Re: Changing nameservers - WAS "Which resolv.conf file?"
On Thu 01 Aug 2019 at 14:09:31 (-0400), Michael Stone wrote: > On Thu, Aug 01, 2019 at 11:11:33AM -0500, David Wright wrote: > > It surprised me that systemd doesn't just use something > > like the gateway address if/when some address is absolutely > > essential. > > Why on earth would it assume that the gateway is running a resolver? In a domestic environment, it might be a router. If it's a router that's not running a DNS server, it's likely to pass it on to any nameservers the ISP has informed it about. In a professional environment, I'd expect the admin to have correctly configured a resolver at the appropriate time. That's what they're paid for. But in any case, I don't know how the powers that be resolve these things (no pun intended). There was a lot of heat in that discussion. Perhaps lookup failure is the answer. I don't know the circumstances when a resolver is "essential" rather than "very desirable". Cheers, David.
Re: Changing nameservers - WAS "Which resolv.conf file?"
Le 01/08/2019 à 20:06, Greg Wooledge a écrit : On Thu, Aug 01, 2019 at 07:58:56PM +0200, Pascal Hambourg wrote: Le 01/08/2019 à 18:18, David Wright a écrit : I think that a lot of people install resolvconf (deliberately or incidentally) without really understanding what it's for or what it does. Then, because most people naturally check the contents of /etc/resolv.conf, they indulge in all sorts of cargo-cult behaviour to pummel it into submission; the most extreme I've seen being editing followed by chattr +i. AFAIK it is also the most inefficient : upon installation, resolvconf replaces the regular file /etc/resolv.conf with a symlink pointing to a volatile temporary file in /run (tmpfs), so the immutable attribute has no effect if set on the symlink and will be reset at the next boot if set on the target file in /run. It's the most inefficient only because of bug #860928, which means you need to add a cron job to clean up all the stray temp files that get left behind. This bug has nothing to do with the immutable attribute efficiency. It is just another example of bad things that may happen when you do things wrong. The controversy surrounding chattr +i /etc/resolv.conf is why it's listed as the last option on the wiki. But if #860928 were to be fixed, it wouldn't be "inefficient" at all. It's actually the simplest choice. Yes, a quick and dirty hack is simple. But then you have to deal with the adverse side effects such as the bug mentionned above. So in the end, was it really the simplest choice ? People who object to chattr do so on philosophical grounds, not performance benchmark grounds. Huh ? Why are you bringing performance benchmarks ? I don't even know how many times I've posted the wiki link in this thread, I do not care what the wiki says. It is not an authoritative source.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Thu, Aug 01, 2019 at 08:16:38PM +0200, Pascal Hambourg wrote: > Le 01/08/2019 à 19:58, Pascal Hambourg a écrit : > > Le 01/08/2019 à 18:18, David Wright a écrit : > > > > > > I think that a lot of people install resolvconf (deliberately or > > > incidentally) without really understanding what it's for or what > > > it does. Then, because most people naturally check the contents of > > > /etc/resolv.conf, they indulge in all sorts of cargo-cult behaviour > > > to pummel it into submission; the most extreme I've seen being > > > editing followed by chattr +i. > > > > AFAIK it is also the most inefficient : upon installation, resolvconf > > replaces the regular file /etc/resolv.conf with a symlink pointing to a > > volatile temporary file in /run (tmpfs), so the immutable attribute has > > no effect if set on the symlink and will be reset at the next boot if > > set on the target file in /run. > > Thinking twice and testing, it appears that you cannot even set file > attributes in tmpfs nor on a symlink. (which is why the wiki's first step in the immutable section is to remove the existing /etc/resolv.conf file with rm -f) (I swear to glob I'm going to lose it if people continue ignoring the wiki)
Re: Changing nameservers - WAS "Which resolv.conf file?"
Le 01/08/2019 à 19:58, Pascal Hambourg a écrit : Le 01/08/2019 à 18:18, David Wright a écrit : I think that a lot of people install resolvconf (deliberately or incidentally) without really understanding what it's for or what it does. Then, because most people naturally check the contents of /etc/resolv.conf, they indulge in all sorts of cargo-cult behaviour to pummel it into submission; the most extreme I've seen being editing followed by chattr +i. AFAIK it is also the most inefficient : upon installation, resolvconf replaces the regular file /etc/resolv.conf with a symlink pointing to a volatile temporary file in /run (tmpfs), so the immutable attribute has no effect if set on the symlink and will be reset at the next boot if set on the target file in /run. Thinking twice and testing, it appears that you cannot even set file attributes in tmpfs nor on a symlink.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Thu, Aug 01, 2019 at 11:11:33AM -0500, David Wright wrote: It surprised me that systemd doesn't just use something like the gateway address if/when some address is absolutely essential. Why on earth would it assume that the gateway is running a resolver?
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Thu, Aug 01, 2019 at 07:58:56PM +0200, Pascal Hambourg wrote: > Le 01/08/2019 à 18:18, David Wright a écrit : > > > > I think that a lot of people install resolvconf (deliberately or > > incidentally) without really understanding what it's for or what > > it does. Then, because most people naturally check the contents of > > /etc/resolv.conf, they indulge in all sorts of cargo-cult behaviour > > to pummel it into submission; the most extreme I've seen being > > editing followed by chattr +i. > > AFAIK it is also the most inefficient : upon installation, resolvconf > replaces the regular file /etc/resolv.conf with a symlink pointing to a > volatile temporary file in /run (tmpfs), so the immutable attribute has no > effect if set on the symlink and will be reset at the next boot if set on > the target file in /run. It's the most inefficient only because of bug #860928, which means you need to add a cron job to clean up all the stray temp files that get left behind. The controversy surrounding chattr +i /etc/resolv.conf is why it's listed as the last option on the wiki. But if #860928 were to be fixed, it wouldn't be "inefficient" at all. It's actually the simplest choice. People who object to chattr do so on philosophical grounds, not performance benchmark grounds. I don't even know how many times I've posted the wiki link in this thread, but it seems like people aren't even reading it. I don't know what else I need to do. https://wiki.debian.org/resolv.conf If there's something on this page that people disagree with, bring it up! Or change the wiki directly!
Re: Changing nameservers - WAS "Which resolv.conf file?"
Le 01/08/2019 à 18:18, David Wright a écrit : I think that a lot of people install resolvconf (deliberately or incidentally) without really understanding what it's for or what it does. Then, because most people naturally check the contents of /etc/resolv.conf, they indulge in all sorts of cargo-cult behaviour to pummel it into submission; the most extreme I've seen being editing followed by chattr +i. AFAIK it is also the most inefficient : upon installation, resolvconf replaces the regular file /etc/resolv.conf with a symlink pointing to a volatile temporary file in /run (tmpfs), so the immutable attribute has no effect if set on the symlink and will be reset at the next boot if set on the target file in /run.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On 2019-08-01, Curt wrote: > On 2019-07-31, Bob Bernstein wrote: >> I _think_ my upgrade from Jessie to Stretch -- which entailed >> installing systemd for the first time on this box -- introduced >> that 8.8.8.8. into my config. I've never been at a loss to >> select my own nameservers, and that never has been one of them. >> > > Installing systemd as your init system introduced Google's nameserver > into your config, you think, without your knowledge or approval or > intervention of any kind. Out of the blue, as it were. > > Have you filed a bug report, because that would qualify, I mean, like, > wow? > Hey, I'm really sorry, this inspired my utter incredulity, but apparently it has happened before (or is happening still--once again, my apologies). -- “We are all in the gutter, but some of us are looking at the stars.” ― Oscar Wilde, Lady Windermere's Fan
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Wed 31 Jul 2019 at 23:38:34 (+0200), Pascal Hambourg wrote: > Le 31/07/2019 à 23:30, ghe a écrit : > > On 7/31/19 2:52 PM, Pascal Hambourg wrote: > > > > > Without resolvconf, the DHCP client would have completely overwritten > > > resolv.conf instead of just adding one line. With resolvconf, at least > > > you can have some control over resolv.conf. > > > > OK. vi gives me all the control I need over resolv.conf. > > No it doesn't. It does not prevent other programs from overwriting > your changes the next second. I think that a lot of people install resolvconf (deliberately or incidentally) without really understanding what it's for or what it does. Then, because most people naturally check the contents of /etc/resolv.conf, they indulge in all sorts of cargo-cult behaviour to pummel it into submission; the most extreme I've seen being editing followed by chattr +i. If they'd only read the README, they'd get some idea of what the problems are with /etc/resolv.conf, how resolvconf mitigates them, and what steps they need to perform before and after the package's installation, which is not a lot if you haven't been wielding the machete already. Compounding the problem is the successful reports given here by some of these hatcheteers which, when you delve into them, turn out to be either for static systems or ones where people are prepared to edit /etc/resolv.conf whenever something is changed (like in this case). Cheers, David.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Wed 31 Jul 2019 at 18:56:08 (-0400), Bob Bernstein wrote: > I _think_ my upgrade from Jessie to Stretch -- which entailed > installing systemd for the first time on this box -- introduced that > 8.8.8.8. into my config. I've never been at a loss to select my own > nameservers, and that never has been one of them. I think there may be a path by which this¹ can happen, which imvolves installing systemd and letting it use systemd-resolved at a time when you have no explicit nameserver configured. This has a fallback which you can probably still see if you haven't changed /etc/systemd/resolved.conf. I presume that once 8.8.8.8 gets into /etc/resolv.conf, resolvconf will hang onto it, squirrelling it away somewhere. Where? I'm not sure, having never got into this situation, but my suspicion would fall on /etc/resolvconf/resolv.conf.d/base (which is empty here). (By the time my installation is done, my /etc/resolv.conf contains 192.168.1.1 and AIUI from then on, that's a permanent fallback, being preserved in /etc/resolvconf/resolv.conf.d/original when I install resolvconf.) But this scenario is hypothetical, because systemd may just *use* the compiled-in address 8.8.8.8 without storing it elsewhere at all. > I was not even aware of that other file 'interface/' to wit: > '/etc/resolvconf/run/interface/' or I would have been more specific > indicating which file I edited, which was our old friend > '/etc/network/interfaces'. You posted in you previous thread that your /etc/network/interfaces contained the line dns-nameserver 8.8.8.8 and I'm not sure whether this can be explained by the above. IOW the scenario above might explain the "8.8.8.8" leaking into *use* in a Debian system, but I thought only the debian-installer would write new information like "dns-nameserver" into /etc/network/interfaces from scratch. AFAICT ifupdown only creates a file containing comments if one doesn't already exist. So … > QED, yes? You didn't really prove how "8.8.8.8" arrived in your system. ¹ There was a heated discussion in #761658 about using a Google nameserver as an unannounced default fallback. It surprised me that systemd doesn't just use something like the gateway address if/when some address is absolutely essential. Cheers, David.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On 2019-07-31, Bob Bernstein wrote: > I _think_ my upgrade from Jessie to Stretch -- which entailed > installing systemd for the first time on this box -- introduced > that 8.8.8.8. into my config. I've never been at a loss to > select my own nameservers, and that never has been one of them. > Installing systemd as your init system introduced Google's nameserver into your config, you think, without your knowledge or approval or intervention of any kind. Out of the blue, as it were. Have you filed a bug report, because that would qualify, I mean, like, wow? -- “We are all in the gutter, but some of us are looking at the stars.” ― Oscar Wilde, Lady Windermere's Fan
Re: Changing nameservers - WAS "Which resolv.conf file?"
I _think_ my upgrade from Jessie to Stretch -- which entailed installing systemd for the first time on this box -- introduced that 8.8.8.8. into my config. I've never been at a loss to select my own nameservers, and that never has been one of them. I was not even aware of that other file 'interface/' to wit: '/etc/resolvconf/run/interface/' or I would have been more specific indicating which file I edited, which was our old friend '/etc/network/interfaces'. I followed up the edit with an "# /etc/init.d/network reload". Lastly, I see now that even '/etc/resolvconf/run/interface/eth0.inet' contains a nameserver line holding my desired replacement for 8.8.8.8. QED, yes? Thank you -- These are not the droids you are looking for.
Re: Changing nameservers - WAS "Which resolv.conf file?"
Le 31/07/2019 à 23:30, ghe a écrit : On 7/31/19 2:52 PM, Pascal Hambourg wrote: Without resolvconf, the DHCP client would have completely overwritten resolv.conf instead of just adding one line. With resolvconf, at least you can have some control over resolv.conf. OK. vi gives me all the control I need over resolv.conf. No it doesn't. It does not prevent other programs from overwriting your changes the next second.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On 7/31/19 2:52 PM, Pascal Hambourg wrote: > Without resolvconf, the DHCP client would have completely overwritten > resolv.conf instead of just adding one line. With resolvconf, at least > you can have some control over resolv.conf. OK. vi gives me all the control I need over resolv.conf. I understand that some people need and think the world of resolvconf. I don't see any need for it at all for the computers here. -- Glenn English
Re: Changing nameservers - WAS "Which resolv.conf file?"
Le 31/07/2019 à 21:44, ghe a écrit : On 7/31/19 1:20 PM, Greg Wooledge wrote: I still feel like you're missing the big picture here. resolvconf isn't the thing that's modifying your /etc/resolv.conf file. It's the thing (that was) modifying my resolv.conf. Resolvconf does not modify resolv.conf on its own. Some other program requested it to do so instead of overwriting resolv.conf itself. The WiFi server (DHCP) was always changing my DNS server to something I didn't want -- when I'd cat resolv.conf, there was always a line at the top saying the file had been created by resolvconf. Without resolvconf, the DHCP client would have completely overwritten resolv.conf instead of just adding one line. With resolvconf, at least you can have some control over resolv.conf.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Mi, 31 iul 19, 13:44:51, ghe wrote: > On 7/31/19 1:20 PM, Greg Wooledge wrote: > > > I still feel like you're missing the big picture here. resolvconf isn't > > the thing that's modifying your /etc/resolv.conf file. > > It's the thing (that was) modifying my resolv.conf. [...] > At first I kept a resolv file as I wanted it to be in /etc, and the > script just copied it over resolvconf's creation. Then I just deleted > the resolvconf file, and quit having problems. If all you've got is a hammer... Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: Changing nameservers - WAS "Which resolv.conf file?"
On 7/31/19 1:20 PM, Greg Wooledge wrote: > I still feel like you're missing the big picture here. resolvconf isn't > the thing that's modifying your /etc/resolv.conf file. It's the thing (that was) modifying my resolv.conf. I have 2 Enet connections: a reliable T1 and a reasonably fast WiFi. I have a shell script to bring up WiFi, and modify the routing table a little, for downloads and stuff. The WiFi server (DHCP) was always changing my DNS server to something I didn't want -- when I'd cat resolv.conf, there was always a line at the top saying the file had been created by resolvconf. At first I kept a resolv file as I wanted it to be in /etc, and the script just copied it over resolvconf's creation. Then I just deleted the resolvconf file, and quit having problems. It's quite possible I just didn't have something configured correctly, but I did figure out a way to keep somebody from scribbling on my DNS config. And there's nothing on my computers that changes it. -- Glenn English
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Wed, Jul 31, 2019 at 01:13:27PM -0600, ghe wrote: > On 7/31/19 12:52 PM, Greg Wooledge wrote: > > > Removing /etc/resolvconf sounds like terrible> advice. > > If you want to remove resolvconf, remove the> package with dpkg or apt. > > Don't just start removing random > configuration> files and directories > Good point, well taken. > > I've always just deleted the /etc dir, and it's always killed > resolvconf. dpkg/apt is a much better idea -- more thorough deletion... > > But then go remove that config stuff in /etc. If it's still there. I still feel like you're missing the big picture here. resolvconf isn't the thing that's modifying your /etc/resolv.conf file. resolvconf is a mitigating layer that's trying to take control over the *other* entities which are trying to edit the file. If you remove resolvconf from the picture, then isc-dhcp-client and other actors are going to go back to directly editing the file as they see fit, undoing each other's work, etc. If isc-dhcp-client is the only such actor in play, and if you *want* it to edit your file, then that may be perfectly fine. resolvconf is there to handle all the other cases. Well, most of them. The ones that it knows about and knows how to subvert, anyway.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On 7/31/19 12:52 PM, Greg Wooledge wrote: > Removing /etc/resolvconf sounds like terrible> advice. > If you want to remove resolvconf, remove the> package with dpkg or apt. > Don't just start removing random configuration> files and directories Good point, well taken. I've always just deleted the /etc dir, and it's always killed resolvconf. dpkg/apt is a much better idea -- more thorough deletion... But then go remove that config stuff in /etc. If it's still there. -- Glenn English
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Wed, Jul 31, 2019 at 12:44:50PM -0600, ghe wrote: > On 7/31/19 12:17 PM, Bob Bernstein wrote: > > > Sure enough, there it was, for eth0. I commented it out and added a line > > for the nameserver I wanted, and bingo, we have lift off. > > That works, but if you want to specify the DNS server, delete those 2 > DNS lines in /etc...interfaces, and edit /etc/resolv.conf. > > And rm -rf /etc/resolvconf. How often do you want to change your DNS > server? And when you do, edit /etc/resolv.conf. > > There are those of us who hate 'helpful' software... https://wiki.debian.org/resolv.conf Just editing /etc/resolv.conf is NOT enough, because other things will change it BEHIND YOUR BACK. https://wiki.debian.org/resolv.conf resolvconf is actually one of the things that you can use to STOP OTHER THINGS from changing it. Removing /etc/resolvconf sounds like terrible advice. Why would you remove the configuration of a package but leave the package installed? Are you just going to hope it does something good without any guidance? If you want to remove resolvconf, remove the package with dpkg or apt. Don't just start removing random configuration files and directories. https://wiki.debian.org/resolv.conf
Re: Changing nameservers - WAS "Which resolv.conf file?"
On 7/31/19 12:17 PM, Bob Bernstein wrote: > Sure enough, there it was, for eth0. I commented it out and added a line > for the nameserver I wanted, and bingo, we have lift off. That works, but if you want to specify the DNS server, delete those 2 DNS lines in /etc...interfaces, and edit /etc/resolv.conf. And rm -rf /etc/resolvconf. How often do you want to change your DNS server? And when you do, edit /etc/resolv.conf. There are those of us who hate 'helpful' software... -- Glenn English
Re: Changing nameservers - WAS "Which resolv.conf file?"
Le 31/07/2019 à 19:56, Greg Wooledge a écrit : On Wed, Jul 31, 2019 at 07:51:45PM +0200, Pascal Hambourg wrote: Le 31/07/2019 à 17:10, Bob Bernstein a écrit : What I want to do is get rid of the google 8.8.8.8 and replace it with a static nameserver suggested by my vpn. Edit /etc/network/interfaces. That isn't a full answer. Indeed. The full answer was "edit /etc/network/interfaces and reboot". That could be one step in the answer that begins with "install resolvconf". The information posted by the OP indicated that resolvconf is already installed. But a deeper investigation is required, to find out where the 8.8.8.8 is coming from in the first place. No investigation is required. All the required information has already been posted by the OP.
Re: Changing nameservers - WAS "Which resolv.conf file?"
SOLVED, I think. After all the reading you guys gave me I sat pondering this morning, and it dawned on me that if I looked at 'interfaces' and found that darn 8.8.8.8 ip in there, that I might have the clue I needed. Sure enough, there it was, for eth0. I commented it out and added a line for the nameserver I wanted, and bingo, we have lift off. I know, I know; I posted the contents of 'interfaces' in reply to Andrei's request last night, but at that point in the proceedings I did not see its significance. Thank you -- These are not the droids you are looking for.
Re: Changing nameservers - WAS "Which resolv.conf file?"
On Wed, Jul 31, 2019 at 07:51:45PM +0200, Pascal Hambourg wrote: > Le 31/07/2019 à 17:10, Bob Bernstein a écrit : > > > > What I want to do is get rid of the google 8.8.8.8 and replace it with a > > static nameserver suggested by my vpn. > > Edit /etc/network/interfaces. That isn't a full answer. That could be one step in the answer that begins with "install resolvconf". https://wiki.debian.org/resolv.conf#Configuring_resolvconf But a deeper investigation is required, to find out where the 8.8.8.8 is coming from in the first place. If someone has already *done* something (i.e. this is not a vanilla installation), then first we have to discover what has been done.
Re: Changing nameservers - WAS "Which resolv.conf file?"
Le 31/07/2019 à 17:10, Bob Bernstein a écrit : What I want to do is get rid of the google 8.8.8.8 and replace it with a static nameserver suggested by my vpn. Edit /etc/network/interfaces.
Re: Changing nameservers - WAS "Which resolv.conf file?"
Hi. On Wed, Jul 31, 2019 at 11:10:32AM -0400, Bob Bernstein wrote: > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by r$ This simplifies things greatly > What I want to do is get rid of the google 8.8.8.8 and replace it with a > static nameserver suggested by my vpn. ls -al /run/resolvconf/interfaces Reco