adguard. Like this: *.mydomain.com 172.16.20.60 (which is the IP of the reverse proxy mentioned above) - I didn't want to add all services manually, so I chose the wildcard method.
A few hours later I noticed that the machine that hosts the dns server and reverse proxy wasn't able to connect to the internet.
I did a traceroute and saw that it was trying to reach the internet over _gateway.mydomain.com (which leads to the machine itselfs).
A ping on _gateway.mydomain.com returned the machines IP, so I remembered the wildcard dns entry on my dns server. I added _gateway.mydomain.com to it's correct IP and then it worked as expected.
My question is what is the thing about this kind of environment variable "_gateway"/"gateway" - why does RedHat do this? And I wonder why the network tries to reach it's gateway via a dns name? I wasn't able to find any information about this and didn't find any setting on the machine itselfs to disable this behavior.
Here's some output:
ping _gateway
PING _gateway.mydomain.com (172.16.20.10) 56(84) bytes of data.
64 bytes from _gateway (172.16.20.10): icmp_seq=1 ttl=64 time=0.112 ms
64 bytes from _gateway (172.16.20.10): icmp_seq=2 ttl=64 time=0.285 ms
64 bytes from _gateway (172.16.20.10): icmp_seq=3 ttl=64 time=0.190 ms
64 bytes from _gateway (172.16.20.10): icmp_seq=4 ttl=64 time=0.284 ms
host _gateway
_gateway.mydomain.com has address 172.16.20.10
Any ideas?
Thanks
Dan
As no one seems to know what I mean I cleared this by myself. I saw the same thing on Ubuntu, which led me to the conclusion it could have something to do with systemd ... and yes bingo!
According to https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html which says:
The hostname "_gateway" is resolved to all current default routing gateway addresses, ordered by their metric. This assigns a stable hostname to the current gateway, useful for referencing it independently of the current network configuration state.
I didn't investigate more to disable this behavior, anyway I know where this s*it comes from, thanks systemd ...