On 09/06/2020 14.44, Christian Boltz wrote:
Hello,
I can't really comment on dnsmasq (I use unbound), but I wonder if you really need all the script magic, or if you could simply have permanent config entries saying "for *.infra.opensuse.org, ask 192.168.47.101 and 192.168.47.102" (+ similar entries for the reverse DNS).
Well, not knowing the ground, I just follow the instructions in the wiki ;-)
Oh, and the admin wiki is a wiki, so if you see an error, just fix it ;-)
I was going to ask just that. I certainly intend to add the corrections when I get this working :-D
That said:
Am Dienstag, 9. Juni 2020, 14:27:19 CEST schrieb Carlos E. R.:
Question on apparmor:
/etc/apparmor.d/usr.sbin.dnsmasq:
...
# Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.dnsmasq> }
Should I remove the '#' before the include?
"#include" and "include" have the same meaning in AppArmor profiles, they both include another file.
The only difference is that "#include" might be mis-interpreted as comment in case of syntax errors (instead of causing an error), but the line you quoted looks correct, and matches the upstream dnsmasq profile.
Bummer. I was going to try that now... Telcontar:~ # l /etc/dnsmasq.* -rw-r--r-- 1 root root 26973 Jun 9 14:06 /etc/dnsmasq.conf -rw-r--r-- 1 root root 26975 May 8 2019 /etc/dnsmasq.conf.isengard -rw-r--r-- 1 root root 26707 Dec 5 2019 /etc/dnsmasq.conf.pre.20200606 -rw-r--r-- 1 root root 180 Jun 9 14:06 /etc/dnsmasq.opensuseservers.conf /etc/dnsmasq.d: total 28 drwxr-xr-x 2 root root 4096 Jun 8 22:03 ./ drwxr-xr-x 233 root root 16384 Jun 9 14:06 ../ -rw-r--r-- 1 root root 259 Jun 8 22:03 opensuse.conf -rw-r--r-- 1 root root 391 Dec 5 2019 trust-anchors.conf Telcontar:~ # The permissions are the same on all files, yet it says: Jun 09 14:06:42 Telcontar dnsmasq[22895]: cannot read /etc/dnsmasq.opensuseservers.conf: Permission denied If it is not apparmor, I'm out of ideas. [...] I'll try anyway... BINGO! It was AA. I removed the comment symbol, and now I have connectivity. Telcontar:/etc/openvpn # host freeipa.infra.opensuse.org freeipa.infra.opensuse.org has address 192.168.47.65 Telcontar:/etc/openvpn # It occurs to me whether I might have forgotten to restart aa, bu the log says I did. Before: <3.6> 2020-06-09T14:13:36.362507+02:00 Telcontar apparmor.systemd 23247 - - Restarting AppArmor and now, after the edit: <3.6> 2020-06-09T15:06:24.508661+02:00 Telcontar apparmor.systemd 26101 - - Restarting AppArmor Ok. Time to have lunch. Later I will update the wiki :-) -- Cheers / Saludos, Carlos E. R. (from 15.1 x86_64 at Telcontar)