On Mon 14 Mar 2022 at 07:15:12 (+0000), Thomas Pircher wrote: > David Wright wrote: > > I was casting round for a simple way to run iwd + resolvconf + > > systemd-networkd as replacement. > > I run a similar setup, with iwd, systemd-networkd and systemd-resolved. > This has been working without problems on my host for for quite a while > now.
As I said, I tried that. > Make a copy of your /etc/resolv.conf file, No point, as there's nothing specific in it, but just what gets sent by DHCP from the router. > then enable and restart the > systemd-resolved service. Finally link the /etc/resolv.conf file to > either /run/systemd/resolve/resolv.conf or > /run/systemd/resolve/stub-resolv.conf. I use the latter: > > # ls -l /etc/resolv.conf lrwxrwxrwx 1 root root 37 Jun 28 2020 > /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf (It was created for me.) So, to summarise, I have a three-line /var/lib/iwd/mySSID.psk (Security, PSK, passphrase), a two-line /etc/iwd/main.conf (General, EnableNetworkConfiguration=true), and nothing else: no overrides, no resolvconf package, and no cat5 cable. > You can configure various settings for the DNS resolver in your > systemd-networkd setting and in /etc/systemd/resolved.conf. Like what? > On bookworm you also have the resolvectl tool, which helps debugging DNS > issues. And bullseye has that too. I don't really know how to use it. There seem to be timeouts involved in most cases, so time ping -c 1 foo will typically take 15sec, and host lookups will take 10 or 20sec. That's 10sec, or 20sec, depending on whether the message ;; connection timed out; no servers could be reached is emitted once or twice. I ran resolvectl log-level debug and tried resolvectl query foo on a few addresses. They were even slower, eg: # resolvectl query smtp.lionunicorn.co.uk answered in 57.6 secs. # resolvectl query lionunicorn.co.uk failed with: lionunicorn.co.uk: resolve call failed: Query timed out The debug output is difficult to interpret, though I did notice that it was reporting "cache misses" repeatedly on the same address (but there must be some caching going on, because there was an occasional hit being reported). I also noticed that debug output carries on being emitted after the actual query has finished and returned to a bash prompt; for something like another minute, achieving nothing (repeating a query does it all over again). Everything is comparatively instantaneous when using resolvconf, which is why I chose to continue using it. The idea of "debugging DNS issues" doesn't exactly thrill me. I'm imagining a scenario where I'm sitting in an airport or motel room, having managed to make a connection with iwd and negotiate their captive portal or whatever, and then run into /this/ problem. Cheers, David.