Re: mostly about dnsmasq [solved] and /run/wicked/leaseinfo.eth0.auto.ipv6 changing too fast [pending]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 (I took me more than an hour to carefully compose this message, trying to explain everything) El 2023-05-09 a las 09:05 +0200, Per Jessen escribió:
Carlos E. R. wrote:
On 2023-05-08 23:24, Per Jessen wrote:
Carlos E. R. wrote:
Thus, I can not use NETCONFIG_DNS_POLICY="auto".
Thus you have concluded wrongly. Using 'auto' does what is expected, it updates your /etc/resolv.conf when the information changes.
But I don't want it to contain that information.
Here the pertinent question is probably - why not?
I need /etc/resolv.conf to point only at my local or LAN DNS servers, not the remote ones.
Why?
AND, I can not use a file that changes every minute, even if I wanted what it contains!
Well, although it is of course too much, it would still work.
(with a lot of noise in the logs. I can not stand that, it drives me nuts. I was trained to analyze logs, it was my job. That is the problem that started this thread, noise in the logs). Per, I'll try to explain again. The way dnsmasq works, it *has* to be configured this way (if using wicked): /etc/resolv.conf: 127.0.0.1 ::1 (static information, in any case) /etc/dnsmasq.conf: server=80.58.61.250 server=80.58.61.254 server=2a02:9000::aaaa server=2a02:9000::bbbb or make "resolv-file=..." point to a file that contains this and doesn't change needlessly: nameserver 80.58.61.250 nameserver 80.58.61.254 nameserver 2a02:9000::aaaa nameserver 2a02:9000::bbbb (can be dynamic information) To achieve the above, I need this /etc/sysconfig/network/config: NETCONFIG_DNS_POLICY='STATIC' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_STATIC_SEARCHLIST='valinor' NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1' NETCONFIG_DNS_FORWARDER_FALLBACK="yes" It *has* to be done this way or it doesn't work properly. I have tested in many different manners, and this is the best. WHY? /etc/resolv.conf must point only to the local dnsmasq service. It must not be allowed to point to external servers, because that means that programs (say firefox) may bypass dnsmasq and waste time waiting for the remote server to answer. On the other hand, dnsmasq must know about the external servers, it is its job. This can be a static definition, as I am doing right now, or a dynamic definition in some external file, which is what it had. I can not point dnsmasq to an external file that is written every minute, because this causes dnsmasq to reload every minute, cause activity, and spam the logs. So, I consider the dnsmasq issue solved and closed. And thankyou everybody for helping me with ideas finding out what was going on. :-) The only remaining issue is finding out why the router sends advertisements that causes Linux to rewrite the "/run/wicked/leaseinfo.eth0.auto.ipv6" to be written every minute, despite nothing apparently changing. It could be a Linux problem, linux overreacting to the router adverts. I know nothing about this.
But those messages, if they are the ones I remember, do not happen in my machine.
If you are running wicked, they should.
Tell me what string to search for, and I will.
Ummm, "wicked" :-) https://paste.opensuse.org/pastes/f5714a73b9ca
Of course, maybe the difference is that I am running dhcpv6, I don't really know.
I have no messages at all mentioning dhcp in my output, except "Starting wicked DHCPv6 supplicant service..." the first day, so I am using the same as you. journalctl -b | grep wicked | susepaste -n "Carlos E R" -t "wicked journal" -e 40320 <https://paste.opensuse.org/pastes/a13b58a46063> See for yourself, no messages about the lease since boot.
> What about /run/dnsmasq-forwarders.conf ?
The Beta machine doesn't have dnsmasq.
So install it. That's what I did earlier, to test.
It would be easier to boot the Laicolasse partition, but that would break another unrelated test that I'm doing.
What can be easier than "zypper in dnsmasq" ?
And configure a few files. No, thanks. I want that machine simple.
I try to keep the Beta partition simple. Configuring dnsmasq would be a further complication.
I did not say "configure it", I said _install_ it. When you are done debugging, maybe you could just delete it again.
It has to be configured or it will not work.
I have to wonder, when you always know better, why do you ask here?
Per, please. I have to do the steps I carefully described above to make it work properly. I have now booted to the stable partition in the laptop (Laicolasse) to obtain the information you asked about. The current configuration is (using NM and dnsmasq): cer@Laicolasse:~> grep "NETCONFIG_DNS_STATIC_SEARCHLIST\|NETCONFIG_DNS_STATIC_SERVERS\|NETCONFIG_DNS_FORWARDER\|NETCONFIG_DNS_POLICY" /etc/sysconfig/network/config | egrep -v "^[[:space:]]*$|^#" NETCONFIG_DNS_POLICY="STATIC" NETCONFIG_DNS_FORWARDER="dnsmasq" NETCONFIG_DNS_FORWARDER_FALLBACK="yes" NETCONFIG_DNS_STATIC_SEARCHLIST="valinor" NETCONFIG_DNS_STATIC_SERVERS="127.0.0.1" cer@Laicolasse:~> grep resolv-file /etc/dnsmasq.conf resolv-file=/run/NetworkManager/no-stub-resolv.conf cer@Laicolasse:~> egrep -v "^[[:space:]]*$|^#" /run/NetworkManager/no-stub-resolv.conf search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250 nameserver 2a02:9000::aaaa nameserver 2a02:9000::bbbb cer@Laicolasse:~> egrep -v "^[[:space:]]*$|^#" /etc/resolv.conf search valinor nameserver 127.0.0.1 cer@Laicolasse:~> The file with the external servers doesn't change: cer@Laicolasse:~> l /run/NetworkManager/no-stub-resolv.conf /etc/resolv.conf /run/netconfig/resolv.conf ; date lrwxrwxrwx 1 root root 26 Mar 28 02:36 /etc/resolv.conf -> /run/netconfig/resolv.conf -rw-r--r-- 1 root root 637 May 9 13:35 /run/netconfig/resolv.conf -rw-r--r-- 1 root root 279 May 9 13:35 /run/NetworkManager/no-stub-resolv.conf 2023-05-09T14:15:01 CEST cer@Laicolasse:~> And the file you asked about: cer@Laicolasse:~> l /run/dnsmasq-forwarders.conf -rw-r--r-- 1 root root 556 May 9 13:35 /run/dnsmasq-forwarders.conf cer@Laicolasse:~> It is empty, comments only: cer@Laicolasse:~> egrep -v "^[[:space:]]*$|^#" /run/dnsmasq-forwarders.conf cer@Laicolasse:~> Which to me means the fault is not my router, but Linux, ie, wicked. NM works properly. - -- Cheers, Carlos E. R. (from openSUSE 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHkEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZFo8tBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVxqwAl2eYIipTCJBYr2lpxC6V J7ZmEOkAnRosa/4qvUJZXRSvW0tuT/RcMvZm =KS5s -----END PGP SIGNATURE-----
Carlos E. R. wrote:
El 2023-05-09 a las 09:05 +0200, Per Jessen escribió:
AND, I can not use a file that changes every minute, even if I wanted what it contains!
Well, although it is of course too much, it would still work.
(with a lot of noise in the logs. I can not stand that, it drives me nuts. I was trained to analyze logs, it was my job. That is the problem that started this thread, noise in the logs).
Well, if that is your primary focus, log messages can be suppressed. :-)
Per, I'll try to explain again. The way dnsmasq works, it *has* to be configured this way (if using wicked):
There is really no need to explain, I am perfectly well aware of how it works. The man page is very comprehensive.
To achieve the above, I need this /etc/sysconfig/network/config:
NETCONFIG_DNS_POLICY='STATIC' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_STATIC_SEARCHLIST='valinor' NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1' NETCONFIG_DNS_FORWARDER_FALLBACK="yes"
It *has* to be done this way or it doesn't work properly.
I beg to differ. On my office laptop, the only place I use dnsmasq, I have the following: NETCONFIG_DNS_POLICY='auto' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_STATIC_SEARCHLIST='' NETCONFIG_DNS_STATIC_SERVERS='' NETCONFIG_DNS_FORWARDER_FALLBACK="yes" It works just fine, so clearly it doesn't *have* to be done your way. Local nameservers are included from /etc/resolv.conf, added to the dnsmasq config.
/etc/resolv.conf must point only to the local dnsmasq service.
I disagree. This works perfectly fine for me: search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
It must not be allowed to point to external servers, because that means that programs (say firefox) may bypass dnsmasq and waste time waiting for the remote server to answer.
I suggest that is plainly wrong. Most applications do not "bypass" dnsmasq, they are not even aware. Applications use the glibc resolver, which works in a well-defined way. For instance, nameservers are tried in the order they are listed. (unless you have specified "options rotate").
The only remaining issue is finding out why the router sends advertisements that causes Linux to rewrite the "/run/wicked/leaseinfo.eth0.auto.ipv6" to be written every minute, despite nothing apparently changing.
FWIW, mine also changes quite often, but it varies - sometimes after 30 seconds, sometimes 3 minutes.
Which to me means the fault is not my router, but Linux, ie, wicked. NM works properly.
Well, as you are excluding the router, I guess it is something specific to your machine, so we can close with "unable to reproduce". I have 25-30 machines with wicked, one with NM. Hmm, I might have a Raspi with NM, not sure. -- Per Jessen, Zürich (23.1°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-05-09 15:20, Per Jessen wrote:
Carlos E. R. wrote:
El 2023-05-09 a las 09:05 +0200, Per Jessen escribió:
AND, I can not use a file that changes every minute, even if I wanted what it contains!
Well, although it is of course too much, it would still work.
(with a lot of noise in the logs. I can not stand that, it drives me nuts. I was trained to analyze logs, it was my job. That is the problem that started this thread, noise in the logs).
Well, if that is your primary focus, log messages can be suppressed. :-)
I know, but I prefer to find the cause.
Per, I'll try to explain again. The way dnsmasq works, it *has* to be configured this way (if using wicked):
There is really no need to explain, I am perfectly well aware of how it works. The man page is very comprehensive.
To achieve the above, I need this /etc/sysconfig/network/config:
NETCONFIG_DNS_POLICY='STATIC' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_STATIC_SEARCHLIST='valinor' NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1' NETCONFIG_DNS_FORWARDER_FALLBACK="yes"
It *has* to be done this way or it doesn't work properly.
I beg to differ. On my office laptop, the only place I use dnsmasq, I have the following:
NETCONFIG_DNS_POLICY='auto' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_STATIC_SEARCHLIST='' NETCONFIG_DNS_STATIC_SERVERS='' NETCONFIG_DNS_FORWARDER_FALLBACK="yes"
It works just fine, so clearly it doesn't *have* to be done your way. Local nameservers are included from /etc/resolv.conf, added to the dnsmasq config.
/etc/resolv.conf must point only to the local dnsmasq service.
I disagree. This works perfectly fine for me:
It works, but it is not optimal. IMO.
search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
It must not be allowed to point to external servers, because that means that programs (say firefox) may bypass dnsmasq and waste time waiting for the remote server to answer.
I suggest that is plainly wrong. Most applications do not "bypass" dnsmasq, they are not even aware. Applications use the glibc resolver, which works in a well-defined way. For instance, nameservers are tried in the order they are listed. (unless you have specified "options rotate").
Precisely. I want applications to only use 127.0.0.1. If it is the glibc resolver who does that, it is not relevant.
The only remaining issue is finding out why the router sends advertisements that causes Linux to rewrite the "/run/wicked/leaseinfo.eth0.auto.ipv6" to be written every minute, despite nothing apparently changing.
FWIW, mine also changes quite often, but it varies - sometimes after 30 seconds, sometimes 3 minutes.
Which to me means the fault is not my router, but Linux, ie, wicked. NM works properly.
Well, as you are excluding the router, I guess it is something specific to your machine, so we can close with "unable to reproduce". I have 25-30 machines with wicked, one with NM. Hmm, I might have a Raspi with NM, not sure.
No, all my machines using wicked show the same behaviour. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
/etc/resolv.conf must point only to the local dnsmasq service.
I disagree. This works perfectly fine for me:
It works, but it is not optimal. IMO.
You could try to explain _why_ it isn't optimal. For me, it it 100% optimal: The resolver tries the following - * nscd * forwarders per resolv.conf (in order). The first one is 127.0.0.1, i.e. dnsmasq. Job done. Only if dnsmasq fails to deliver will the resolver try the remaining forwarders. (which dnsmasq already tried). I fail to see what is sub-optimal about that.
search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
It must not be allowed to point to external servers, because that means that programs (say firefox) may bypass dnsmasq and waste time waiting for the remote server to answer.
I suggest that is plainly wrong. Most applications do not "bypass" dnsmasq, they are not even aware. Applications use the glibc resolver, which works in a well-defined way. For instance, nameservers are tried in the order they are listed. (unless you have specified "options rotate").
Precisely.
Huh? I have just explained why you are wrong and you agree ?? I'll have to make a note in my calendar :-) Actually, unless "strict-order" is configured, dnsmasq will prefer servers it knows are up. It's not so important though.
Well, as you are excluding the router, I guess it is something specific to your machine, so we can close with "unable to reproduce". I have 25-30 machines with wicked, one with NM. Hmm, I might have a Raspi with NM, not sure.
No, all my machines using wicked show the same behaviour.
Yet you conclude the machines are all wrong ... it can't be some common factor. -- Per Jessen, Zürich (22.1°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-05-09 16:26, Per Jessen wrote:
Carlos E. R. wrote:
/etc/resolv.conf must point only to the local dnsmasq service.
I disagree. This works perfectly fine for me:
It works, but it is not optimal. IMO.
You could try to explain _why_ it isn't optimal. For me, it it 100% optimal:
The resolver tries the following -
* nscd * forwarders per resolv.conf (in order).
The first one is 127.0.0.1, i.e. dnsmasq. Job done.
Only if dnsmasq fails to deliver will the resolver try the remaining forwarders. (which dnsmasq already tried).
I fail to see what is sub-optimal about that.
I want it to fail and report. If dnsmasq is not answering, it is not optimal.
search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
It must not be allowed to point to external servers, because that means that programs (say firefox) may bypass dnsmasq and waste time waiting for the remote server to answer.
I suggest that is plainly wrong. Most applications do not "bypass" dnsmasq, they are not even aware. Applications use the glibc resolver, which works in a well-defined way. For instance, nameservers are tried in the order they are listed. (unless you have specified "options rotate").
Precisely.
Huh? I have just explained why you are wrong and you agree ?? I'll have to make a note in my calendar :-)
The details of how it works are mostly irrelevant, I just want dnsmasq to process and answer all queries, not a backup or external resolver.
Actually, unless "strict-order" is configured, dnsmasq will prefer servers it knows are up. It's not so important though.
Well, as you are excluding the router, I guess it is something specific to your machine, so we can close with "unable to reproduce". I have 25-30 machines with wicked, one with NM. Hmm, I might have a Raspi with NM, not sure.
No, all my machines using wicked show the same behaviour.
Yet you conclude the machines are all wrong ... it can't be some common factor.
"The behaviour" is about the resolv.conf rotating fast. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
I just want dnsmasq to process and answer all queries, not a backup or external resolver.
That is _exactly_ what it does in the config I posted above: search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
Yet you conclude the machines are all wrong ... it can't be some common factor.
"The behaviour" is about the resolv.conf rotating fast.
Yes, and you blame all of your machines and chose to ignore the one common factor - a factor: a) you have no control over and b) known to exhibit odd behaviour. -- Per Jessen, Zürich (21.1°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-05-09 16:46, Per Jessen wrote:
Carlos E. R. wrote:
I just want dnsmasq to process and answer all queries, not a backup or external resolver.
That is _exactly_ what it does in the config I posted above:
search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
You mean that all those IPs are the same single machine, 127.0.0.1? Because that is not what I get when I leave it to automatics. I get there the DNSs the router says. I do not want what the router says.
Yet you conclude the machines are all wrong ... it can't be some common factor.
"The behaviour" is about the resolv.conf rotating fast.
Yes, and you blame all of your machines and chose to ignore the one common factor - a factor:
a) you have no control over and b) known to exhibit odd behaviour.
You forget that the machines that use NM do not exhibit the problem, despite using the same crap router. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
On 2023-05-09 16:46, Per Jessen wrote:
Carlos E. R. wrote:
I just want dnsmasq to process and answer all queries, not a backup or external resolver.
That is _exactly_ what it does in the config I posted above:
search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
You mean that all those IPs are the same single machine, 127.0.0.1?
No - 127.0.0.1 is the local host, inserted by netconfig, with dnsmasq listening, but the other two are indeed just one machine, our core DNS, supplied by dhcp/RA. With that config, dnsmasq processes and answers all queries which is what you said you want.
Because that is not what I get when I leave it to automatics. I get there the DNSs the router says. I do not want what the router says.
Oh. Well, I do, otherwise dnsmasq will not have any forwarders.
Yet you conclude the machines are all wrong ... it can't be some common factor.
"The behaviour" is about the resolv.conf rotating fast.
Yes, and you blame all of your machines and chose to ignore the one common factor - a factor:
a) you have no control over and b) known to exhibit odd behaviour.
You forget that the machines that use NM do not exhibit the problem, despite using the same crap router.
No, but you have perhaps forgotten that dnsmasq on that machine uses a different config. afair, it does not look at /etc/resolv.conf. -- Per Jessen, Zürich (14.7°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-05-09 20:42, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-05-09 16:46, Per Jessen wrote:
Carlos E. R. wrote:
I just want dnsmasq to process and answer all queries, not a backup or external resolver.
That is _exactly_ what it does in the config I posted above:
search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
You mean that all those IPs are the same single machine, 127.0.0.1?
No - 127.0.0.1 is the local host, inserted by netconfig, with dnsmasq listening, but the other two are indeed just one machine, our core DNS, supplied by dhcp/RA.
With that config, dnsmasq processes and answers all queries which is what you said you want.
Ok. But if dnsmasq fails, then the other servers will be queried instead, silently, so the failure of dnsmasq is not noticed. In a server I probably should want that, but not on a desktop machine. I prefer it to fail so that I know.
Because that is not what I get when I leave it to automatics. I get there the DNSs the router says. I do not want what the router says.
Oh. Well, I do, otherwise dnsmasq will not have any forwarders.
Yet you conclude the machines are all wrong ... it can't be some common factor.
"The behaviour" is about the resolv.conf rotating fast.
Yes, and you blame all of your machines and chose to ignore the one common factor - a factor:
a) you have no control over and b) known to exhibit odd behaviour.
You forget that the machines that use NM do not exhibit the problem, despite using the same crap router.
No, but you have perhaps forgotten that dnsmasq on that machine uses a different config. afair, it does not look at /etc/resolv.conf.
Correct, it looks at /run/NetworkManager/no-stub-resolv.conf. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
On 2023-05-09 20:42, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-05-09 16:46, Per Jessen wrote:
Carlos E. R. wrote:
I just want dnsmasq to process and answer all queries, not a backup or external resolver.
That is _exactly_ what it does in the config I posted above:
search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
You mean that all those IPs are the same single machine, 127.0.0.1?
No - 127.0.0.1 is the local host, inserted by netconfig, with dnsmasq listening, but the other two are indeed just one machine, our core DNS, supplied by dhcp/RA.
With that config, dnsmasq processes and answers all queries which is what you said you want.
Ok. But if dnsmasq fails,
Ah yes, the once in a decade event.
then the other servers will be queried instead, silently, so the failure of dnsmasq is not noticed.
Actually, it will be noticed when dnsmasq fails to do what it is supposed to do. In my case, I direct queries for certain domains to certain nameservers. If that were to fail, I would notice the next time I tried to access servers on those domains. -- Per Jessen, Zürich (15.0°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-05-09 20:58, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-05-09 20:42, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-05-09 16:46, Per Jessen wrote:
Carlos E. R. wrote:
I just want dnsmasq to process and answer all queries, not a backup or external resolver.
That is _exactly_ what it does in the config I posted above:
search local.net z.local.net i.local.net nameserver 127.0.0.1 nameserver 192.168.2.254 nameserver 2001:db8:4c68:1::1000
You mean that all those IPs are the same single machine, 127.0.0.1?
No - 127.0.0.1 is the local host, inserted by netconfig, with dnsmasq listening, but the other two are indeed just one machine, our core DNS, supplied by dhcp/RA.
With that config, dnsmasq processes and answers all queries which is what you said you want.
Ok. But if dnsmasq fails,
Ah yes, the once in a decade event.
BTDT.
then the other servers will be queried instead, silently, so the failure of dnsmasq is not noticed.
Actually, it will be noticed when dnsmasq fails to do what it is supposed to do. In my case, I direct queries for certain domains to certain nameservers. If that were to fail, I would notice the next time I tried to access servers on those domains.
Right. Something similar here, but the backup (running bind in the miniserver) has some similar entries, so I might not notice, the change would be subtle. I prefer a drastic failure :-D -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 09.05.2023 15:29, Carlos E. R. wrote: ...
To achieve the above, I need this /etc/sysconfig/network/config:
NETCONFIG_DNS_POLICY='STATIC' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_STATIC_SEARCHLIST='valinor' NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1' NETCONFIG_DNS_FORWARDER_FALLBACK="yes"
It *has* to be done this way or it doesn't work properly. I have tested in many different manners, and this is the best.
WHY?
/etc/resolv.conf must point only to the local dnsmasq service. It must not be allowed to point to external servers, because that means that programs (say firefox) may bypass dnsmasq and waste time waiting for the remote server to answer.
On the other hand, dnsmasq must know about the external servers, it is its job. This can be a static definition, as I am doing right now, or a dynamic definition in some external file, which is what it had.
You set NETCONFIG_DNS_FORWARDER='dnsmasq' which expressly says that you wanted netconfig to update dnsmasq configuration. Now it turns out that you do not want or intend to update dnsmasq configuration. Of course, first telling netconfig to do something and then not providing it enough information to perform its task has the same effect as telling netconfig to not do something but how could anyone guess it? This is very roundabout way to simply disable /etc/resolv.conf management altogether (which would at least quite clearly state your actual intent).
On 2023-05-09 16:15, Andrei Borzenkov wrote:
On 09.05.2023 15:29, Carlos E. R. wrote: ...
To achieve the above, I need this /etc/sysconfig/network/config:
NETCONFIG_DNS_POLICY='STATIC' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_STATIC_SEARCHLIST='valinor' NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1' NETCONFIG_DNS_FORWARDER_FALLBACK="yes"
It *has* to be done this way or it doesn't work properly. I have tested in many different manners, and this is the best.
WHY?
/etc/resolv.conf must point only to the local dnsmasq service. It must not be allowed to point to external servers, because that means that programs (say firefox) may bypass dnsmasq and waste time waiting for the remote server to answer.
On the other hand, dnsmasq must know about the external servers, it is its job. This can be a static definition, as I am doing right now, or a dynamic definition in some external file, which is what it had.
You set NETCONFIG_DNS_FORWARDER='dnsmasq' which expressly says that you wanted netconfig to update dnsmasq configuration.
I do not know what exactly does that variable. The comments on the config file say very little.
Now it turns out that you do not want or intend to update dnsmasq configuration. Of course, first telling netconfig to do something and then not providing it enough information to perform its task has the same effect as telling netconfig to not do something but how could anyone guess it? This is very roundabout way to simply disable /etc/resolv.conf management altogether (which would at least quite clearly state your actual intent).
With NM, I use: resolv-file=/run/NetworkManager/no-stub-resolv.conf this file contains: search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250 nameserver 2a02:9000::aaaa nameserver 2a02:9000::bbbb whereas /etc/resolv.conf contains: search valinor nameserver 127.0.0.1 This is exactly what I want. Using wicked, I want the same thing, but the resolv files I know about contains both remote and local information. So I can not get what I want unless I write a static dnsmasq.conf file myself. I hope that clarifies the situation for you. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
With NM, I use: resolv-file=/run/NetworkManager/no-stub-resolv.conf
this file contains:
search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250 nameserver 2a02:9000::aaaa nameserver 2a02:9000::bbbb
whereas /etc/resolv.conf contains:
search valinor nameserver 127.0.0.1
This is your _static_ config, iirc ? Having dnsmasq use the custom resolv-file above is the solution we worked out in a previous lengthy thread.
Using wicked, I want the same thing, but the resolv files I know about contains both remote and local information. So I can not get what I want unless I write a static dnsmasq.conf file myself.
IOW, you want to keep your static config for /etc/resolv.conf, but you also want the dynamic info (from dhcp or RA) to include in dnsmasq.conf. I have not done a comprehensive search, but I don't see that wicked writes any such file for that use. I don't understand why you refuse to use a regular dynamic config, such as what I showed you earlier, but I see wicked has some scripting options, maybe you can build some bespoke solution. -- Per Jessen, Zürich (18.9°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 09.05.2023 18:40, Per Jessen wrote:
IOW, you want to keep your static config for /etc/resolv.conf, but you also want the dynamic info (from dhcp or RA) to include in dnsmasq.conf. I have not done a comprehensive search, but I don't see that wicked writes any such file for that use.
Of course it does (strictly speaking, it calls netconfig which writes this file). It is /var/run/dnsmasq-forwarders.conf if you set NETCONFIG_DNS_FORWARDER=dnsmasq. What netconfig *also* does in this case (and this seems to be poorly/not documented) is to *also* update /etc/resolv.conf. It does add 127.0.0.1 as the first entry, but it also puts there the same upstream name servers as in /var/run/dnsmasq-forwarders.conf. There is no way to stop netconfig doing it as long as /etc/resolv.conf remains under control of netconfig. One would need to manage it manually (which should not be a problem as long as it has permanent entry 127.0.0.1). But I believe we already suggested it from the very beginning and this suggestion was rejected for some reasons.
I don't understand why you refuse to use a regular dynamic config, such as what I showed you earlier, but I see wicked has some scripting options, maybe you can build some bespoke solution.
When choosing between relatively good documented netconfig and completely undocumented wicked xml configuration I would certainly prefer netconfig. Although of course it is possible to simply model your own extension on how netconfig extension works, it is not overly complicated.
Andrei Borzenkov wrote:
On 09.05.2023 18:40, Per Jessen wrote:
IOW, you want to keep your static config for /etc/resolv.conf, but you also want the dynamic info (from dhcp or RA) to include in dnsmasq.conf. I have not done a comprehensive search, but I don't see that wicked writes any such file for that use.
Of course it does (strictly speaking, it calls netconfig which writes this file). It is /var/run/dnsmasq-forwarders.conf if you set NETCONFIG_DNS_FORWARDER=dnsmasq.
What netconfig *also* does in this case (and this seems to be poorly/not documented) is to *also* update /etc/resolv.conf. It does add 127.0.0.1 as the first entry, but it also puts there the same upstream name servers as in /var/run/dnsmasq-forwarders.conf.
Right, which is the setup that works for me.
I don't understand why you refuse to use a regular dynamic config, such as what I showed you earlier, but I see wicked has some scripting options, maybe you can build some bespoke solution.
When choosing between relatively good documented netconfig and completely undocumented wicked xml configuration I would certainly prefer netconfig.
:-)
Although of course it is possible to simply model your own extension on how netconfig extension works, it is not overly complicated.
Maybe Carlos should consider just switching to NM, if he can't make wicked do what he wants. -- Per Jessen, Zürich (15.0°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-05-09 18:40, Per Jessen wrote:
Andrei Borzenkov wrote:
On 09.05.2023 18:40, Per Jessen wrote:
IOW, you want to keep your static config for /etc/resolv.conf, but you also want the dynamic info (from dhcp or RA) to include in dnsmasq.conf. I have not done a comprehensive search, but I don't see that wicked writes any such file for that use.
Of course it does (strictly speaking, it calls netconfig which writes this file). It is /var/run/dnsmasq-forwarders.conf if you set NETCONFIG_DNS_FORWARDER=dnsmasq.
What netconfig *also* does in this case (and this seems to be poorly/not documented) is to *also* update /etc/resolv.conf. It does add 127.0.0.1 as the first entry, but it also puts there the same upstream name servers as in /var/run/dnsmasq-forwarders.conf.
Right, which is the setup that works for me.
I don't understand why you refuse to use a regular dynamic config, such as what I showed you earlier, but I see wicked has some scripting options, maybe you can build some bespoke solution.
When choosing between relatively good documented netconfig and completely undocumented wicked xml configuration I would certainly prefer netconfig.
:-)
Although of course it is possible to simply model your own extension on how netconfig extension works, it is not overly complicated.
Maybe Carlos should consider just switching to NM, if he can't make wicked do what he wants.
Thanks, but I got what I want configuring static options in "/etc/sysconfig/network/config" and dnsmasq.conf. No need to change to NM in this machine. However, the future is migrating all to NM, so I might do that anyway, one day I'm bored. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 2023-05-09 18:20, Andrei Borzenkov wrote:
On 09.05.2023 18:40, Per Jessen wrote:
IOW, you want to keep your static config for /etc/resolv.conf, but you also want the dynamic info (from dhcp or RA) to include in dnsmasq.conf. I have not done a comprehensive search, but I don't see that wicked writes any such file for that use.
Of course it does (strictly speaking, it calls netconfig which writes this file). It is /var/run/dnsmasq-forwarders.conf if you set NETCONFIG_DNS_FORWARDER=dnsmasq.
Telcontar:~ # grep NETCONFIG_DNS_FORWARDER /etc/sysconfig/network/config #NETCONFIG_DNS_FORWARDER='resolver' NETCONFIG_DNS_FORWARDER='dnsmasq' NETCONFIG_DNS_FORWARDER_FALLBACK="yes" Telcontar:~ # cat /var/run/dnsmasq-forwarders.conf ### /run/dnsmasq-forwarders.conf: global dns forwarders ### for use as dnsmasq --resolv-file, autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. # nameserver 192.168.1.16 Telcontar:~ # The router information is not there. It also needs: NETCONFIG_DNS_POLICY='auto' Then I get: Telcontar:~ # cat /var/run/dnsmasq-forwarders.conf ### /run/dnsmasq-forwarders.conf: global dns forwarders ### for use as dnsmasq --resolv-file, autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. # nameserver 192.168.1.16 nameserver 2a02:9000::aaaa nameserver 2a02:9000::bbbb Telcontar:~ # (And somehow I'm getting 192.168.1.16, which is not Telcontar. NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 192.168.1.16' Solved.) But then the file /etc/resolv.conf -> /var/run/netconfig/resolv.conf changes constantly.
What netconfig *also* does in this case (and this seems to be poorly/not documented) is to *also* update /etc/resolv.conf. It does add 127.0.0.1 as the first entry, but it also puts there the same upstream name servers as in /var/run/dnsmasq-forwarders.conf.
There is no way to stop netconfig doing it as long as /etc/resolv.conf remains under control of netconfig. One would need to manage it manually (which should not be a problem as long as it has permanent entry 127.0.0.1). But I believe we already suggested it from the very beginning and this suggestion was rejected for some reasons.
I think I tried all the suggestions posted here :-) What I have now is what I want: 127.0.0.1 in /etc/resolv.conf, and only that one, and a list of external forwarders inside the dnsmasq file. All static. In case you missed it, I only want 127.0.0.1 so that if dnsmasq fails, I get a failure and not a backup machine taking over. This is my desktop machine; on a server to be accessed by other machines, I may want redundancy.
I don't understand why you refuse to use a regular dynamic config, such as what I showed you earlier, but I see wicked has some scripting options, maybe you can build some bespoke solution.
When choosing between relatively good documented netconfig and completely undocumented wicked xml configuration I would certainly prefer netconfig. Although of course it is possible to simply model your own extension on how netconfig extension works, it is not overly complicated.
-- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 09.05.2023 21:28, Carlos E. R. wrote:
In case you missed it, I only want 127.0.0.1 [in /etc/resolv.conf]
Sigh ... no, I did not miss it. You were told from the very beginning (not the beginning of *this* thread but some other on the same topic you started earlier) to edit /etc/resolv.conf and put there whatever static information you needed. You refused. Which is yet another reason for my overreaction recently.
On 2023-05-09 20:57, Andrei Borzenkov wrote:
On 09.05.2023 21:28, Carlos E. R. wrote:
In case you missed it, I only want 127.0.0.1 [in /etc/resolv.conf]
Sigh ... no, I did not miss it. You were told from the very beginning (not the beginning of *this* thread but some other on the same topic you started earlier) to edit /etc/resolv.conf and put there whatever static information you needed. You refused. Which is yet another reason for my overreaction recently.
Ok, fair enough. But I get a similar result with: NETCONFIG_DNS_POLICY='STATIC' NETCONFIG_DNS_STATIC_SEARCHLIST='valinor' NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1' -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 09.05.2023 22:35, Carlos E. R. wrote:
On 2023-05-09 20:57, Andrei Borzenkov wrote:
On 09.05.2023 21:28, Carlos E. R. wrote:
In case you missed it, I only want 127.0.0.1 [in /etc/resolv.conf]
Sigh ... no, I did not miss it. You were told from the very beginning (not the beginning of *this* thread but some other on the same topic you started earlier) to edit /etc/resolv.conf and put there whatever static information you needed. You refused. Which is yet another reason for my overreaction recently.
Ok, fair enough.
But I get a similar result with:
NETCONFIG_DNS_POLICY='STATIC'
No you do not. You miss dynamic information from DHCP server to be included in dnsmasq.
NETCONFIG_DNS_STATIC_SEARCHLIST='valinor'
NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1'
On 2023-05-10 05:52, Andrei Borzenkov wrote:
On 09.05.2023 22:35, Carlos E. R. wrote:
On 2023-05-09 20:57, Andrei Borzenkov wrote:
On 09.05.2023 21:28, Carlos E. R. wrote:
In case you missed it, I only want 127.0.0.1 [in /etc/resolv.conf]
Sigh ... no, I did not miss it. You were told from the very beginning (not the beginning of *this* thread but some other on the same topic you started earlier) to edit /etc/resolv.conf and put there whatever static information you needed. You refused. Which is yet another reason for my overreaction recently.
Ok, fair enough.
But I get a similar result with:
NETCONFIG_DNS_POLICY='STATIC'
No you do not. You miss dynamic information from DHCP server to be included in dnsmasq.
Correct. But I can live without that. It is not supposed to change in decades (at least the IPv4 DNS servers haven't), and the machine is not a laptop. And anyway, if I get the information, as I am using wicked, it is not possible to use whatever file because it changes way too fast. And, if I decide to use dynamic info, I would switch to NM.
NETCONFIG_DNS_STATIC_SEARCHLIST='valinor'
NETCONFIG_DNS_STATIC_SERVERS='127.0.0.1 ::1'
-- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 2023-05-09 17:40, Per Jessen wrote:
Carlos E. R. wrote:
With NM, I use: resolv-file=/run/NetworkManager/no-stub-resolv.conf
this file contains:
search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250 nameserver 2a02:9000::aaaa nameserver 2a02:9000::bbbb
Dynamic and automatic
whereas /etc/resolv.conf contains:
search valinor nameserver 127.0.0.1
static but automatic /etc/resolv.conf -> /run/netconfig/resolv.conf
This is your _static_ config, iirc ? Having dnsmasq use the custom resolv-file above is the solution we worked out in a previous lengthy thread.
Yes, of course, that's the machine involved in the previous lengthy thread.
Using wicked, I want the same thing, but the resolv files I know about contains both remote and local information. So I can not get what I want unless I write a static dnsmasq.conf file myself.
IOW, you want to keep your static config for /etc/resolv.conf, but you also want the dynamic info (from dhcp or RA) to include in dnsmasq.conf.
Yes.
I have not done a comprehensive search, but I don't see that wicked writes any such file for that use.
NM does.
I don't understand why you refuse to use a regular dynamic config, such as what I showed you earlier, but I see wicked has some scripting options, maybe you can build some bespoke solution.
No need, thanks. I already explained how I am doing it in a way that works with wicked. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
This is your _static_ config, iirc ? Having dnsmasq use the custom resolv-file above is the solution we worked out in a previous lengthy thread.
Yes, of course, that's the machine involved in the previous lengthy thread.
Just checking - you can't expect us to keep track of your hardware.
Using wicked, I want the same thing, but the resolv files I know about contains both remote and local information. So I can not get what I want unless I write a static dnsmasq.conf file myself.
IOW, you want to keep your static config for /etc/resolv.conf, but you also want the dynamic info (from dhcp or RA) to include in dnsmasq.conf.
Yes.
I don't know if that is possible, good luck.
I have not done a comprehensive search, but I don't see that wicked writes any such file for that use.
NM does.
Good, so you just have to switch to NM.
I don't understand why you refuse to use a regular dynamic config, such as what I showed you earlier, but I see wicked has some scripting options, maybe you can build some bespoke solution.
No need, thanks. I already explained how I am doing it in a way that works with wicked.
Oh. I must have missed that. Good for you. -- Per Jessen, Zürich (14.8°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-05-09 20:51, Per Jessen wrote:
Carlos E. R. wrote:
This is your _static_ config, iirc ? Having dnsmasq use the custom resolv-file above is the solution we worked out in a previous lengthy thread.
Yes, of course, that's the machine involved in the previous lengthy thread.
Just checking - you can't expect us to keep track of your hardware.
Right, thus I mention it.
Using wicked, I want the same thing, but the resolv files I know about contains both remote and local information. So I can not get what I want unless I write a static dnsmasq.conf file myself.
IOW, you want to keep your static config for /etc/resolv.conf, but you also want the dynamic info (from dhcp or RA) to include in dnsmasq.conf.
Yes.
I don't know if that is possible, good luck.
With NM, yes. It is what the Laicolasse laptop mentioned above has.
I have not done a comprehensive search, but I don't see that wicked writes any such file for that use.
NM does.
Good, so you just have to switch to NM.
There is no hurry :-) Eventually, openSUSE is migrating to NM. I may anticipate one bored day.
I don't understand why you refuse to use a regular dynamic config, such as what I showed you earlier, but I see wicked has some scripting options, maybe you can build some bespoke solution.
No need, thanks. I already explained how I am doing it in a way that works with wicked.
Oh. I must have missed that. Good for you.
Oh, no... guess I have to repeat my summary post again... :-P (guess not) :-D -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
participants (3)
-
Andrei Borzenkov -
Carlos E. R. -
Per Jessen