I have a archlinux installation on an Virtual Box which I use NetworkManager to handle my connection.
After I try to switch from using NetworkManager for dns too 'unbound' I don't seem to get them to run together. I follow the guide for unbound on https://wiki.archlinux.org/index.php/unbound
My /etc/unbound/unbound.conf looks like:
include: "/etc/unbound/resolvconf.conf"
server:
use-syslog: yes
do-daemonize: no
username: "unbound"
directory: "/etc/unbound"
trust-anchor-file: trusted-key.key
private-domain: "intranet"
private-domain: "internal"
private-domain: "private"
private-domain: "corp"
private-domain: "home"
private-domain: "lan"
unblock-lan-zones: yes
insecure-lan-zones: yes
domain-insecure: "intranet"
domain-insecure: "internal"
domain-insecure: "private"
domain-insecure: "corp"
domain-insecure: "home"
domain-insecure: "lan"
root-hints: root.hints
And my /etc/resolvconf.conf looks like:
# Configuration for resolvconf(8)
# See resolvconf.conf(5) for details
resolv_conf=/etc/resolv.conf:
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
name_servers="::1 127.0.0.1"
private_interfaces="*"
# Write out unbound configuration file
unbound_conf=/etc/unbound/resolvconf.conf
And after generating new resolv.conf with resolvconf -u the /etc/resolv.conf looked like:
# Generated by resolvconf
nameserver ::1
nameserver 127.0.0.1
After a check with systemctl status unbound it says that unbound is active and running.
After rebooting NetworkManager was still generating a resolv.conf and resetting the one from resolvconf -u command. So after some searching around I found that I should set dns=unbound in /etc/NetworkManager/NetworkManager.conf which from the beginning only had to out commented lines in the top and I have added the [main] and dns=unbound fields:
# Configuration file for NetworkManager.
# See "man 5 NetworkManager.conf" for details.
[main]
dns=unbound
And now after reboot /etc/resolv.conf dont get reset by networkmanager but I don't have any internet connection and systemctl status NetworkManager
says it failed to start:
NetworkManager.service: Main process exited, code=exited, status=1/FAILURE
NetworkManager.service: Failed with result 'exit-code'.
Failed to start Network Manager.
NetworkManager.service: Service RestartSec=100ms expired, scheduling restart.
I don't really understand where the problem is and from what I understand it should be fairly straight forward using 'unbound' as dns with NetworkManager.
I seemed to have solved this by not setting networkmanager.conf to
[main]
dns=unbound
but instead setting it to:
[main]
dns=none
Now after reboot the resolv.conf dont get reset by networkmanager and i also have internet connection.
Related
Bug?
Host Operating System Version
CentOS8
Target Operating System Version
rhcos-4.9.0-x86_64 (VM)
Environment
This is simple architecture of mine, I tried to install coreos on vm(10.10.12.20) and that vm look at the server(dnsmasq) as nameserver.
I used coreos-installer with ignition file to set up RedHat CoreOS.
Dnsmasq
dnsmasq.conf
interface=enp1s0
address=/.apps.blue.garagekr.com/10.10.12.12 #loadbalance
host-record=bastion.blue.garagekr.com,10.10.12.12
dhcp-option=3,10.10.12.1 # Gateway
dhcp-option=6,10.10.12.12 # Nameserver
dhcp-range=10.10.12.0,static
dhcp-authoritative
host-record=master2.blue.garagekr.com,10.10.12.20
#reverse
ptr-record=20.12.10.10.in-addr.arpa.,master2.blue.garagekr.com
...
CoreOS
In CoreOS Installation Step, I set up network using nmtui (only setting ip, nameserver, gateway) and used this command:
sudo coreos-installer install --copy-network --ignition-url=http://10.10.12.12:8080/bootstrap.ign --insecure-ignition /dev/sda
Problem
CoreOS installation ended up without any issues, But the problem is DNS search.
I didn't write down any configuration of dns search.
where dns search domain came from??
oddly, NetworkManager of CoreOS doesn't have dns search option in keyfile(/etc/NetworkManager/system-connections) .
[root#master2 /]# NetworkManager --print-config
# NetworkManager configuration: /etc/NetworkManager/NetworkManager.conf (lib: 10-disable-default-plugins.conf, 20-client-id-from-mac.conf) (etc: 20-keyfiles.conf, sdn.conf)
[main]
# rc-manager=symlink
# auth-polkit=true
# dhcp=internal
plugins=keyfile,ifcfg-rh
[keyfile]
path=/etc/NetworkManager/system-connections
[logging]
# backend=journal
# audit=false
[device]
match-device=interface-name:br-int;interface-name:br-local;interface-name:br-nexthop,interface-name:ovn-k8s-*,interface-name:k8s-*;interface-name:tun0;interface-name:br0;driver:veth
managed=0
[connection]
ipv4.dhcp-client-id=mac
# no-auto-default file "/var/lib/NetworkManager/no-auto-default.state"
[root#master2 /]# ls /etc/NetworkManager/system-connections/
'Wired connection 1.nmconnection'
[root#master2 /]# cat /etc/NetworkManager/system-connections/Wired\ connection\ 1.nmconnection
[connection]
id=Wired connection 1
uuid=4eace183-cd66-3e30-9391-06813f952009
type=ethernet
autoconnect-priority=-999
interface-name=enp1s0
permissions=
timestamp=1655879214
[ethernet]
mac-address-blacklist=
[ipv4]
address1=10.10.12.20/24,10.10.12.1
dns=10.10.12.12;
dns-search=
method=manual
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
[proxy]
dns-search is empty!!
But the /etc/resolv.conf is like this:
[root#master2 /]# cat /etc/resolv.conf
# Generated by NetworkManager
search blue.garagekr.com
nameserver 10.10.12.12
Question is:
Where does NetworkManager get dns-search domain? (from Ignition?)
Is there any way to remove dns-search? (In the coreos installation step)
Thanks!
nmcli connection modify Network_InterfaceName ipv4.dns-search (searchDomainname- for multiple entry you can use comma)
This seems to be a new issue with network-manager-openconect-gnome in Ubuntu 18.04+
I install sudo apt install network-manager-openconnect-gnome to get gnome integration with opeconnect and Cisco AnyConnect Compatible VPN (openconnect)
As an aside (which may actually be relevant) I do this to get *.local addresses to resolve:
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf as per systemd docs
Move dns before mdns4_minimal in /etc/nsswitch.conf
If I connect to the VPN with openconnect through the gnome network manager, VPN addresses (sites for work) do not resolve. Regular sites continue to work as expected.
If I connect to the VPN with openconnect on the command line with sudo openconnect vpn.mycompany.com, VPN addresses (sites for work) do resolve. Regular sites continue to work as expected.
I thought I would check to see if there were any differences between /etc/resolv.conf with each of these VPN connection methods and sure enough, there is one:
openconnect on the command line (working):
##VPNC_GENERATED# -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 10.10.10.10
nameserver 10.10.10.11
search broadband mycompany.com
openconnect gnome integration (not working):
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 192.168.1.1
nameserver 10.10.10.10
nameserver 10.10.10.11
search broadband mycompany.com
If I remove (or comment out) the nameserver 192.168.1.1, which is the difference in content between the working and not working files... everything works as expected. I can resolve addresses within the company and regular sites work as expected.
This does not happen with Fedora. Everything works out of the box. I'm not sure why the network-manager-openconnect-gnome package works differently or if there's a way I can make it work without either
Editing the file by hand.
Using the openconnect tool from the command line and keeping a terminal open running that command.
I am working on an embedded Linux device with 3 different Linux partitions. The end use selects which partition to boot from. The root file system is read-only. There is a 4th partition that is mounted read-write. I need all instances of Linux to resister the same name with the DNS server (I.E. use the same host name). The host name is not known when the file system is created and is assigned later due to the fact that each device needs a unique host name. What I have done is create a file on the read-write partition that will get over written at a later date. Then I changed /etc/hostname to be a symlink to that file. I know that the file cannot be read until the read-write partition has been mounted and I believe that is my issue. If I set the /etc/hostname to a normal file then whatever is specified in that file works fine. Changing /etc/hosts does not seem do to anything.
The desired result is to control the name registered with the DNS server when the WiFi connects. The only way I have found to control this is through the host name. The /etc/hosts file does not seem to affect it. If the host name file is unreadable or not set then Linux defaults it to "localhost" and does not register anything useful with the DNS.
The WiFi is enabled through rfkill by an application that is run after boot. Running something in a script before the WiFi is enabled is a possible solution. I have not been able to successfully change what is registered with the DNS by changing the hostname on the command line before the WiFi is enabled. I can get the hostname changed but what is registered with DNS does not change.
Info:
The Linux Kernel is 3.14.60 and is a yocto based build.
systemd manages services on boot.
Current /etc/hosts
127.0.0.1 ABC123.localdomain ABC123
Current /etc/hostname
SerialNumberGoesHere
Here are all the ways to see the host name after boot:
>hostname
localhost
>hostnamectl status
Static hostname: SerialNumberGoesHere
Transient hostname: localhost
Icon name: computer
Machine ID: 4cdac8e5dce348d2bfc133dd393f6172
Boot ID: 9b8c9da934e748fc86606c4a24f57f9e
Operating System: Linux
Kernel: Linux 3.14.60+g02d9429
Architecture: arm
>uname -n
localhost
>echo /proc/sys/kernel/hostname
localhost
>sysctl kernel.hostname
kernel.hostname = localhost
As you can see "hostnamectl status" picks up the correct Static hostname, but the kernel did not.
On the Device
>nslookup 192.168.12.238
Server: 192.168.12.6
Address 1: 192.168.12.6 dc1.hq.com
Name: 192.168.12.238
Address 1: 192.168.12.238 linux.local
On another Computer (Ping 192.168.12.238 works)
>nslookup 192.168.12.238
Server: 127.0.1.1
Address: 127.0.1.1#53
** server can't find 238.12.168.192.in-addr.arpa: NXDOMAIN
If I change the hostname symlink to a real file this is the desired result:
>hostname
SerialNumberGoesHere
>hostnamectl status
Static hostname: SerialNumberGoesHere
Icon name: computer
Machine ID: 4cdac8e5dce348d2bfc133dd393f6172
Boot ID: ed760b42b7ae414881bc2d9352a8bb82
Operating System: ARANZ Sugar-Free Silhouette Star M2 (fido)
Kernel: Linux 3.14.60+g02d9429
Architecture: arm
>uname -n
SerialNumberGoesHere
>echo /proc/sys/kernel/hostname
SerialNumberGoesHere
>sysctl kernel.hostname
kernel.hostname = SerialNumberGoesHere
On the Device
> nslookup 192.168.12.238
Server: 192.168.12.7
Address 1: 192.168.12.7 dc1.hq.com
Name: 192.168.12.238
Address 1: 192.168.12.238 serialnumbergoeshere.hq.com
On another Computer
> nslookup 192.168.12.238
Server: 127.0.1.1
Address: 127.0.1.1#53
238.12.168.192.in-addr.arpa name = serialnumbergoeshere.hq.com.
Update Jan 10, 2017
I found the Answer. You must restart the network service after the hostname command.
systemctl restart systemd-networkd.service
I was looking for a similar functionality.
My first thought was also to symlink /etc/hostname to a file on another partition, and make sure the partition is mounted before following boot message appears: systemd[1]: Set hostname to <myhostname>.
However, after digger a bit deeper it doesn't come that simple. From what I found elsewhere:
I would have expected that initramfs packs your /etc/hostname with actual hostname, perhaps you need to regenerate initramfs?
systemd is started early in initramfs where it sets hostname from initramfs, but after switching root to actual system it reexecutes and sets hostname again, therefore you should end up with proper hostname anyway
So I ended up with the solution Daniel Schepler provided.
Here the systemd service:
[Unit]
Description=Update hostname to what we want
Before=systemd-networkd.target
After=mountdata.service
RequiresMountsFor=/usr
DefaultDependencies=no
[Service]
Type=simple
ExecStart=/usr/bin/mycustomhostnamescript.sh
[Install]
WantedBy=multi-user.target
The script:
...
hostn=$(cat "$FILE_SERIAL")
echo "setting hostname=$hostn"
echo "$hostn" > /etc/hostname
hostname "$hostn"
...
Its important that you don't use hostnamectl within the script as it will fail due to its dependencies not being loaded yet!
The solution works without needing to restart the networking service since it wasn't started yet. It also works with rebooting only once.
You must restart the network service after the hostname command.
systemctl restart systemd-networkd.service
– schustercp
For mender I was able to use
[Unit]
Description=Update hostname to what we want
Before=systemd-networkd.target
After=mountdata.service
RequiresMountsFor=/data
DefaultDependencies=no
[Service]
Type=simple
ExecStart=/usr/bin/hostname -F /etc/hostname
[Install]
WantedBy=multi-user.target
I changed the RequiresMountFor to be my data partition that contains the text file for the hostname.
In a linux system, I suppose you can configure hostname to IP address mapping in /etc/hosts, but I guess if you change the mapping for a particular hostname, you would have to restart for the change to take effect.
Is there a way to dynamically (without restarting) change the mapping of a hostname to a different IP address?
In linux, administrators can specify the order of the source that an application will ask domain name information.
This file is
/etc/nsswitch.conf
and the default setting for dns is:
hosts: files dns
so yes you can add your sites in /etc/hosts and your application will follow that order. You dont need to restart and yes you can do it dynamically.
For more info type:
man nsswitch.conf
although there is a way for your application to bypass this feature. And that is when the application can "ask for dns" through a remote point or if the application havent built to use the operating system gethostbyname/gethostbyaddr system calls.
You just need to change the IP address in the /etc/hosts. Most of the time this change will propagate into the NS cache automatically. However, sometimes you just need to flush the name-server cache on your system. Depending on what you've got running the actual steps may vary. I'll list a few popular ones:
NSCD
$ sudo /etc/init.d/nscd restart
OR
$ sudo service nscd restart
OR
$ sudo systemctl restart nscd
dnsmasq
$ sudo /etc/init.d/dnsmasq restart
OR
$ sudo service dnsmasq restart
OR
$ sudo systemctl restart dnsmasq
BIND server dns cache
unrelated to OP question but in case someone ends up here
$ sudo rndc restart
OR
$ sudo rndc flushname foo.local
Where foo.local is the particular hostname you wish to r
varnishlog is returning:
_.vsm: No such file or directory
Has anyone else seen this before?
It looks like varnishlog is not pointing to the correct directory, or has not access to it.
Please check the command line options of varnishd. If the deamon run with -n <instancename> argument, you have to add it to varnishlog as well.
The second thing, is to see the permissions of varnish directory.
In order to see the current directory used, you must log into root and run the command below :
$ lsof -p <PID of varnishd> | grep vsm
Once revealed, you just had to be sure the full path has read permission for your user.
In Varnish 4.1 the root cause can be due to incorrect rights for reading _.vsm file. For example:
# service varnishncsa start
* Starting HTTP accelerator log deamon [fail]
Can't open log - retrying for 5 seconds
Can't open VSM file (Cannot open /var/lib/varnish/dev-me/_.vsm: Permission denied
Varnishncsa works from varnishlog user. But /var/lib/varnish/dev-me/_.vsm can be readable from varnish group or root user only:
# ls -l /var/lib/varnish/dev-me/_.vsm
-rw-r----- 1 root varnish 84934656 Apr 15 05:58 /var/lib/varnish/dev-me/_.vsm
So you can fix this problem in the following way:
# usermod -a -G varnish varnishlog
# id varnishlog
uid=110(varnishlog) gid=116(varnishlog) groups=116(varnishlog),115(varnish)
And now you can start varnishncsa.
In our case the hostname of the server was changed.
If you do not specify an instance name, varnish uses the hostname. It was looking for a directory holding the shared memory logging configuration with the new hostname, but the instance was still running from the directory with the old hostname.
Restarting varnish solved the problem.
I just had the same error message while trying to issue varnishadm commands. Turned out that I renamed my machine without stopping varnish. There was some directory in /var/varnish/ corresponding to the machine name that varnish needed access to. "sudo service varnish restart" fixed this for me.