[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan
This bug was fixed in the package netplan.io - 1.0-2 --- netplan.io (1.0-2) unstable; urgency=medium [ Lukas Märdian ] * Versioned dep on meson >= 1.3.0 for python.limited_api (Closes: #1066889) * d/control: downgrade python3-rich to Recommends. [ Danilo Egea Gondolfo ] * debian/netplan.io.preinst. Add a preinst maintainer script for netplan.io to cleanup .pyc cached files. Due to these files, the directory /usr/share/netplan/netplan is not being removed after the python3-netplan package split. By removing these files (and __pycache__ directories), dpkg can remove the old directory during upgrade. * d/p/0002-parse-nm-add-a-workaround-for-the-DoT-DNS-option.patch. Workaround to prevent parse-nm to generate invalid DNS entries in the resulting YAML if SNI is used. (LP: #2055148) -- Lukas Märdian Thu, 28 Mar 2024 12:47:41 +0100 ** Changed in: netplan.io (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2055148 Title: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan Status in Netplan: Fix Committed Status in netplan.io package in Ubuntu: Fix Released Status in network-manager package in Ubuntu: Confirmed Bug description: From: https://discourse.ubuntu.com/t/blog-netplan-developer- diaries/35932/11 Hi all, NetworkManager connections with an explicit DoT (DNS over TLS) configuration are not supported with Netplan, but NetworkManager does feed back the DoT DNS info with server address and Server Name Indication (SNI) in the form server_address#SNI, e.g. 1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result, subsequent Netplan config applications fail because DNS servers don’t have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form. ``` nmcli> describe ipv4.dns === [dns] === [NM property description] Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved. ``` To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan
https://github.com/canonical/netplan/pull/447 ** Changed in: netplan Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2055148 Title: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan Status in Netplan: Fix Committed Status in netplan.io package in Ubuntu: Confirmed Status in network-manager package in Ubuntu: Confirmed Bug description: From: https://discourse.ubuntu.com/t/blog-netplan-developer- diaries/35932/11 Hi all, NetworkManager connections with an explicit DoT (DNS over TLS) configuration are not supported with Netplan, but NetworkManager does feed back the DoT DNS info with server address and Server Name Indication (SNI) in the form server_address#SNI, e.g. 1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result, subsequent Netplan config applications fail because DNS servers don’t have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form. ``` nmcli> describe ipv4.dns === [dns] === [NM property description] Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved. ``` To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan
** Tags added: fr-7190 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2055148 Title: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan Status in Netplan: Triaged Status in netplan.io package in Ubuntu: Confirmed Status in network-manager package in Ubuntu: Confirmed Bug description: From: https://discourse.ubuntu.com/t/blog-netplan-developer- diaries/35932/11 Hi all, NetworkManager connections with an explicit DoT (DNS over TLS) configuration are not supported with Netplan, but NetworkManager does feed back the DoT DNS info with server address and Server Name Indication (SNI) in the form server_address#SNI, e.g. 1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result, subsequent Netplan config applications fail because DNS servers don’t have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form. ``` nmcli> describe ipv4.dns === [dns] === [NM property description] Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved. ``` To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan
We should land a fix keeping the full string in networkmanager.passthrough and additionaly work on a proper upstream solution, as suggested by Danilo in comment #4, introducing new settings as a longer term solution. ** Changed in: netplan Status: New => Triaged ** Changed in: netplan Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2055148 Title: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan Status in netplan: Triaged Status in netplan.io package in Ubuntu: Confirmed Status in network-manager package in Ubuntu: Confirmed Bug description: From: https://discourse.ubuntu.com/t/blog-netplan-developer- diaries/35932/11 Hi all, NetworkManager connections with an explicit DoT (DNS over TLS) configuration are not supported with Netplan, but NetworkManager does feed back the DoT DNS info with server address and Server Name Indication (SNI) in the form server_address#SNI, e.g. 1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result, subsequent Netplan config applications fail because DNS servers don’t have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form. ``` nmcli> describe ipv4.dns === [dns] === [NM property description] Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved. ``` To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan
So, I believe the best solution here would be to add options to DNS addresses, similar to what we do with IP addresses. Something like this nameservers: addresses: - 1.2.3.4: sni: domain port: 1234 interface: eth123 - 1.1.1.1 with this we'd fully support both Network Manager and networkd backends. Right now NM seems to support only the SNI parameter (1.2.3.4#domain) but networkd supports more: "111.222.333.444:9953%ifname#example.com" for IPv4 and "[:::]:9953%ifname#example.com" for IPv6. Alternatively, to keep things simpler, we could just accept the string 1.2.3.4#domain (and possibly the full notation used by networkd too). What do you think, Lukas? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2055148 Title: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan Status in netplan: New Status in netplan.io package in Ubuntu: Confirmed Status in network-manager package in Ubuntu: Confirmed Bug description: From: https://discourse.ubuntu.com/t/blog-netplan-developer- diaries/35932/11 Hi all, NetworkManager connections with an explicit DoT (DNS over TLS) configuration are not supported with Netplan, but NetworkManager does feed back the DoT DNS info with server address and Server Name Indication (SNI) in the form server_address#SNI, e.g. 1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result, subsequent Netplan config applications fail because DNS servers don’t have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form. ``` nmcli> describe ipv4.dns === [dns] === [NM property description] Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved. ``` To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan
I can confirm the problem. Here is a reproducer: # nmcli con add ifname dummy0 type dummy ipv4.dns 1.1.1.1#lxd Error: Failed to add 'dummy-dummy0' connection: Message recipient disconnected from message bus without replying This is the crash related to this issue: Mar 15 09:46:40 noble-vm NetworkManager[7091]: /etc/netplan/90-NM-2116bb84-fa09-461a-a923-e04bc2648898.yaml:8:9: Error in network definition: malformed address '1.1.1.1#lxd', must be X.X.X.X or X:X:X:X:X:X:X:X Mar 15 09:46:40 noble-vm NetworkManager[7091]: - 1.1.1.1#lxd Mar 15 09:46:40 noble-vm NetworkManager[7091]: ^ Mar 15 09:46:40 noble-vm NetworkManager[7051]: [1710496000.8273] BUG: the profile cannot be stored in keyfile format without becoming unusable: cannot access file: No such file or directory Mar 15 09:46:40 noble-vm NetworkManager[7051]: ** Mar 15 09:46:40 noble-vm NetworkManager[7051]: nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:_internal_write_connection: assertion failed: (unreachable) Mar 15 09:46:40 noble-vm NetworkManager[7051]: Bail out! nm:ERROR:src/core/settings/plugins/keyfile/nms-keyfile-writer.c:551:_internal_write_connection: assertion failed: (unreachable) Mar 15 09:46:40 noble-vm systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT Mar 15 09:46:40 noble-vm systemd[1]: NetworkManager.service: Failed with result 'core-dump'. Mar 15 09:46:41 noble-vm systemd[1]: NetworkManager.service: Scheduled restart job, restart counter is at 1. Mar 15 09:46:41 noble-vm systemd[1]: Starting NetworkManager.service - Network Manager... I also noticed another crash already reported here https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2057490 Mar 15 09:45:30 noble-vm systemd[1]: Stopping NetworkManager.service - Network Manager... Mar 15 09:45:30 noble-vm NetworkManager[6790]: [1710495930.0746] caught SIGTERM, shutting down normally. Mar 15 09:45:30 noble-vm NetworkManager[6790]: ** Mar 15 09:45:30 noble-vm NetworkManager[6790]: nm:ERROR:src/core/nm-policy.c:2937:dispose: assertion failed: (!c_list_is_empty(&priv->policy_auto_activate_lst_head)) Mar 15 09:45:30 noble-vm NetworkManager[6790]: Bail out! nm:ERROR:src/core/nm-policy.c:2937:dispose: assertion failed: (!c_list_is_empty(&priv->policy_auto_activate_lst_head)) Mar 15 09:45:30 noble-vm NetworkManager[6790]: [1710495930.0751] exiting (success) Mar 15 09:45:31 noble-vm systemd[1]: NetworkManager.service: Main process exited, code=dumped, status=6/ABRT Mar 15 09:45:31 noble-vm systemd[1]: NetworkManager.service: Failed with result 'core-dump'. Mar 15 09:45:31 noble-vm systemd[1]: Starting NetworkManager.service - Network Manager... ** Tags added: foundations-todo -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2055148 Title: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan Status in netplan: New Status in netplan.io package in Ubuntu: Confirmed Status in network-manager package in Ubuntu: Confirmed Bug description: From: https://discourse.ubuntu.com/t/blog-netplan-developer- diaries/35932/11 Hi all, NetworkManager connections with an explicit DoT (DNS over TLS) configuration are not supported with Netplan, but NetworkManager does feed back the DoT DNS info with server address and Server Name Indication (SNI) in the form server_address#SNI, e.g. 1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result, subsequent Netplan config applications fail because DNS servers don’t have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form. ``` nmcli> describe ipv4.dns === [dns] === [NM property description] Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved. ``` To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: network-manager (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2055148 Title: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan Status in netplan: New Status in netplan.io package in Ubuntu: Confirmed Status in network-manager package in Ubuntu: Confirmed Bug description: From: https://discourse.ubuntu.com/t/blog-netplan-developer- diaries/35932/11 Hi all, NetworkManager connections with an explicit DoT (DNS over TLS) configuration are not supported with Netplan, but NetworkManager does feed back the DoT DNS info with server address and Server Name Indication (SNI) in the form server_address#SNI, e.g. 1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result, subsequent Netplan config applications fail because DNS servers don’t have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form. ``` nmcli> describe ipv4.dns === [dns] === [NM property description] Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved. ``` To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 2055148] Re: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: netplan.io (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/2055148 Title: NetworkManager connections with an explicit DoT (DNS over TLS) are not supported with Netplan Status in netplan: New Status in netplan.io package in Ubuntu: Confirmed Status in network-manager package in Ubuntu: Confirmed Bug description: From: https://discourse.ubuntu.com/t/blog-netplan-developer- diaries/35932/11 Hi all, NetworkManager connections with an explicit DoT (DNS over TLS) configuration are not supported with Netplan, but NetworkManager does feed back the DoT DNS info with server address and Server Name Indication (SNI) in the form server_address#SNI, e.g. 1.2.3.4#dns.myhome.com as nameserver addresses to Netplan. As a result, subsequent Netplan config applications fail because DNS servers don’t have the expected dotted decimal (IPv4) or colon’ed hex (IPv6) form. ``` nmcli> describe ipv4.dns === [dns] === [NM property description] Array of IP addresses of DNS servers. For DoT (DNS over TLS), the SNI server name can be specified by appending "#example.com" to the IP address of the DNS server. This currently only has effect when using systemd-resolved. ``` To manage notifications about this bug go to: https://bugs.launchpad.net/netplan/+bug/2055148/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
