Re: [oS-en] Problem with /etc/resolv.conf, with intention of using dnsmasq
I suggest you read info on the following website to understand what (and how) the ‘search’ directive is used. It’s clearly not the way you are trying to use it. <https://www.baeldung.com/linux/etc-resolv-conf-file> [Linux-Featured-Image-12-k.png] The /etc/resolv.conf File | Baeldung on Linux<https://www.baeldung.com/linux/etc-resolv-conf-file> baeldung.com<https://www.baeldung.com/linux/etc-resolv-conf-file> Ken Schneider
On 04/04/2023 16:26, kschneider bout-tyme.net wrote:
I suggest you read info on the following website to understand what (and how) the ‘search’ directive is used. It’s clearly not the way you are trying to use it.
Uh, I have no issue with the search directive and how it works. How do you think I am using it currently? -- Per Jessen, Herrliberg (8.4°C)
Sorry Per, This wasn’t aimed at you specifically but in general to the list. The directive is supposed to contain a domain name not a host name so that a FQDN can be formed for a search query. Ken Schneider
On Apr 4, 2023, at 11:02 AM, Per Jessen <per@jessen.ch> wrote:
On 04/04/2023 16:26, kschneider bout-tyme.net wrote:
I suggest you read info on the following website to understand what (and how) the ‘search’ directive is used. It’s clearly not the way you are trying to use it.
Uh, I have no issue with the search directive and how it works. How do you think I am using it currently?
-- Per Jessen, Herrliberg (8.4°C)
On 2023-04-04 17:36, kschneider bout-tyme.net wrote:
Sorry Per, This wasn’t aimed at you specifically but in general to the list. The directive is supposed to contain a domain name not a host name so that a FQDN can be formed for a search query.
Of course, but netconfig did that, not me. I know how it is supposed to work, I know what the /etc/resolv.conf should contain, but the automatics in openSUSE are interfering and doing it their way, not mine. The link you posted says: «Therefore, by modifying the /etc/resolv.conf file, we can configure various aspects of the DNS resolution mechanism.» Well, that's the problem, in openSUSE you can not modify that file. It is a symlink:
Laicolasse:~ # l /etc/resolv.conf lrwxrwxrwx 1 root root 26 Mar 28 02:36 /etc/resolv.conf -> /run/netconfig/resolv.conf Laicolasse:~ #
If you edit it, the system changes it back. So that link you posted is simply wrong, for openSUSE at least. All this thread was about somehow convincing the automatics to write what I wanted written. It would be far simpler and faster to write my own file and be done with it :-/ Unless the automatics then destroy it again somehow... -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
From: "Carlos E. R." <robin.listas@telefonica.net> Date: Tue, 4 Apr 2023 23:13:30 +0200 . . . All this thread was about somehow convincing the automatics to write what I wanted written. It would be far simpler and faster to write my own file and be done with it :-/ Unless the automatics then destroy it again somehow... -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar) Please look again at /etc/sysconfig/network/config. Under NETCONFIG_DNS_POLICY it says: # Set to "" to disable DNS configuration. I've been doing this for ages (I run djbdns), and it should work under Network Manager as well as Wicked. -- Bob
On 2023-04-05 00:11, Bob Rogers wrote:
From: "Carlos E. R." <> Date: Tue, 4 Apr 2023 23:13:30 +0200
Please look again at /etc/sysconfig/network/config. Under NETCONFIG_DNS_POLICY it says:
# Set to "" to disable DNS configuration.
I think I tried that before.
I've been doing this for ages (I run djbdns), and it should work under Network Manager as well as Wicked.
Let's try. Laicolasse:~ # grep "NETCONFIG_DNS_POLICY=" \ /etc/sysconfig/network/config #NETCONFIG_DNS_POLICY="STATIC" NETCONFIG_DNS_POLICY="" Laicolasse:~ # netconfig update -f Laicolasse:~ # tail /etc/resolv.conf # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. # ### Call "netconfig update -f" to force adjusting of /etc/resolv.conf. search valinor nameserver 127.0.0.1 Laicolasse:~ # It says: # Defines the DNS merge policy as documented in netconfig(8) manual page. # Set to "" to disable DNS configuration. Then, what DNS does it write to the resolv file? -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
On 2023-04-04 17:36, kschneider bout-tyme.net wrote:
Sorry Per, This wasn’t aimed at you specifically but in general to the list. The directive is supposed to contain a domain name not a host name so that a FQDN can be formed for a search query.
Of course, but netconfig did that, not me. I know how it is supposed to work, I know what the /etc/resolv.conf should contain, but the automatics in openSUSE are interfering and doing it their way, not mine.
FWIW, those "automatics" are not interfering in my setup :-) I think maybe it is your dhcp config that is a bit odd, always adding the hostname to the search list, afaict?
Well, that's the problem, in openSUSE you can not modify that file. It is a symlink:
rm /etc/resolv.conf vi /etc/resolv.conf (yes, it did survive the boot-up).
If you edit it, the system changes it back.
See above.
All this thread was about somehow convincing the automatics to write what I wanted written.
Yep - I presume you want your own search list, with your provider's nameservers, like this: search valinor nameserver 80.58.61.254 nameserver 80.58.61.250 -- Per Jessen, Zürich (1.4°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-04-05 08:34, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-04 17:36, kschneider bout-tyme.net wrote:
Sorry Per, This wasn’t aimed at you specifically but in general to the list. The directive is supposed to contain a domain name not a host name so that a FQDN can be formed for a search query.
Of course, but netconfig did that, not me. I know how it is supposed to work, I know what the /etc/resolv.conf should contain, but the automatics in openSUSE are interfering and doing it their way, not mine.
FWIW, those "automatics" are not interfering in my setup :-) I think maybe it is your dhcp config that is a bit odd, always adding the hostname to the search list, afaict?
My dhcp doesn't have the capability to add a "search" item. And no, I do not want dhcp to set it up in my laptop. I want, as I move from location to location, that the dns/search information not to change. (see my other post for what it actually sends)
Well, that's the problem, in openSUSE you can not modify that file. It is a symlink:
rm /etc/resolv.conf vi /etc/resolv.conf
(yes, it did survive the boot-up).
Ok, I did not know this, not for sure. Doesn't any tool access /var/run/netconfig/resolv.conf directly and thus break the edited file by not using it? You could have said this on instant zero.
If you edit it, the system changes it back.
See above.
All this thread was about somehow convincing the automatics to write what I wanted written.
Yep - I presume you want your own search list, with your provider's nameservers, like this:
search valinor nameserver 80.58.61.254 nameserver 80.58.61.250
No! I want what I have now: search valinor nameserver 127.0.0.1 possibly with the ISP nameservers added below. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
On 2023-04-05 08:34, Per Jessen wrote:
FWIW, those "automatics" are not interfering in my setup :-) I think maybe it is your dhcp config that is a bit odd, always adding the hostname to the search list, afaict?
My dhcp doesn't have the capability to add a "search" item. And no, I do not want dhcp to set it up in my laptop. I want, as I move from location to location, that the dns/search information not to change.
Okay, so we have to look elsewhere. Your config has the hostname in the searchlist, mine doesn't.
Well, that's the problem, in openSUSE you can not modify that file. It is a symlink:
rm /etc/resolv.conf vi /etc/resolv.conf
(yes, it did survive the boot-up).
Ok, I did not know this, not for sure. Doesn't any tool access /var/run/netconfig/resolv.conf directly and thus break the edited file by not using it?
I'm sure /run/netconfig/resolv.conf is still being generated, but when when it is not being used, it doesn't hurt.
You could have said this on instant zero.
It wasn't clear what your problem was nor that you would be happy with this "big hammer" solution. I wouldn't want such a solution - I would want my setup to work as it is supposed to.
Yep - I presume you want your own search list, with your provider's nameservers, like this:
search valinor nameserver 80.58.61.254 nameserver 80.58.61.250
No!
I want what I have now:
search valinor nameserver 127.0.0.1
possibly with the ISP nameservers added below.
Okay, so really very close to what I suggested, except for the 127.0.0.1. How does your dnsmasq config get hold of the upstream nameservers? -- Per Jessen, Zürich (5.7°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
Per Jessen wrote:
I want what I have now:
search valinor nameserver 127.0.0.1
possibly with the ISP nameservers added below.
Okay, so really very close to what I suggested, except for the 127.0.0.1.
I changed my config as follows: NETCONFIG_DNS_POLICY="STATIC" NETCONFIG_DNS_STATIC_SEARCHLIST="valinor" I retained these two: NETCONFIG_DNS_FORWARDER="resolver" NETCONFIG_DNS_FORWARDER_FALLBACK="yes" After "netconfig update", I have /etc/resolv.conf : search valinor nameserver 127.0.0.1 -- Per Jessen, Zürich (4.6°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-04-05 11:49, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-05 08:34, Per Jessen wrote:
FWIW, those "automatics" are not interfering in my setup :-) I think maybe it is your dhcp config that is a bit odd, always adding the hostname to the search list, afaict?
My dhcp doesn't have the capability to add a "search" item. And no, I do not want dhcp to set it up in my laptop. I want, as I move from location to location, that the dns/search information not to change.
Okay, so we have to look elsewhere. Your config has the hostname in the searchlist, mine doesn't.
It does when using: NETCONFIG_DNS_POLICY="auto" If I set it to NETCONFIG_DNS_POLICY="STATIC" then I get: search valinor
Well, that's the problem, in openSUSE you can not modify that file. It is a symlink:
rm /etc/resolv.conf vi /etc/resolv.conf
(yes, it did survive the boot-up).
Ok, I did not know this, not for sure. Doesn't any tool access /var/run/netconfig/resolv.conf directly and thus break the edited file by not using it?
I'm sure /run/netconfig/resolv.conf is still being generated, but when when it is not being used, it doesn't hurt.
You could have said this on instant zero.
It wasn't clear what your problem was nor that you would be happy with this "big hammer" solution. I wouldn't want such a solution - I would want my setup to work as it is supposed to.
I also want my setup to work as it should. But in my first post I said: «The only way out I see is editing my own resolv file :-/» I did edit the file, but did not delete the symlink first.
Yep - I presume you want your own search list, with your provider's nameservers, like this:
search valinor nameserver 80.58.61.254 nameserver 80.58.61.250
No!
I want what I have now:
search valinor nameserver 127.0.0.1
possibly with the ISP nameservers added below.
Okay, so really very close to what I suggested, except for the 127.0.0.1.
How does your dnsmasq config get hold of the upstream nameservers?
It doesn't. For instance, in "/etc/openvpn/heroes" there is a script, client.up, which writes "/etc/dnsmasq.opensuseservers.conf". On disconnect, it writes a 0 bytes file. So, in my /etc/dnsmasq.conf file I define generic servers: # resolver4.opendns.com server=208.67.222.222 # resolver2.opendns.com server=208.67.222.220 # http://www.privacyfoundation.ch/ server=77.109.138.45 server=77.109.138.29 # https://digitalcourage.de/support/zensurfreier-dns-server server=85.214.20.141 #clooudfare server=1.1.1.1 server=1.0.0.1 # Google servers #server=8.8.8.8 #server=8.8.4.4 On 2023-04-05 11:56, Per Jessen wrote:
Per Jessen wrote:
I want what I have now:
search valinor nameserver 127.0.0.1
possibly with the ISP nameservers added below.
Okay, so really very close to what I suggested, except for the 127.0.0.1.
I changed my config as follows:
NETCONFIG_DNS_POLICY="STATIC" NETCONFIG_DNS_STATIC_SEARCHLIST="valinor"
I retained these two:
NETCONFIG_DNS_FORWARDER="resolver" NETCONFIG_DNS_FORWARDER_FALLBACK="yes"
After "netconfig update", I have /etc/resolv.conf :
search valinor nameserver 127.0.0.1
Yes, that's what I get now (I use "netconfig update -f"). Laicolasse:~ # grep "NETCONFIG_DNS_STATIC_SEARCHLIST\|NETCONFIG_DNS_STATIC_SERVERS\|NETCONFIG_DNS_FORWARDER\|NETCONFIG_DNS_POLICY" /etc/sysconfig/network/config | egrep -v "^[[:space:]]*$|^#" NETCONFIG_DNS_POLICY="STATIC" NETCONFIG_DNS_FORWARDER="dnsmasq" NETCONFIG_DNS_FORWARDER_FALLBACK="yes" NETCONFIG_DNS_STATIC_SEARCHLIST="valinor" NETCONFIG_DNS_STATIC_SERVERS="127.0.0.1" Laicolasse:~ # Laicolasse:~ # tail /etc/resolv.conf | egrep -v "^[[:space:]]*$|^#" search valinor nameserver 127.0.0.1 Laicolasse:~ # -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
On 2023-04-05 11:49, Per Jessen wrote:
Okay, so we have to look elsewhere. Your config has the hostname in the searchlist, mine doesn't.
It does when using:
NETCONFIG_DNS_POLICY="auto"
If I set it to
NETCONFIG_DNS_POLICY="STATIC"
then I get:
search valinor
Right. I use "auto" and it merges the dhcp info and adds 127.0.0.1 for dnsmasq. Yours gets "Laicolasse.valinor" from <somewhere>. I assume you are assigning hostnames statically, at installation time?
How does your dnsmasq config get hold of the upstream nameservers?
It doesn't.
Ah, okay, you use public nameservers.
Laicolasse:~ # tail /etc/resolv.conf | egrep -v "^[[:space:]]*$|^#" search valinor nameserver 127.0.0.1
So the solution for you is to use NETCONFIG_DNS_POLICY="STATIC" which does seem correct, given that you use a static setup. -- Per Jessen, Zürich (6.7°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-04-05 12:43, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-05 11:49, Per Jessen wrote:
Okay, so we have to look elsewhere. Your config has the hostname in the searchlist, mine doesn't.
It does when using:
NETCONFIG_DNS_POLICY="auto"
If I set it to
NETCONFIG_DNS_POLICY="STATIC"
then I get:
search valinor
Right. I use "auto" and it merges the dhcp info and adds 127.0.0.1 for dnsmasq.
The 127 line must be the first in order to work. Some of the combinations yerstady had it at the end. Ah, yes, if you allow NM to set it up, it is appended, not prepended.
Yours gets "Laicolasse.valinor" from <somewhere>. I assume you are assigning hostnames statically, at installation time?
Yes... Laicolasse:~ # l /etc/hostname -rw-r--r-- 1 root root 19 Apr 4 00:04 /etc/hostname Laicolasse:~ # cat /etc/hostname Laicolasse.valinor Laicolasse:~ # I did that in YaST, I think. In GUI mode, the Domain Search box is greyed out, in the paste here you can not notice. And of course, using NM, many things are greyed out.
YaST2 - lan @ Laicolasse.valinor
Network Settings ┌Global Options──Overview──Hostname/DNS──Routing─────────────────────────────────────────────┐ │Static Hostname │ │Laicolasse.valinor▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │Set Hostname via DHCP no▒▒▒▒▒▒▒▒▒↓ │ │ │ │Modify DNS Configuration Custom Policy Rule │ │Use Custom Policy▒▒▒▒▒▒↓ STATIC▒▒▒▒▒▒▒▒▒▒▒↓ │ │┌Name Servers and Domain Search List───────────────────────────────────────────────────────┐│ ││Name Server 1 ┌Domain Search───────────┐ ││ ││127.0.0.1▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ │valinor │ ││ ││Name Server 2 │ │ ││ ││▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ │ │ ││ ││Name Server 3 │ │ ││ ││▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ └────────────────────────┘ ││ │└──────────────────────────────────────────────────────────────────────────────────────────┘│ │ │ │ │ └────────────────────────────────────────────────────────────────────────────────────────────┘ [Help] [Cancel] [ OK ]
F1 Help F9 Cancel F10 OK
How does your dnsmasq config get hold of the upstream nameservers?
It doesn't.
Ah, okay, you use public nameservers.
Yes. But there is no automatic way to set them up to the DHCP ones, AFAIK.
Laicolasse:~ # tail /etc/resolv.conf | egrep -v "^[[:space:]]*$|^#" search valinor nameserver 127.0.0.1
So the solution for you is to use NETCONFIG_DNS_POLICY="STATIC" which does seem correct, given that you use a static setup.
Yes. Still, I would like the ISP server to be appended. As the config says, it is useful if the local dnsmasq is down. Not important, though: maybe I prefer that if it is down, get a failure. I'll leave it this way. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
How does your dnsmasq config get hold of the upstream nameservers?
It doesn't.
Ah, okay, you use public nameservers.
Yes.
But there is no automatic way to set them up to the DHCP ones, AFAIK.
netconfig writes the dhcp provided nameservers to a file: /run/dnsmasq-forwarders.conf You can refer to that in the dnsmasq config (resolv-file).
So the solution for you is to use NETCONFIG_DNS_POLICY="STATIC" which does seem correct, given that you use a static setup. Yes.
Still, I would like the ISP server to be appended.
See above.
As the config says, it is useful if the local dnsmasq is down.
Or ... drumroll ... restart the local dnsmasq :-) -- Per Jessen, Zürich (8.7°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-04-05 14:40, Per Jessen wrote:
Carlos E. R. wrote:
How does your dnsmasq config get hold of the upstream nameservers?
It doesn't.
Ah, okay, you use public nameservers.
Yes.
But there is no automatic way to set them up to the DHCP ones, AFAIK.
netconfig writes the dhcp provided nameservers to a file:
/run/dnsmasq-forwarders.conf
You can refer to that in the dnsmasq config (resolv-file).
Ah!!!! :-) [...] No... :-( Laicolasse:~ # cat /run/dnsmasq-forwarders.conf ### /run/dnsmasq-forwarders.conf: global dns forwarders ### for use as dnsmasq --resolv-file, autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. # Laicolasse:~ # I found another file: /run/NetworkManager/no-stub-resolv.conf which contains: # Generated by NetworkManager search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250 and /run/NetworkManager/resolv.conf: # Generated by NetworkManager search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250 I guess I can create a script-hook on NM which greps that file and writes a suitable line for dnsmasq.
So the solution for you is to use NETCONFIG_DNS_POLICY="STATIC" which does seem correct, given that you use a static setup. Yes.
Still, I would like the ISP server to be appended.
See above.
No, appended to /etc/resolv.conf. Anyway, see above, the file can not be included in dnsmasq, wrong syntax. It should contain these two lines only: server=80.58.61.254 server=80.58.61.250 but it is empty, just comments that do not apply. Would this be a reportable bug?
As the config says, it is useful if the local dnsmasq is down.
Or ... drumroll ... restart the local dnsmasq :-)
Of course, certainly, I do that. However, if the resolv file is: nameserver 127.0.0.1 nameserver 80.58.61.254 nameserver 80.58.61.250 and dnsmasq goes down, you may not notice. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
Laicolasse:~ # cat /run/dnsmasq-forwarders.conf ### /run/dnsmasq-forwarders.conf: global dns forwarders ### for use as dnsmasq --resolv-file, autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. #
Maybe it is because you are running with STATIC ? Yep, confirmed - I changed to STATIC and ran netconfig update - the file is created, but without nameservers.
I found another file: /run/NetworkManager/no-stub-resolv.conf and /run/NetworkManager/resolv.conf:
Yes, I also have both.
I guess I can create a script-hook on NM which greps that file and writes a suitable line for dnsmasq.
You can probably feed those straight to dnsmasq via "resolv-file=", it ought to ignore anything but "nameserver" lines.
So the solution for you is to use NETCONFIG_DNS_POLICY="STATIC" which does seem correct, given that you use a static setup. Yes.
Still, I would like the ISP server to be appended.
See above.
No, appended to /etc/resolv.conf.
Yes I know, the standard solution is never good enough.
Anyway, see above, the file can not be included in dnsmasq,
It isn't meant to be.
wrong syntax. It should contain these two lines only:
server=80.58.61.254 server=80.58.61.250
but it is empty, just comments that do not apply.
Would this be a reportable bug?
Try describing it here first. I don't see any bug. -- Per Jessen, Zürich (8.8°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-04-05 15:20, Per Jessen wrote:
Carlos E. R. wrote:
Laicolasse:~ # cat /run/dnsmasq-forwarders.conf ### /run/dnsmasq-forwarders.conf: global dns forwarders ### for use as dnsmasq --resolv-file, autogenerated by netconfig! # # Before you change this file manually, consider to define the # static DNS configuration using the following variables in the # /etc/sysconfig/network/config file: # NETCONFIG_DNS_STATIC_SEARCHLIST # NETCONFIG_DNS_STATIC_SERVERS # NETCONFIG_DNS_FORWARDER # or disable DNS configuration updates via netconfig by setting: # NETCONFIG_DNS_POLICY='' # # See also the netconfig(8) manual page and other documentation. #
Maybe it is because you are running with STATIC ? Yep, confirmed - I changed to STATIC and ran netconfig update - the file is created, but without nameservers.
I found another file: /run/NetworkManager/no-stub-resolv.conf and /run/NetworkManager/resolv.conf:
Yes, I also have both.
I guess I can create a script-hook on NM which greps that file and writes a suitable line for dnsmasq.
You can probably feed those straight to dnsmasq via "resolv-file=", it ought to ignore anything but "nameserver" lines.
Let's try.
2023-04-05T15:48:31.303079+02:00 Laicolasse dnsmasq[8703]: using nameserver 208.67.222.222#53 2023-04-05T15:48:31.303131+02:00 Laicolasse dnsmasq[8703]: using nameserver 208.67.222.220#53 2023-04-05T15:48:31.303183+02:00 Laicolasse dnsmasq[8703]: using nameserver 77.109.138.45#53 2023-04-05T15:48:31.303227+02:00 Laicolasse dnsmasq[8703]: using nameserver 77.109.138.29#53 2023-04-05T15:48:31.303279+02:00 Laicolasse dnsmasq[8703]: using nameserver 85.214.20.141#53 2023-04-05T15:48:31.303325+02:00 Laicolasse dnsmasq[8703]: using nameserver 1.1.1.1#53 2023-04-05T15:48:31.303362+02:00 Laicolasse dnsmasq[8703]: using nameserver 1.0.0.1#53 2023-04-05T15:48:31.303396+02:00 Laicolasse dnsmasq[8703]: using nameserver 192.168.1.16#53 for domain scar.opensuse.org
Laicolasse:~ # cat /run/NetworkManager/no-stub-resolv.conf # Generated by NetworkManager search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250
No, it is not taking them.
So the solution for you is to use NETCONFIG_DNS_POLICY="STATIC" which does seem correct, given that you use a static setup. Yes.
Still, I would like the ISP server to be appended.
See above.
No, appended to /etc/resolv.conf.
Yes I know, the standard solution is never good enough.
Anyway, see above, the file can not be included in dnsmasq,
It isn't meant to be.
What do you call then: # Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf #CER resolv-file=/run/NetworkManager/no-stub-resolv.conf
wrong syntax. It should contain these two lines only:
server=80.58.61.254 server=80.58.61.250
but it is empty, just comments that do not apply.
Would this be a reportable bug?
Try describing it here first. I don't see any bug.
Well, the purpose is that by "including" either /run/NetworkManager/no-stub-resolv.conf or /run/dnsmasq-forwarders.conf in /etc/dnsmasq.conf, then dnsmasq uses the ISP DNS servers. It just doesn't work. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
Would this be a reportable bug?
Try describing it here first. I don't see any bug.
Well, the purpose is that by "including" either /run/NetworkManager/no-stub-resolv.conf or /run/dnsmasq-forwarders.conf in /etc/dnsmasq.conf, then dnsmasq uses the ISP DNS servers.
It just doesn't work.
Well, WORKSFORME. On "janeway", my 15.5 test system: - install dnsmasq - amend config with "resolv-file=/home/per/myresolv.conf" Create myresolv.conf: search valinor klop carlos nameserver 1.0.0.1 nameserver 1.1.1.1 aa-complain /usr/sbin/dnsmasq Starting dnsmasq with systemctl does indeed not work: Apr 05 16:26:41 janeway systemd[1]: Starting DNS caching server.... Apr 05 16:26:41 janeway dnsmasq[22951]: dnsmasq: syntax check OK. Apr 05 16:26:41 janeway dnsmasq[22952]: dnsmasq: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: FAILED to start up The error message itself is odd. That is something to investigate, but running it from the command line works fine and produces : 2023-04-05T16:24:18+02:00 janeway dnsmasq[22816]: reading /home/per/myresolv.conf 2023-04-05T16:24:18+02:00 janeway dnsmasq[22816]: using nameserver 1.0.0.1#53 2023-04-05T16:24:18+02:00 janeway dnsmasq[22816]: using nameserver 1.1.1.1#53 I added two more nameservers - 8.8.8.8 and 4.4.4.4 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: reading /home/per/myresolv.conf 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: using nameserver 1.0.0.1#53 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: using nameserver 1.1.1.1#53 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: using nameserver 8.8.8.8#53 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: using nameserver 4.4.4.4#53 -- Per Jessen, Zürich (10.6°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On Wed, Apr 5, 2023 at 5:36 PM Per Jessen <per@jessen.ch> wrote:
On "janeway", my 15.5 test system: ...
Starting dnsmasq with systemctl does indeed not work:
Apr 05 16:26:41 janeway systemd[1]: Starting DNS caching server.... Apr 05 16:26:41 janeway dnsmasq[22951]: dnsmasq: syntax check OK. Apr 05 16:26:41 janeway dnsmasq[22952]: dnsmasq: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: FAILED to start up
The error message itself is odd. That is something to investigate,
Almost sure due to mass service hardening, likely one of service directives blocks access to /home. ProtectHome=true If true, the directories /home/, /root, and /run/user are made inaccessible and empty for processes invoked by this unit.
Andrei Borzenkov wrote:
On Wed, Apr 5, 2023 at 5:36 PM Per Jessen <per@jessen.ch> wrote:
On "janeway", my 15.5 test system: ...
Starting dnsmasq with systemctl does indeed not work:
Apr 05 16:26:41 janeway systemd[1]: Starting DNS caching server.... Apr 05 16:26:41 janeway dnsmasq[22951]: dnsmasq: syntax check OK. Apr 05 16:26:41 janeway dnsmasq[22952]: dnsmasq: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: FAILED to start up
The error message itself is odd. That is something to investigate,
Almost sure due to mass service hardening, likely one of service directives blocks access to /home.
ProtectHome=true
Thanks, I had only just now thought of it myself :-) See previous posting. -- Per Jessen, Zürich (11.0°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
Per Jessen wrote:
Starting dnsmasq with systemctl does indeed not work:
Apr 05 16:26:41 janeway systemd[1]: Starting DNS caching server.... Apr 05 16:26:41 janeway dnsmasq[22951]: dnsmasq: syntax check OK. Apr 05 16:26:41 janeway dnsmasq[22952]: dnsmasq: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: FAILED to start up
The error message itself is odd.
It is the openSUSE hardening effort getting in the way. I added /etc/systemd/system/dnsmasq.service.d/extra.conf : [Service] ProtectHome=read-only -- Per Jessen, Zürich (10.7°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2023-04-05 at 16:36 +0200, Per Jessen wrote:
Carlos E. R. wrote:
Would this be a reportable bug?
Try describing it here first. I don't see any bug.
Well, the purpose is that by "including" either /run/NetworkManager/no-stub-resolv.conf or /run/dnsmasq-forwarders.conf in /etc/dnsmasq.conf, then dnsmasq uses the ISP DNS servers.
It just doesn't work.
Well, WORKSFORME.
On "janeway", my 15.5 test system:
- install dnsmasq - amend config with "resolv-file=/home/per/myresolv.conf"
Create myresolv.conf:
search valinor klop carlos nameserver 1.0.0.1 nameserver 1.1.1.1
aa-complain /usr/sbin/dnsmasq
Starting dnsmasq with systemctl does indeed not work:
Apr 05 16:26:41 janeway systemd[1]: Starting DNS caching server.... Apr 05 16:26:41 janeway dnsmasq[22951]: dnsmasq: syntax check OK. Apr 05 16:26:41 janeway dnsmasq[22952]: dnsmasq: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: directory /home/per/myresolv.conf for resolv-file is missing, cannot poll Apr 05 16:26:41 janeway dnsmasq[22952]: FAILED to start up
The error message itself is odd. That is something to investigate, but running it from the command line works fine and produces :
2023-04-05T16:24:18+02:00 janeway dnsmasq[22816]: reading /home/per/myresolv.conf 2023-04-05T16:24:18+02:00 janeway dnsmasq[22816]: using nameserver 1.0.0.1#53 2023-04-05T16:24:18+02:00 janeway dnsmasq[22816]: using nameserver 1.1.1.1#53
I added two more nameservers - 8.8.8.8 and 4.4.4.4
2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: reading /home/per/myresolv.conf 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: using nameserver 1.0.0.1#53 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: using nameserver 1.1.1.1#53 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: using nameserver 8.8.8.8#53 2023-04-05T16:34:10+02:00 janeway dnsmasq[22965]: using nameserver 4.4.4.4#53
Laicolasse:~ # grep resolv-file /etc/dnsmasq.conf resolv-file=/run/NetworkManager/no-stub-resolv.conf Laicolasse:~ # systemctl restart dnsmasq.service Laicolasse:~ # aa-logprof Updating AppArmor profiles in /etc/apparmor.d. Reading log entries from /var/log/audit/audit.log. Enforce-mode changes: Laicolasse:~ # journalctl -b0 | grep "using nameserver" ... Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 208.67.222.222#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 208.67.222.220#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 77.109.138.45#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 77.109.138.29#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 85.214.20.141#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 1.1.1.1#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 1.0.0.1#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 192.168.1.16#53 for domain scar.opensuse.org Laicolasse:~ # Laicolasse:~ # cat /run/NetworkManager/no-stub-resolv.conf # Generated by NetworkManager search Laicolasse.valinor nameserver 80.58.61.254 nameserver 80.58.61.250 Laicolasse:~ # systemctl status dnsmasq.service ● dnsmasq.service - DNS caching server. Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2023-04-05 20:42:14 CEST; 2min 33s ago Process: 10761 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS) Main PID: 10763 (dnsmasq) Tasks: 1 (limit: 4915) CGroup: /system.slice/dnsmasq.service └─ 10763 /usr/sbin/dnsmasq --log-async --enable-dbus --keep-in-foreground Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 208.67.222.222#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 208.67.222.220#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 77.109.138.45#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 77.109.138.29#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 85.214.20.141#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 1.1.1.1#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 1.0.0.1#53 Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using nameserver 192.168.1.16#53 for domain scar.opensuse.org Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: using only locally-known addresses for valinor Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: read /etc/hosts - 27 addresses Laicolasse:~ # There is no error, but it simply is not importing the servers that are in /run/NetworkManager/no-stub-resolv.conf. If you think that perhaps there are too many servers, the line for "resolv-file=..." happens before the servers defined in the file. I have no idea where to look about that. It just does not work. Ah, just saw why. I have a terminal where I run "journalctl --follow", and there, in bright yellow, is the reason: Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: warning: ignoring resolv-file flag because no-resolv is set Well, now, this is nice. I have: # If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #CER no-resolv Because, obviously, I do not want dnsmasq to read the standard resolf.conf file. Why? Well, because it contains the line refering to 127.0.0.1, which would mean a loop, quering itself for hosts... - -- Cheers, Carlos E. R. (from openSUSE 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZC3EUBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVd0oAn1lI9WqSSjQLfKcb8Ele hyIddViFAKCX1Iwixw0cJdX84B3Wz2P8Zpu2AA== =bUxt -----END PGP SIGNATURE-----
Carlos E. R. wrote:
Ah, just saw why. I have a terminal where I run "journalctl --follow", and there, in bright yellow, is the reason:
Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: warning: ignoring resolv-file flag because no-resolv is set
Well, now, this is nice. I have:
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #CER no-resolv
Because, obviously, I do not want dnsmasq to read the standard resolf.conf file. Why? Well, because it contains the line refering to 127.0.0.1, which would mean a loop, quering itself for hosts...
No it would not. dnsmasq knows quite well not to include itself. Anyway, you got it to work, good stuff. No need for any bug report. -- Per Jessen, Zürich (2.2°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-04-06 07:58, Per Jessen wrote:
Carlos E. R. wrote:
Ah, just saw why. I have a terminal where I run "journalctl --follow", and there, in bright yellow, is the reason:
Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: warning: ignoring resolv-file flag because no-resolv is set
Well, now, this is nice. I have:
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #CER no-resolv
Because, obviously, I do not want dnsmasq to read the standard resolf.conf file. Why? Well, because it contains the line refering to 127.0.0.1, which would mean a loop, quering itself for hosts...
No it would not. dnsmasq knows quite well not to include itself.
I'm not sure of that. Surely some documentation told me to remove it maybe a decade ago. But I'll try. [...] Doesn't work. Apr 06 12:40:22 Laicolasse.valinor dnsmasq[20083]: failed to read /run/NetworkManager/no-stub-resolv.conf: Permission denied There are no lines from apparmour: Laicolasse:~ # aa-logprof Updating AppArmor profiles in /etc/apparmor.d. Reading log entries from /var/log/audit/audit.log. Enforce-mode changes: Laicolasse:~ # However, I blindly add to /etc/apparmor.d/local/usr.sbin.dnsmasq: /run/NetworkManager/no-stub-resolv.conf r, and now it works, finally it is using the servers dhcp provides. Why didn't aa-logprof report the blocking? The DENIED line is there: type=AVC msg=audit(1680777622.544:321): apparmor="DENIED" operation="open" class="file" profile="dnsmasq" name="/run/NetworkManager/no-stub-resolv.conf" pid=20083 c omm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=480 ouid=0
Anyway, you got it to work, good stuff. No need for any bug report.
Well... contrary to docs, it doesn't work out of the box, having it use properly the ISP servers has been difficult. There is room for improvement. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
Carlos E. R. wrote:
On 2023-04-06 07:58, Per Jessen wrote:
Carlos E. R. wrote:
Ah, just saw why. I have a terminal where I run "journalctl --follow", and there, in bright yellow, is the reason:
Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: warning: ignoring resolv-file flag because no-resolv is set
Well, now, this is nice. I have:
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #CER no-resolv
Because, obviously, I do not want dnsmasq to read the standard resolf.conf file. Why? Well, because it contains the line refering to 127.0.0.1, which would mean a loop, quering itself for hosts...
No it would not. dnsmasq knows quite well not to include itself.
I'm not sure of that.
That's okay, I am. Of course there is no need to believe what I say.
Well... contrary to docs, it doesn't work out of the box, having it use properly the ISP servers has been difficult. There is room for improvement.
I guess it depends. IMO it wasn't difficult at all, it took four simple steps (see my WORKSFORME post yesterday). -- Per Jessen, Zürich (10.2°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes
On 2023-04-06 13:23, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-04-06 07:58, Per Jessen wrote:
Carlos E. R. wrote:
Ah, just saw why. I have a terminal where I run "journalctl --follow", and there, in bright yellow, is the reason:
Apr 05 20:42:14 Laicolasse.valinor dnsmasq[10763]: warning: ignoring resolv-file flag because no-resolv is set
Well, now, this is nice. I have:
# If you don't want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers from this file instead (see below), then # uncomment this. #CER no-resolv
Because, obviously, I do not want dnsmasq to read the standard resolf.conf file. Why? Well, because it contains the line refering to 127.0.0.1, which would mean a loop, quering itself for hosts...
No it would not. dnsmasq knows quite well not to include itself.
I'm not sure of that.
That's okay, I am. Of course there is no need to believe what I say.
Oh, it is working here alright. Didn't I say that?
Well... contrary to docs, it doesn't work out of the box, having it use properly the ISP servers has been difficult. There is room for improvement.
I guess it depends. IMO it wasn't difficult at all, it took four simple steps (see my WORKSFORME post yesterday).
Yeah, after me posting everything that did not work. I took the grunt work. I did a lot of grunting and bitching. :-P -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On Wed, Apr 5, 2023 at 4:02 PM Carlos E. R. <robin.listas@telefonica.net> wrote: ...
No, appended to /etc/resolv.conf. Anyway, see above, the file can not be included in dnsmasq, wrong syntax. It should contain these two lines only:
server=80.58.61.254 server=80.58.61.250
Really?
Laicolasse:~ # cat /run/dnsmasq-forwarders.conf ### /run/dnsmasq-forwarders.conf: global dns forwarders ### for use as dnsmasq --resolv-file, autogenerated by netconfig!
From the dnsmasq manual. --resolv-file=<file> Read the IP addresses of the upstream nameservers from <file>, instead of /etc/resolv.conf. For the format of this file see resolv.conf(5).
but it is empty, just comments that do not apply.
Which again is nothing more than pointless whining without the exact configuration used at the moment this file was generated.
Would this be a reportable bug?
No.
participants (5)
-
Andrei Borzenkov -
Bob Rogers -
Carlos E. R. -
kschneider bout-tyme.net -
Per Jessen