On Mon, Apr 05, 2021 at 12:31:43PM -0700, Steve Ellis wrote:
Hi Alberto,
Thanks for replying so quickly.
I really appreciate being able to use dnss. In Canada, our domain
registrar (CIRA.CA) also provides safe and secure DNS resolution
services including DOH and dnss is the perfect open-source solution.
Thank you, I'm glad to hear you find it useful :)
I think that the dnss setup is more easily configured using the
/lib/systemd files than using /etc/default/dnss for specifying
everything; as mentioned, I made changes to all 3 files. I don't
understand why /lib/systemd are not considered configuration files -
perhaps this is the real bug.
I understand (and to a large degree share) the frustration about
/lib/systemd, but that's beyond dnss, it's a Debian-wide policy based on
how systemd works.
If you have other packages where you've overridden their systemd files
in /lib/systemd, the same thing will happen when they change.
What I do for overriding systemd default configs is to create your own
service files in /etc/systemd, which will take precedence if they exist.
This (and a couple of variants) is documented in
https://wiki.debian.org/systemd#Creating_or_altering_services.
In any case, I always run "apt upgrade" manually because I always want
to see and evaluate any configuration files changes. I did not see the
usual configuration file changes prompts from apt (dpkg) when dnss was
updated. Unfortunately, dpkg.log does not include such details.
However, /var/log/apt/term.log does and there is no record of any such
prompting about /etc/default/dnss for this update:
Preparing to unpack .../dnss_0.0~git20200927.0.6aad832e-1+b1_amd64.deb ...
Unpacking dnss (0.0~git20200927.0.6aad832e-1+b1) ...
Setting up dnss (0.0~git20200927.0.6aad832e-1+b1) ...
Created symlink /etc/systemd/system/multi-user.target.wants/dnss.service →
/lib/systemd/system/dnss.service.
Created symlink /etc/systemd/system/sockets.target.wants/dnss.socket →
/lib/systemd/system/dnss.socket.
Job failed. See "journalctl -xe" for details.
A dependency job for dnss.service failed. See 'journalctl -xe' for details.
I don't think I have any configuration issues with apt. As mentioned,
I am used to being prompted about configuration file changes. I have
included the details as requested in the attached file
apt-config.dump.out.txt.
Honestly I don't know what might have caused you not getting a prompt on
/etc/default/dnss. I will try to reproduce it in a VM and will report
back, but this seems more of a Debian issue than a dnss issue :(
Sorry for the super trivial question, but are you sure /etc/default/dnss
was also overriden by you, and not just the systemd files, right?
In any case, maybe someone more well versed in Debian can help identify
what's going on here.
Thank you for your work on the dnss package. I hope that you find my
experience useful to your work.
Thanks again for your kind words, and for taking the time to report
bugs and help troubleshoot the problem!
Alberto
