Develop Reference

nameservers update differently with openconnect and openconnect-gnome in ubuntu 18.04

This seems to be a new issue with network-manager-openconect-gnome in Ubuntu 18.04+
I install sudo apt install network-manager-openconnect-gnome to get gnome integration with opeconnect and Cisco AnyConnect Compatible VPN (openconnect)
As an aside (which may actually be relevant) I do this to get *.local addresses to resolve:
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf as per systemd docs
Move dns before mdns4_minimal in /etc/nsswitch.conf
If I connect to the VPN with openconnect through the gnome network manager, VPN addresses (sites for work) do not resolve. Regular sites continue to work as expected.
If I connect to the VPN with openconnect on the command line with sudo openconnect vpn.mycompany.com, VPN addresses (sites for work) do resolve. Regular sites continue to work as expected.
I thought I would check to see if there were any differences between /etc/resolv.conf with each of these VPN connection methods and sure enough, there is one:
openconnect on the command line (working):
##VPNC_GENERATED# -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 10.10.10.10
nameserver 10.10.10.11
search broadband mycompany.com
openconnect gnome integration (not working):
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 192.168.1.1
nameserver 10.10.10.10
nameserver 10.10.10.11
search broadband mycompany.com
If I remove (or comment out) the nameserver 192.168.1.1, which is the difference in content between the working and not working files... everything works as expected. I can resolve addresses within the company and regular sites work as expected.
This does not happen with Fedora. Everything works out of the box. I'm not sure why the network-manager-openconnect-gnome package works differently or if there's a way I can make it work without either
Editing the file by hand.
Using the openconnect tool from the command line and keeping a terminal open running that command.

Docker build command fails to resolve domains

I set up a Debian 10 server to host my containers running on Docker version 19.03.2.
It currently hosts 3 DNS containers (pi-hole => bind9 => dnscrypt-proxy) which means my Debian 10 server acts as a DNS server for my LAN.
I want to add a new container. However, I can't build it because it fails when it comes to RUN apt-get update. I checked the content of the /etc/resolv.conf of the container, and the content seems right (nameserver 1.1.1.1 and nameserver 9.9.9.9, that matches with what I wrote in /etc/docker/daemon.json).
If I'm correct, the build step uses - by default - the DNS of the host, except if you specify DNS servers in /etc/default/docker or /etc/docker/daemon.json.
If the DNS servers in /etc/resolv.conf seem correct, and if the container has an Internet access (I tried a RUN ping 8.8.8.8 -c1 and it works), the build should succeed ?
I tried several things, like overwriting the content of /etc/resolv.conf with other DNS, I also rebooted the server, restarted Docker, pruned downloaded images, used the --no-cache option... I also reinstalled Docker. Nothing seems to work.
It must be somehow related to my DNS containers I guess.
Below is the content of the /etc/resolv.conf of the host (the first one is itself, as it redirects to Pi-hole).
Have you any lead to solve this issue ?
I can provide the docker-compose file of my DNS containers and the Dockerfile of my new container if you need them.
Thanking you in advance,

I have found this fix :
RUN chmod o+r /etc/resolv.conf && apt-get [....]
It works when I change the permissions.
I do not really understand why it behaves like this, if you have any lead I would be glad to know more !

Ubuntu 18.04 Server - how to check DNS IP server setting being used [closed]

Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 months ago.
The community reviewed whether to reopen this question 6 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
Working with Ubuntu 18.04 Server LTS. I am trying to find a way to check the DNS IP(s) that is actually being used when set via DHCP. The resolv.conf only will point to 127.0.0.53 now. /etc/systemd/network folder is empty. The NSLOOKUP output also always references the internal 127.0.0.53 IP. Seems all the old tricks aren't working.
The Ubuntu documentation is not updated yet as it still looks like the help for 16.04 referencing eth0, ifup and ifdown which are all deprecated on 18: https://help.ubuntu.com/lts/serverguide/network-configuration.html
I've tried setting a static adapter setup with Netplan via a custom .yaml. The settings work fine but I can't seem to find the DNS IP that I set anywhere. I expect it will be consistent between DHCP and static settings but I'm not sure where to look now.
I would settle for either a C library call or a bash CLI method at this point. Does anyone have a way to check this on 18.04 Server?

I found the following showed my the DNS servers by adapter towards the end of the output:
systemd-resolve --status
It contains a list under 'DNS Servers' organized by Link. I think this has changed from previous versions with Ubuntu. It will take a little text parsing work but this gives me what I'm after.

Another way is:
cat /run/systemd/resolve/resolv.conf
That file is dynamically generated by systemd-resolved, but contains the actual DNS servers instead of 127.0.0.53.
In fact, if you want make that the default for /etc/resolv.conf, you simply create symlink for it. (/etc/resolv.conf is a symlink that points to /run/systemd/resolve/stub-resolv.conf by default):
sudo mv /etc/resolv.conf /etc/resolv.conf.orig
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
Sample /run/systemd/resolve/resolv.conf :
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 10.1.2.3
search host.domain.com
For more info:
http://manpages.ubuntu.com/manpages/bionic/man8/systemd-resolved.service.8.html

You can also use:
nmcli dev show eth0
Replace eth0 with your network interface to see how it was configured. If you got the DNS address over DHCP, you should see it here.

I'm running ubuntu 22.04.
sudo nmcli dev show <interface> didn't have any dns listings, but sudo resolvectl status <interface> showed me the current dns server.

I am suprised at this too. I am running Ubuntu 16.04 LTS and see something similar.
If you issue a
dig www.google.ca +trace | grep 'Received'
The first host in the response is the one doing the lookups for your server.
$ dig www.google.ca +trace | grep 'Received'
;; Received 525 bytes from 127.0.1.1#53(127.0.1.1) in 19 ms
;; Received 42 bytes from 199.7.91.13#53(d.root-servers.net) in 32 ms
This means that this box is doing it's own dns lookups directly to the root servers and following the path recursively to get my dns lookups.
Found the issue is that dnsmasq is enabled. To disable it do as follows.
edit the NetworkManager.conf file
sudo gedit /etc/NetworkManager/NetworkManager.conf
comment out the dnsmasq line
#dns=dnsmasq
restart the network-manager service
sudo /etc/init.d/network-manager restart
then verify that it is using the dns-server assigned via dhcp
$ dig www.google.ca +trace | grep 'Received'
;; Received 525 bytes from 192.168.30.1#53(192.168.30.1) in 18 ms
;; Received 42 bytes from 198.41.0.4#53(a.root-servers.net) in 32 ms

Setting up a local.host alias for localhost on windows

I'm trying to setup everyauth for my node app. Although I've reached a step that I have no idea how to accomplish.
It's asking to setup local.host as an alias for localhost, but it references some linux folders, I'm using windows.
Here's the exact instructions I'm stumped on.
Important - Some OAuth Providers do not allow callbacks to localhost, so you will need to create a localhost alias called local.host. Make sure you set up your /etc/hosts so that 127.0.0.1 is also associated with 'local.host'. So inside your /etc/hosts file, one of the lines will look like: '127.0.0.1 localhost local.host'
(source here)
How do you accomplish this on windows?

This can be done by editing you hosts file. Open notepad++ (or notepad) as admin. Then hit open, and select C:\Windows\System32\drivers\etc\hosts. You will see:
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# ...
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
And add this line at the end:
127.0.0.1 local.host
Save and you're done

Regarding the answer (Add the entry to your HOSTS file)
This does not work entirely on Windows 10, Windows Server 2019. You CAN PING the new alias (ping local.host), but it you try to use it in windows explorer (\local.host), you get a login prompt that will always fail. Check the EVENT viewer and you will see:
Audit Failure ... A privileged service was called. . . .
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Service Request Information: Privileges: SeTcbPrivilege
I've found no way around this.
So the answer is technically correct, but may not work in all cases.

DHCP overwrites Cisco VPN resolv.conf on Linux

I'm using an Ubuntu 8.04 (x86_64) machine to connect to my employer's Cisco VPN. (The client didn't compile out of the box, but I found patches to update the client to compile on kernels released in the last two years.) This all works great, until my DHCP client decides to renew its lease and updates /etc/resolv.conf, replacing the VPN-specific name servers with my general network servers.
Is there a good way to prevent my DHCP client from updating /etc/resolv.conf while my VPN is active?

If you are running without NetworkManager handling the connections, use the resolvconf package to act as an intermediary to programs tweaking /etc/resolv.conf: sudo apt-get install resolvconf
If you are using NetworkManager it will handle this for you, so get rid of the resolvconf package: sudo apt-get remove resolvconf
I found out about this when setting up vpnc on Ubuntu last week. A search for vpn resolv.conf on ubuntuforums.org has 250 results, many of which are very related!

If you are using the Ubuntu default with NetworkManager, try removing the CiscoVPN client and use the NetworkManager vpnc plugin to connect to the Cisco VPN. This should avoid all problems, since NetworkManager then knows about your VPN connection.

I would advice following the advice from #Sean, but if that fails for whatever reason, it should be possible to configure dhclient to not request DNS servers in /etc/dhcp3/dhclient.conf

chattr +i /etc/resolv.conf should work. ( -i to undo )
But the better thing is to configure your dhclient.conf:
https://calomel.org/dhclient.html
Look at superceding domain-name-servers, and domain-name.
Also look at "send hostname;"
If it works at your work place, you will have a cool hostname for your PC and not some weird name that DHCP servers assign.

vpnc seems to be doing the right thing for my employer's cisco concentrator. I jump on and off the vpn, and it seems to update everything smoothly.

The DHCPclient daemon can be told not to update resolv.conf with a command line switch. (-r I think, depending on the client)
That's less dynamic, because you'd have to restart/reconfigure DHCP when you connect, but not too hard. Similarly, you could just stop the service, but you might lose your IP in the meantime, so I wouldn't really recommend that.
Alternatively, you could run the dhcpclient from within a cron job, adding the appropriate process checks.

This problem is much more noticeable on networks with low DHCP lease ages. There is a bug filed in Ubuntu's dhcp3 package launchpad:
https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/90681
Which includes this patch in the description:
--- /sbin/dhclient-script.orig 2007-03-08 19:19:56.000000000 +0000
+++ /sbin/dhclient-script 2007-03-08 19:19:46.000000000 +0000
## -13,6 +13,10 ##
# The alias handling in here probably still sucks. -mdz
make_resolv_conf() {
+ # don't overwrite resolv.conf at RENEW time, since a VPN/PPTP tunnel may
+ # have updated it with remote DNS servers
+ [ "$reason" = "RENEW" ] && return
+
if [ -n "$new_domain_name" -o -n "$new_domain_name_servers" ]; then
# Find out whether we are going to mount / rw
exec 9>&0 </etc/fstab
This change to /sbin/dhcp-script stops DHCP client from overwriting /etc/resolv.conf when it renews its lease.