-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (I took me more than an hour to carefully compose this message, trying to explain everything) El 2023-05-09 a las 09:05 +0200, Per Jessen escribió:
Carlos E. R. wrote:
On 2023-05-08 23:24, Per Jessen wrote:
Carlos E. R. wrote:
Thus, I can not use NETCONFIG_DNS_POLICY="auto".
Thus you have concluded wrongly. Using 'auto' does what is expected, it updates your /etc/resolv.conf when the information changes.
But I don't want it to contain that information.
Here the pertinent question is probably - why not?
I need /etc/resolv.conf to point only at my local or LAN DNS servers, not the remote ones.
Why?
AND, I can not use a file that changes every minute, even if I wanted what it contains!
Well, although it is of course too much, it would still work.
(with a lot of noise in the logs. I can not stand that, it drives me nuts. I was trained to analyze logs, it was my job. That is the problem that started this thread, noise in the logs). Per, I'll try to explain again. The way dnsmasq works, it *has* to be configured this way (if using wicked): /etc/resolv.conf: 127.0.0.1 ::1 (static information, in any case) /etc/dnsmasq.conf: server=80.58.61.250 server=80.58.61.254 server=2a02:9000::aaaa server=2a02:9000::bbbb or make "resolv-file=..." point to a file that contains this and doesn't change needlessly: nameserver 80.58.61.250 nameserver 80.58.61.254 nameserver 2a02:9000::aaaa nameserver 2a02:9000::bbbb (can be dynamic information) To achieve the above, I need this /etc/sysconfig/network/config: NETCONFIG_DNS_POLICY='STATIC' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_STATIC_SEARCHLIST='valinor' NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1' NETCONFIG_DNS_FORWARDER_FALLBACK="yes" It *has* to be done this way or it doesn't work properly. I have tested in many different manners, and this is the best. WHY? /etc/resolv.conf must point only to the local dnsmasq service. It must not be allowed to point to external servers, because that means that programs (say firefox) may bypass dnsmasq and waste time waiting for the remote server to answer. On the other hand, dnsmasq must know about the external servers, it is its job. This can be a static definition, as I am doing right now, or a dynamic definition in some external file, which is what it had. I can not point dnsmasq to an external file that is written every minute, because this causes dnsmasq to reload every minute, cause activity, and spam the logs. So, I consider the dnsmasq issue solved and closed. And thankyou everybody for helping me with ideas finding out what was going on. :-) The only remaining issue is finding out why the router sends advertisements that causes Linux to rewrite the "/run/wicked/leaseinfo.eth0.auto.ipv6" to be written every minute, despite nothing apparently changing. It could be a Linux problem, linux overreacting to the router adverts. I know nothing about this.
But those messages, if they are the ones I remember, do not happen in my machine.
If you are running wicked, they should.
Tell me what string to search for, and I will.
Ummm, "wicked" :-) https://paste.opensuse.org/pastes/f5714a73b9ca
Of course, maybe the difference is that I am running dhcpv6, I don't really know.
I have no messages at all mentioning dhcp in my output, except "Starting wicked DHCPv6 supplicant service..." the first day, so I am using the same as you. journalctl -b | grep wicked | susepaste -n "Carlos E R" -t "wicked journal" -e 40320 https://paste.opensuse.org/pastes/a13b58a46063 See for yourself, no messages about the lease since boot.
> What about /run/dnsmasq-forwarders.conf ?
The Beta machine doesn't have dnsmasq.
So install it. That's what I did earlier, to test.
It would be easier to boot the Laicolasse partition, but that would break another unrelated test that I'm doing.
What can be easier than "zypper in dnsmasq" ?
And configure a few files. No, thanks. I want that machine simple.
I try to keep the Beta partition simple. Configuring dnsmasq would be a further complication.
I did not say "configure it", I said _install_ it. When you are done debugging, maybe you could just delete it again.
It has to be configured or it will not work.
I have to wonder, when you always know better, why do you ask here?
Per, please. I have to do the steps I carefully described above to make it work properly. I have now booted to the stable partition in the laptop (Laicolasse) to obtain the information you asked about. The current configuration is (using NM and dnsmasq): cer@Laicolasse:~> grep "NETCONFIG_DNS_STATIC_SEARCHLIST\|NETCONFIG_DNS_STATIC_SERVERS\|NETCONFIG_DNS_FORWARDER\|NETCONFIG_DNS_POLICY" /etc/sysconfig/network/config | egrep -v "^[[:space:]]*$|^#" NETCONFIG_DNS_POLICY="STATIC" NETCONFIG_DNS_FORWARDER="dnsmasq" NETCONFIG_DNS_FORWARDER_FALLBACK="yes" NETCONFIG_DNS_STATIC_SEARCHLIST="valinor" NETCONFIG_DNS_STATIC_SERVERS="127.0.0.1" cer@Laicolasse:~> grep resolv-file /etc/dnsmasq.conf resolv-file=/run/NetworkManager/no-stub-resolv.conf cer@Laicolasse:~> egrep -v "^[[:space:]]*$|^#" /run/NetworkManager/no-stub-resolv.conf search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250 nameserver 2a02:9000::aaaa nameserver 2a02:9000::bbbb cer@Laicolasse:~> egrep -v "^[[:space:]]*$|^#" /etc/resolv.conf search valinor nameserver 127.0.0.1 cer@Laicolasse:~> The file with the external servers doesn't change: cer@Laicolasse:~> l /run/NetworkManager/no-stub-resolv.conf /etc/resolv.conf /run/netconfig/resolv.conf ; date lrwxrwxrwx 1 root root 26 Mar 28 02:36 /etc/resolv.conf -> /run/netconfig/resolv.conf -rw-r--r-- 1 root root 637 May 9 13:35 /run/netconfig/resolv.conf -rw-r--r-- 1 root root 279 May 9 13:35 /run/NetworkManager/no-stub-resolv.conf 2023-05-09T14:15:01 CEST cer@Laicolasse:~> And the file you asked about: cer@Laicolasse:~> l /run/dnsmasq-forwarders.conf -rw-r--r-- 1 root root 556 May 9 13:35 /run/dnsmasq-forwarders.conf cer@Laicolasse:~> It is empty, comments only: cer@Laicolasse:~> egrep -v "^[[:space:]]*$|^#" /run/dnsmasq-forwarders.conf cer@Laicolasse:~> Which to me means the fault is not my router, but Linux, ie, wicked. NM works properly. - -- Cheers, Carlos E. R. (from openSUSE 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHkEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZFo8tBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVxqwAl2eYIipTCJBYr2lpxC6V J7ZmEOkAnRosa/4qvUJZXRSvW0tuT/RcMvZm =KS5s -----END PGP SIGNATURE-----