I keep seeing signs that "network" will someday disappear entirely and I'll be forced to use NetworkManager, so the first question I haven't been able to find an answer for:
What is the "proper" way to setup a network connection using nmcli which will get an IP via DHCP, but will ignore the DHCP provided DNS and use a different DNS server specified manually? (I can do it using techniques like chattr +i on /etc/resolv.conf, but that isn't exactly "proper" :-).
On Sun, 16 Feb 2020 14:36:42 -0500 Tom Horsley horsley1953@gmail.com wrote:
I keep seeing signs that "network" will someday disappear entirely and I'll be forced to use NetworkManager, so the first question I haven't been able to find an answer for:
What is the "proper" way to setup a network connection using nmcli which will get an IP via DHCP, but will ignore the DHCP provided DNS and use a different DNS server specified manually? (I can do it using techniques like chattr +i on /etc/resolv.conf, but that isn't exactly "proper" :-).
I'm not sure how to do it with nmcli, but I did it via the network icon on the desktop, with some edits of configuration files in order to use knot-resolver as a caching dns server with a dns provider other than my ISP. It really improves the speed of page loading on sites that I visit often. Here are my procedure notes. I don't remember the procedure because it was months ago, so there might be something missing that I fixed and didn't add to the notes. Bad dog! Bad, bad, dog! You should be able to put all those steps in a script that runs at startup.
""" I was able to get knot-resolver to act as caching dns server with the modem serving as its source.
For the connection, I set the dns lookup to 127.0.0.1 and told NetworkManager to only get the dhcp address, no dns address. In the connection icon in the gui.
I told NetworkManager in its configuration file, /etc/NetworkManager/conf.d/config to disable dns management, to turn off resolver, to not touch /etc/hosts.
I edited the /etc/hosts file, commented everything already there and left only the line with 127.0.0.1.
I edited the knot-resolver configuration file, and added the procedures entry to the tables. I turned off the dnssec lookup. I then used a stub entry to tell it to only do lookups.
I have to do a systemctl restart kresd@01 after each reboot to get the dns lookups working, but it saves the current table on shutdown, and restores it on boot. So, it is working properly. """
I would like to know the answer to this also, but probably for a different reason.
AT&T U-verse customers are forced to use the DNS service in their residential gateway, which would be fine for IPTV and VOIP sessions. However, if I want to install a Raspberry Pi device running Pi-Hole as my primary DNS service, I need to know how to sidestep the U-verse DHCP's primary DNS designation.
--Doc Savage Fairview Heights, IL
On Sun, 2020-02-16 at 14:36 -0500, Tom Horsley wrote:
I keep seeing signs that "network" will someday disappear entirely and I'll be forced to use NetworkManager, so the first question I haven't been able to find an answer for:
What is the "proper" way to setup a network connection using nmcli which will get an IP via DHCP, but will ignore the DHCP provided DNS and use a different DNS server specified manually? (I can do it using techniques like chattr +i on /etc/resolv.conf, but that isn't exactly "proper" :-). _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
On 2020-02-17 03:36, Tom Horsley wrote:
I keep seeing signs that "network" will someday disappear entirely and I'll be forced to use NetworkManager, so the first question I haven't been able to find an answer for:
What is the "proper" way to setup a network connection using nmcli which will get an IP via DHCP, but will ignore the DHCP provided DNS and use a different DNS server specified manually? (I can do it using techniques like chattr +i on /etc/resolv.conf, but that isn't exactly "proper" :-).
A google search sent me here. https://www.certdepot.net/rhel7-configure-ipv4-addresses/
With the advice...
You can’t remove a DNS server provided through DHCP with the previous command (with the -ipv4.dns option for example), you will get this error message: “Error: failed to remove a value from ipv4.dns: the property doesn’t contain DNS server ‘192.168.1.1’.”. If you want to set your own DNS configuration in this context, type:
# nmcli con mod net-eth0 ipv4.ignore-auto-dns yes
Note: You get the same result by specifying PEERDNS=no in the network configuration files.
On Sun, 2020-02-16 at 14:43 -0700, Joe Zeff wrote:
On 02/16/2020 02:39 PM, Robert G (Doc) Savage via users wrote:
AT&T U-verse customers are forced to use the DNS service in their residential gateway, which would be fine for IPTV and VOIP sessions.
How? Does the router block outgoing DNS requests?
U-verse does not allow the user to change the Primary DNS address on the residential gateway's DHCP configuration page. It is hard-coded to 192.168.1.254, which is the gateway itself. I want to change that to 192.168.1.1 which is the static IP address for my Pi-Hole appliance. If I could, the Pi-Hole would become a stealthy and very effective whole- home ad blocker.
There is no technical reason for AT&T to lock this down. I might understand this for the VOIP and IPTV segments of the gateway. Those probably have very complex and proprietary DHCP configurations. But for the Internet data segment, not allowing the user to redirect the Primary DNS spec is not justifiable. I may be able to use a Ubiquity EdgeX router to set up a user space downstream from the residential gateway using a totally different address space from the default 192,168.1.0/24, but I'm running into a WiFi conflict between the gateway and the EdgeX router I haven't yet been able to resolve.
--Doc Savage Fairview Heights, IL
On 02/16/2020 06:55 PM, Robert G (Doc) Savage via users wrote:
U-verse does not allow the user to change the Primary DNS address on the residential gateway's DHCP configuration page. It is hard-coded to 192.168.1.254, which is the gateway itself. I want to change that to 192.168.1.1 which is the static IP address for my Pi-Hole appliance. If I could, the Pi-Hole would become a stealthy and very effective whole-home ad blocker.
NetworkManager allows you to set it to get your IP address by DHCP, but set your DNS manually. Have you tried that?
On Sun, 2020-02-16 at 19:22 -0700, Joe Zeff wrote:
On 02/16/2020 06:55 PM, Robert G (Doc) Savage via users wrote:
U-verse does not allow the user to change the Primary DNS address on the residential gateway's DHCP configuration page. It is hard-coded to 192.168.1.254, which is the gateway itself. I want to change that to 192.168.1.1 which is the static IP address for my Pi-Hole appliance. If I could, the Pi-Hole would become a stealthy and very effective whole-home ad blocker.
NetworkManager allows you to set it to get your IP address by DHCP, but set your DNS manually. Have you tried that?
Joe,
That works fine for a single machine. What I'm trying to alter is the whole home DHCP configuration's Primary DNS address so that all clients point to the Pi-Hole. If I can resolve the WiFi conflict, that's simple to do in the EdgeX router's DHCP service configuration. Unfortunately I'm not there yet.
--Doc Savage Fairview Heights, IL
On Sun, 2020-02-16 at 19:55 -0600, Robert G (Doc) Savage via users wrote:
There is no technical reason for AT&T to lock this down. I might understand this for the VOIP and IPTV segments of the gateway. Those probably have very complex and proprietary DHCP configurations. But for the Internet data segment, not allowing the user to redirect the Primary DNS spec is not justifiable. I may be able to use a Ubiquity EdgeX router to set up a user space downstream from the residential gateway using a totally different address space from the default 192,168.1.0/24, but I'm running into a WiFi conflict between the gateway and the EdgeX router I haven't yet been able to resolve.
If you want to go down the route of setting up another router and WiFi network, you don't have to care about the ISP's WiFi. Just set up your own network and ignore theirs. Use a different channel, a different SSID, just treat theirs as if it were a neighbour's.
On Sun, Feb 16, 2020 at 8:37 PM Tom Horsley horsley1953@gmail.com wrote:
I keep seeing signs that "network" will someday disappear entirely and I'll be forced to use NetworkManager, so the first question I haven't been able to find an answer for:
What is the "proper" way to setup a network connection using nmcli which will get an IP via DHCP, but will ignore the DHCP provided DNS and use a different DNS server specified manually? (I can do it using techniques like chattr +i on /etc/resolv.conf, but that isn't exactly "proper" :-).
I have no idea how to use nmcli, but I connect my laptop to my phone hotspot with dhcp and unbound.
I have
[main] dns=default rc-manager=symlink ...
in "/etc/NetworkManager/NetworkManager.conf"
and
[ipv4] dns=127.0.0.1 ...
in "/etc/NetworkManager/system-connections/android.nmconnection"
On Sun, 16 Feb 2020 17:53:59 -0500 Tom Horsley wrote:
# nmcli con mod net-eth0 ipv4.ignore-auto-dns yes
Sounds like what I want, I've just resurrected an old system and installed f31 so I can try experimenting with network manager. I'll see how it goes. Thanks.
I've been experimenting, and the ignore-auto-dns setting does indeed seem to work (in fact, nm seems to update the ifcfg file with PEERDNS=no so they really are the same). I can edit resolv.conf and it doesn't get modified by nm.
Then I went and did it, I decided to try to setup a bridge as the master with eth0 attached to it. I pretty much followed the instructions here:
https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkma...
It sort of works, but when I boot the system, there is no network at all for several seconds. I have time to run "ip addr" three or four times after logging in before br0 shows up with an IP address.
In journalctl output, I see errors for network manager wait online failing with status=1, then a little bit after that I see it bringing br0 online.
There wasn't any mysterious delay when it was just eth0.
I guess I'll poke around some more and see if I can figure out what the delay is all about.
On Mon, 17 Feb 2020 13:16:16 -0500 Tom Horsley wrote:
I guess I'll poke around some more and see if I can figure out what the delay is all about.
Ah-HA! Need to turn off STP on the bridge:
nmcli con modify br0 bridge.stp no
The original web page mentioned I could do that, but didn't say why I'd want to. Now I know :-).
Booting the system, the network now comes up just as quick with the bridge as it did with just eth0.
-
Ed Greshko -
Joe Zeff -
Robert G (Doc) Savage -
stan -
Tim -
Tom H -
Tom Horsley