Re: Tip: how to make your own resolv.conf
by Chris Adams
Once upon a time, Tim <ignored_mailbox(a)yahoo.com.au> said:
> But being serious, I did start looking through the man files for the
> new networking schemes (man systemd-resolved). And supposedly,
> /etc/resolv.conf is a link to /run/systemd/resolve/stub-resolv.conf
> And when it is, it controls the file its linked to.
Yeah, if you just edit /etc/resolv.conf without reading it (leaving it a
symlink to /run), your edits will get lost. All you have to do is
remove the symlink and replace it with a file, and systemd-resolved will
stop touching it (again, as documented in the file). It's not some
mystery, or difficult problem to solve, if you read the comments and
referenced documentation.
> It is all a bit of a maze, and I don't really see how this was an
> improvement on the previous methodology.
A single system-wide resolv.conf cannot handle more complicated setups,
such as a VPN where lookups for certain domains should be sent to a
server across the VPN. You have to run some form of local DNS server to
handle that (which could be BIND, Unbound, dnsmasq, etc.). Each of
those have their own configuration quirks that can make it more
complicated to programmatically manage, so systemd-resolved was created.
I'm not entirely satisfied with systemd-resolved, but it solves things
for a majority of cases.
> Likewise with network configuration. If the previous config files
> actually did the job, why didn't they keep on using them, and just
> update the tools that set them up?
The previous ifcfg files had many quirks, starting from being created as
shell variable lists to feed to bash scripts for network config. They
were also specific to Red Hat Linux derived OSes (e.g. Fedora, RHEL,
CentOS, etc.). NetworkManager was created to solve multiple things, one
of which was standardizing network configuration across distributions.
The NM plugin to support the RHL-style ifcfg files has been there as a
backwards-compatibility wedge, but it was time to move on from using
that by default (and deprecate the old network-scripts pile of shell
code).
--
Chris Adams <linux(a)cmadams.net>
1 year, 4 months
Re: 127.0.0.53 question
by Bill C
Is that Dnsmasq like bind? The only thing I've ever cared to run would be
something like rsync and ssh as far as servers.
On Sat, Dec 17, 2022, 1:44 AM ToddAndMargo via users <
users(a)lists.fedoraproject.org> wrote:
> On 12/16/22 22:11, Samuel Sieb wrote:
> > On 12/16/22 21:18, ToddAndMargo via users wrote:
> >> On 12/16/22 20:23, Mike Wright wrote:
> >>> 127.0.0.0/8 is the loopback address. That means that any IP that
> >>> begins with 127 is a valid loopback address. The three 0's can each
> >>> be any number from 0 through 255.
> >>
> >>
> >> So the 127.0.0.53 was the bind guys being sneaky!
> >
> > That's not bind. systemd-resolved is on 127.0.0.53 and 127.0.0.54 on my
> > system. bind would most likely try to get 127.0.0.1 as you demonstrated
> > in your other email. If you want systemd-resolved to use your bind
> > server instead of the dhcp offered one, then modify
> > /etc/systemd/resolved.conf to set 127.0.0.1 as the primary DNS server.
>
> Named/bind uses port 53
>
> $ grep -i 53 /etc/services
> domain 53/tcp # name-domain server
> domain 53/udp
>
>
> Everything is commented out in my
> /etc/systemd/resolved.conf
> _______________________________________________
> users mailing list -- users(a)lists.fedoraproject.org
> To unsubscribe send an email to users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
1 year, 4 months
Re: Named keeps dying on me
by Tom Horsley
On Thu, 15 Dec 2022 14:21:34 -0800
ToddAndMargo via users wrote:
> Your in frustration,
Has resolv.conf changed? Sometimes DHCP comes along on lease renewal
and rewrites sutff. Somewhere there is a NetworkManager option to
make it leave resolv.conf alone (always takes me an hour to find it
though).
Look at journalctl to see if named printed any useless messages
before dying.
I had lots of problems with named when the defaults were changed to insist
on encrypted DNS and never really got it working reliably which is why
I switched to dnsmasq (nice small man page for configuration instead of
the 12,742 pages of bind config info :-).
1 year, 4 months
Re: Clearing DNS cache without rebooting
by Barry
> On 14 Dec 2022, at 15:49, Tim via users <users(a)lists.fedoraproject.org> wrote:
>
> On Tue, 2022-12-13 at 16:11 -0500, Tom Horsley wrote:
>> I used to use bind, but it became impossible to configure when
>> they started enforcing DNS encryption,
>
>
>
> When did that happen? Mine isn't running that way, though I'm running
> it on CentOS 7.
>
>
>> switched to dnsmasq and wondered why I ever bothered to fool with bind :-).
>
>
> I started using BIND when messing with hosts files became a pain on a
> small LAN, and it made sense to learn how a real server worked (not
> that I want a job in IT), and BIND configuration was quite well
> documented.
>
> Likewise, I use Apache rather than some other half-baked HTTP server.
> Though, unfortunately, my hosting provider has decided they're now
> going to use LightSpeed, which isn't Apache-compatible in the areas
> that I want (not to mention is expensive versus free), and their
> custom-buggerising has wrecked a few things which they refuse to fix.
>
>
> I keep meaning to change hosts, but finding someone else who actually
> says they use Apache (in my country) and doesn't have the worst website
> to navigate to look at features versus price, is a pain in the butt.
> Not to mention that there's quite a few who think we should be paying
> hundreds a month for them. Yeah, right, dream on. I don't even want
> any of that added-on gumph (wordpress, etc), it's useless to me and
> just another hacking point of entry.
I use digitalocean.com and run a “droplet”, 1GiB VM running fedora.
Once you have fedora you can do what ever you want, i run apache httpd.
I use ssl certs from lets encrypt for the domains i own. Cost in $5 or $6 a month.
They support setting up a vm running fedora with ssh to root.
After that is plain sailing to set up.
Barry
>
>> Dnsmasq gets names out of the /etc/hosts file and I configure a fixed
>> IP in my router's dhcp for every device on the network so the fixed
>> /etc/hosts entries will always be correct.
>
> And that's where I would quit. The last thing I would want to do is
> split the work between my server and my crappy router. My router can
> be switched off and my entire LAN works fine. That's a particular
> bonus if you have to reboot it, or replace it.
>
> It also wouldn't support local name resolution for dynamic addresses.
> And while mDNA/Avahi/ZeroConf might be the answer for a lot of home
> users, it's only useful if every device can use it.
>
>
> --
>
> NB: All unexpected mail to my mailbox is automatically deleted.
> I will only get to see the messages that are posted to the list.
>
> The following system info data is generated fresh for each post:
>
> uname -rsvp
> Linux 6.0.10-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Nov 26 16:53:11
> UTC 2022 x86_64
> _______________________________________________
> users mailing list -- users(a)lists.fedoraproject.org
> To unsubscribe send an email to users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
1 year, 4 months
Re: Clearing DNS cache without rebooting
by Tim
On Tue, 2022-12-13 at 16:11 -0500, Tom Horsley wrote:
> I used to use bind, but it became impossible to configure when
> they started enforcing DNS encryption,
When did that happen? Mine isn't running that way, though I'm running
it on CentOS 7.
> switched to dnsmasq and wondered why I ever bothered to fool with bind :-).
I started using BIND when messing with hosts files became a pain on a
small LAN, and it made sense to learn how a real server worked (not
that I want a job in IT), and BIND configuration was quite well
documented.
Likewise, I use Apache rather than some other half-baked HTTP server.
Though, unfortunately, my hosting provider has decided they're now
going to use LightSpeed, which isn't Apache-compatible in the areas
that I want (not to mention is expensive versus free), and their
custom-buggerising has wrecked a few things which they refuse to fix.
I keep meaning to change hosts, but finding someone else who actually
says they use Apache (in my country) and doesn't have the worst website
to navigate to look at features versus price, is a pain in the butt.
Not to mention that there's quite a few who think we should be paying
hundreds a month for them. Yeah, right, dream on. I don't even want
any of that added-on gumph (wordpress, etc), it's useless to me and
just another hacking point of entry.
> Dnsmasq gets names out of the /etc/hosts file and I configure a fixed
> IP in my router's dhcp for every device on the network so the fixed
> /etc/hosts entries will always be correct.
And that's where I would quit. The last thing I would want to do is
split the work between my server and my crappy router. My router can
be switched off and my entire LAN works fine. That's a particular
bonus if you have to reboot it, or replace it.
It also wouldn't support local name resolution for dynamic addresses.
And while mDNA/Avahi/ZeroConf might be the answer for a lot of home
users, it's only useful if every device can use it.
--
NB: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the list.
The following system info data is generated fresh for each post:
uname -rsvp
Linux 6.0.10-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Sat Nov 26 16:53:11
UTC 2022 x86_64
1 year, 4 months
Re: Clearing DNS cache without rebooting
by Bill C
This is an interesting thread. Is there a group on networking or servers. I
am going to enjoy this. :)
On Tue, Dec 13, 2022, 9:16 PM Mike Wright <nobody(a)nospam.hostisimo.com>
wrote:
> On 12/13/22 13:11, Tom Horsley wrote:
> > On Wed, 14 Dec 2022 07:16:43 +1030
> > Tim via users wrote:
> >
> >> I have a server PC running 24/7, so I use it instead.
> >
> > Me too. I used to use bind, but it became impossible to configure when
> > they started enforcing DNS encryption, switched to dnsmasq and wondered
> > why I ever bothered to fool with bind :-). Dnsmasq gets names
> > out of the /etc/hosts file and I configure a fixed IP in my router's
> > dhcp for every device on the network so the fixed /etc/hosts entries
> > will always be correct.
>
> knot is great nameserver that uses bind format zone files. Much smaller
> than bind and doesn't require encryption. Changes to the conf file
> requires a systemctl restart; changes to the zone files requires a
> systemctl reload. Other than that it just runs and runs and ...
>
> Only caveat: the SOA record must be on a single line. That is a tricky
> one to debug.
>
> They also offer a resolver: kresd.
>
> I stack them. dnsmasq points to kresd and kresd points to knot. Rock
> solid.
> _______________________________________________
> users mailing list -- users(a)lists.fedoraproject.org
> To unsubscribe send an email to users-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
1 year, 4 months
Re: Clearing DNS cache without rebooting
by Mike Wright
On 12/13/22 13:11, Tom Horsley wrote:
> On Wed, 14 Dec 2022 07:16:43 +1030
> Tim via users wrote:
>
>> I have a server PC running 24/7, so I use it instead.
>
> Me too. I used to use bind, but it became impossible to configure when
> they started enforcing DNS encryption, switched to dnsmasq and wondered
> why I ever bothered to fool with bind :-). Dnsmasq gets names
> out of the /etc/hosts file and I configure a fixed IP in my router's
> dhcp for every device on the network so the fixed /etc/hosts entries
> will always be correct.
knot is great nameserver that uses bind format zone files. Much smaller
than bind and doesn't require encryption. Changes to the conf file
requires a systemctl restart; changes to the zone files requires a
systemctl reload. Other than that it just runs and runs and ...
Only caveat: the SOA record must be on a single line. That is a tricky
one to debug.
They also offer a resolver: kresd.
I stack them. dnsmasq points to kresd and kresd points to knot. Rock
solid.
1 year, 4 months
Re: Clearing DNS cache without rebooting
by Samuel Sieb
On 12/13/22 13:11, Tom Horsley wrote:
> On Wed, 14 Dec 2022 07:16:43 +1030
> Tim via users wrote:
>
>> I have a server PC running 24/7, so I use it instead.
>
> Me too. I used to use bind, but it became impossible to configure when
> they started enforcing DNS encryption, switched to dnsmasq and wondered
> why I ever bothered to fool with bind :-). Dnsmasq gets names
> out of the /etc/hosts file and I configure a fixed IP in my router's
> dhcp for every device on the network so the fixed /etc/hosts entries
> will always be correct.
I use freeipa.
1 year, 4 months
Re: Clearing DNS cache without rebooting
by Tom Horsley
On Wed, 14 Dec 2022 07:16:43 +1030
Tim via users wrote:
> I have a server PC running 24/7, so I use it instead.
Me too. I used to use bind, but it became impossible to configure when
they started enforcing DNS encryption, switched to dnsmasq and wondered
why I ever bothered to fool with bind :-). Dnsmasq gets names
out of the /etc/hosts file and I configure a fixed IP in my router's
dhcp for every device on the network so the fixed /etc/hosts entries
will always be correct.
1 year, 4 months
Re: Clearing DNS cache without rebooting
by Tom Horsley
On Fri, 9 Dec 2022 12:47:14 -0700
Joe Zeff wrote:
> Suggestions?
I've been there, the main problem is there are something like a dozen
different services which may or may not be cacheing DNS information, and
you have to figure out which ones are running and lookup how to make
that one clear its cache, then do the same for all the others.
nscd, systemd-resolved, dnsmasq, bind are just the ones I've run
into before that I can remember, I think there are others as well.
1 year, 4 months