Re: what is my dns?
How would that work? Instead of that you send startpage.com all your history. If that site has more trust than common big tech company, it would be your choice. But it should be clear to you some organization would be always able to mine (bigger) part of your browsing history. You can make work arounds by using VPN or at least encrypted DNS, but choosing trusted internet provider should be always a start. Any workarounds typically just change who would be able to watch your browsing. On 3/30/23 04:26, Joe Zeff wrote: On 03/29/2023 08:22 PM, Tim via users wrote: Perhaps initially, but if you're sent to a page with Google ads, you check your gmail, you use your Android phone, or do any number of ordinary internet activities, and you're identifiable. That may be so, but at least by using startpage.com you're not letting them mine your search history as well. -- Petr Menšík Software Engineer, RHEL Red Hat, https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: what is my dns?
oject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Petr Menšík Software Engineer, RHEL Red Hat, https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: what is my dns?
dnsmasq allows you to query servers using dig @localhost ch txt servers.bind. But no other server implements it. There is no common way to query forwarders from any cache. unbound-control list_forwards would list forwarders defined in unbound. bind has no runtime tool to show that, just read /etc/named.conf or named-checkconf -p output. Servers like bind, unbound or knot-resolver do not require forwarders to work. It may work just fine even without them. The most universal way to obtain systemd dns servers is nmcli without parameters. It would just show what NM provides. If dnsmasq or systemd-resolved is used, it will say what were provided by the network. Whether and what local cache is using, it is cache-specific. On 3/27/23 02:27, ToddAndMargo via users wrote: On 3/26/23 15:07, Barry wrote: On 26 Mar 2023, at 22:57, ToddAndMargo via users wrote: Hi All, Fedora 37 I have a caching server running. Other than digging out my "forward" from /etc/named.conf to figure out what my DNS server is, is there a way to use "dig" or other to figure out what my actual DNS server is? No as that information is not sent to the dns client. You have to look at the config in each layer of software your request traverses. Barry Rats! Thank you for the quick response! ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Petr Menšík Software Engineer, RHEL Red Hat, https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: F36: removing systemd-resolved breaks chrony
On 6/5/22 17:18, stan via users wrote: On Sat, 4 Jun 2022 16:07:12 -0400 Tom Horsley wrote: Try editing /etc/NetworkManager/NetworkManager.conf and putting dns=none after the [main] section entry. I have to do this in order to use dns servers other than those the ISP provides with knot-resolver. Not really. You can also edit your connection and add ipv4.dns IP to the connection. Then it would use your IP first. nmcli c edit enp0s31f6 print ipv4.dns set ipv4.dns 127.0.0.1 save activate quit You can also set ipv4.ignore-auto-dns true to avoid autoconfigured addresses on that connection. It makes it possible to change it only per-connection. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F36: removing systemd-resolved breaks chrony
Symlinks obviously ends with non-expected SELinux contexts. I think this is actually a bug in SELinux policy for Network Manager. Because target file has wrong selinux context. $ ls -Z /run/NetworkManager/no-stub-resolv.conf system_u:object_r:NetworkManager_var_run_t:s0 /run/NetworkManager/no-stub-resolv.conf $ ls -Z /etc/resolv.conf system_u:object_r:net_conf_t:s0 /etc/resolv.conf Fix that by: rm -f /etc/resolv.conf touch /etc/resolv.conf systemctl restart NetworkManager.service If the file is good old plain text file, it would get permissions as it always had. On 28. 05. 22 14:51, Sam Varshavchik wrote: It seems that uninstalling systemd-resolved and repointing /etc/resolv.conf ends up breaking chrony: type=AVC msg=audit(1653741361.179:318): avc: denied { getattr } for pid=856 comm="chronyd" path="/run/NetworkManager/no-stub-resolv.conf" dev="tmpfs" ino=1525 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:NetworkManager_var_run_t:s0 tclass=file permissive=0 This is spamming me every minute, now. Bug 2091275 ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure -- Petr Menšík Software Engineer, RHEL Red Hat, http://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: ssh infested by systemd.resolved
Could repeated flames around systemd mean something is wrong with the way systemd introduces new features? If people complain often, maybe those changes should have been made in opt-in mode. Especially on upgrades from previous releases. The mentioned change were invasive and has broken multiple scenarios. Could perhaps systemd team invest more time to propagating their features and persuading people to start using (and wanting) new features, instead of just throwing them at people? Just my 2 cents. Regards, Petr On 4/19/22 02:57, Matthew Miller wrote: > > > On Mon, Apr 18, 2022 at 07:47:28PM -0400, Sam Varshavchik wrote: >> This looks like an appeal to authority, and not an argument on its >> own merits. >> >> But let's go back and revisit all of that, if you insist. > This is quite missing my point. I'm not interested in _arguing_ at all. The > point is: your hyperbole about "hijacking" and etc. is not appropriate. This > is an intentional, discussed, and approved change that went through the > proper processes. > > It's fine for you to discuss the technical aspects — and even the "merits", > as you said. But if that's what you want to do, do that. Several years ago, > all of the vitriol and trolling on this list got so bad we had to shut down > pretty much every systemd discussion. Let's not go back to that. > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: ssh impacted by systemd.resolved
systemd-resolved can also be just uninstalled. Provides at least very basic symlink removal. On 4/19/22 14:27, Tom Horsley wrote: > On Mon, 18 Apr 2022 23:43:36 -0400 > Sam Varshavchik wrote: > >> Help me out here: wasn't there a point of order made, way back when: hey, if >> >> you want to disable systemd-resolved, just manually replace the >> /etc/resolv.conf symlink? > You also need to systemctl disable systemd-resolved (and probably > systemctl mask systemd-resolved). That way it doesn't update anything > at all. That's how I'm currently set and everyone is happily using > the dnsmasq I have installed to serve my local lan. I think the major problem is with upgrades from previous versions of Fedora, where nothing similar were required. systemd-resolved just grabbed /etc/resolv.conf and made many other dhcp clients unable to get it back. They also don't offer simple way to disable resolved and keep DNS working. > > Systemd didn't invent replacing resolv.conf, various dhcp client > shofware have done that for years (and it was just as irritating when > they did it). systemd invented replacing /etc/resolv.conf with symlink leading to a private /run directory. No other software did that automatically AFAIK. If you disable systemd-resolved later, it would stay broken. Other clients just overwritten the contents of /etc/resolv.conf. A common trick is using chattr +i /etc/resolv.conf when you want to prevent random rewrites. When it should reconfigure system name resolution, it has to use some way. Current resolvconf from systemd-resolved package is useless without systemd-resolved enabled. I don't know about any better generic interface to configure system nameservers. -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: How to get Fedora 35 to use DNS name as hostname?
Man 5 hostname says different thing. I would guess as many things changes after long time, systemd would be responsible somehow. From what they describe your machine has to obtain hostname from DHCP lease. If it does not, it fall back to transient name "fedora". Nothing there is mentioned about reverse DNS query. I think you could fix it by systemd unit started After=network-online.target. hostname -A might be useful for obtaining hostname from address. Do not expect it to return just single name. First name might be obtained by: HOSTNAME=$(hostname -A | cut -d' ' -f1) hostnamectl set-hostname --transient $HOSTNAME Then use systemctl edit --full --force hostname-fixup.service # Use such content for example. [Service] Type=oneshot ExecStart=/usr/local/sbin/dynamic-hostname.sh [Install] WantedBy=multi.target On 1/21/22 05:16, Thomas Cameron wrote: > On 1/20/22 20:10, Thomas Cameron wrote: >> >> I made a quick video of the difference between F35 and RHEL 8.5. >> >> https://youtu.be/KuvqInOg1u8 >> >> Skip to about the 1:30 mark to see the difference between F35 and >> RHEL 8.5. I've seen the hostname assigned by reverse DNS with every >> version of RHEL since at least RHEL 4. In fact, I don't recall it >> working otherwise ever. > > I just tested to make sure. Every version of RHEL from 4 through 9 > beta has worked as I expected - the hostname is set based on the > reverse DNS for the IP address assigned to the instance, so > hostxxx.tc.camerontech.com. > > https://youtu.be/pAVNwwrHwkw > > I tested a couple of older versions of Fedora and found that older > versions like F28 work like I expect (hostxxx.tc.camerontech.com), but > 33 sets the hostname to localhost.localdomain, and 34 and 35 set the > hostname to just "fedora" with no domain or extension. > > I looked at the man page for NetworkManager.conf and it looks like > hostname-mode in the [main] section *should* do what I want: > > default: NetworkManager will update the hostname with the one > provided via DHCP or reverse DNS lookup of the IP address on the > connection with the default route or on any connection with the > property hostname.only-from-default set to 'false'. Connections are > considered in order of increasing value of the hostname.priority > property. In case multiple connections have the same priority, > connections activated earlier are considered first. If no hostname > can be determined in such way, the hostname will be updated to the > last one set outside NetworkManager or to 'localhost.localdomain'. > > But I've tried and it doesn't seem to make any difference. > > Thomas > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: How to get Fedora 35 to use DNS name as hostname?
One key difference might be enabled systemd-resolved by default in Fedora 34, but it is not in RHEL9. I think it should not be related directly. But could it? What does hostnamectl report after installation? What it thinks the hostname is? Would the behaviour change if you disable systemd-resolved and reboot? On 1/21/22 03:35, Thomas Cameron wrote: > On 1/20/22 20:30, Tim via users wrote: >> On Thu, 2022-01-20 at 19:45 -0600, Thomas Cameron wrote: >>> OK, so this is weird. I just kickstarted a F35 VM. When it booted >>> up, its hostname was host156.tc.camerontech.com, as I expected it to >>> be. >>> >>> The /etc/hostname file is blank - it just has a single empty line. >>> >>> After I rebooted that VM, its hostname is set to fedora >> >> It wouldn't be quite so bad if it set its hostname to the one it >> discovered (even though you'd rather it keep on discovering it), but >> changing a hostname is intolerable. >> >> Have you tried making the hostname file immutable? >> > > Thing is, the /etc/hostname file is blank! This is bizarre. I've just > tested with F33, F34, and F35. With F33, the hostname is set to > localhost. With F34 and F35, it's set to fedora. With RHEL 8.5, it's > set to the reverse DNS assigned hostname. With RHEL 9 beta, it's the > reverse DNS assigned hostname. > > This is weirder and weirder. > > Thomas > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: How to get Fedora 35 to use DNS name as hostname?
On 1/17/22 05:40, Tim via users wrote: > On Sun, 2022-01-16 at 15:53 -0600, Thomas Cameron wrote: >> All of a sudden with F35, no matter what the address of the VM is, >> its hostname is set to fedora. Just fedora. Not >> fedora.tc.camerontech.com. > I see your pain, that doesn't really work well when you have several > Fedora PCs, does it? (I'm Spartacus, and I'm Spartacus, too.) > > My quirky humour would have put into the install routine a "name your > computer" question. And if you didn't, it'd randomly pick a name from > a list to each computer (George, Fred, Jenny, etc) for you. > > >> I want F35 to have the same behavior as previous versions of Fedora >> and RHEL and Ubuntu and so on. I don't want to manually set >> /etc/hostname and monkey with hostnamectl because if the VM gets a >> new address, I don't want to have to go and change /etc/hostname or >> anything. >> >> I've been poking around with /etc/NetworkManager/NetworkManager.conf > > What about customising the dhcp client config? So it accepts the > hostname name supplied from your DHCP server, or derived from your > reverse DNS lookup, and passes it to whatever is setting the hostname > on Fedora these days. > > Like you, that's what I expect to happen, *unless* the user specifies > otherwise. dhcp server of libvirt is dnsmasq. It would provide hostnames when it has matching dhcp-record with IP and name (and hwaddr). With libvirt, that would be set by in network configuration xml. I think it should use also /etc/hosts of the host. But dnsmasq can assign lease just by name if hwaddr is not present in static leases. But that requires static hostname on Fedora side to be sent to the server. How does virsh net-dumpxml look like? -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: How to get Fedora 35 to use DNS name as hostname?
On 1/17/22 11:27, Tim via users wrote: > On Mon, 2022-01-17 at 08:42 +0100, Peter Boy wrote: >> The default configuration rather follows the opposite principle. The >> hostname should be well defined and independent of changing IP >> addresses. > I sort-of go along with that. If you've set a hostname, there's sense > in it not getting changed. On the other hand, if you use a DHCP server > to centrally manage the allocation of addresses, you might also want it > (or your DNS server) to control hostnames. I do. Some devices on my > network obey naming instructions from the DHCP &/or DNS servers, others > ignore it. > I think it might make more sense to correctly detect hostname during installation. If you define hostname on installation from network, it should be kept. I expect it should keep the same hostname during reboots. I think only diskless terminals may want always obtaining hostname on every boot. Anything storing state on local disk should want to keep its name. I think more tight integration with libvirt names would be useful. I admit I know little of that. I usually define name AFTER installation for my VMs, which would not work with what I propose. I would like easy way to set hostname from libvirt during installation. I don't need always fixed IP, but I want fixed DNS name for given VM. I expect that is common requirement. dnsmasq from libvirt would provide hostname to machine in case it has static lease for given DUID/hwaddr. Is there tool to create static lease from machine name on VM creation? For example libvirt can detect name of distribution from ISO image. It would be nice if it could propagate it forward. I am afraid I did not help much. Regards, Petr -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Fedora image on flash drive bootable both UEFI and Legacy
Hi! I would like to have my flash drive prepared with recent Live image. I know how to write image to an usb drive and how to boot it. However, I carry 64GB large disk on my keys and I would like to have two things: - bootable live image - data partition for common files, visible from Windows - should boot both on recent computer with UEFI preference - should boot also on older computer with legacy boot only. I understand my expectations are not very low. But because the image itself can boot on both architectures, I would hope there exist tools able to prepare such configuration. Unfortunately, gdisk can display partition tables on image only partially. It is not able to modify it and add another data partition after image ends. Which were the only required step after dd if=Fedora-Workstation-Live-x86_64-35-1.2.iso of=/dev/sdc as I naively thought. Do you know if is even theoretically possible? Are there existing tools able to create both GPT and MBR tables, just like on Fedora images? How are those images created? I would be were grateful for any tips how to archieve my goal. Cheers, Petr -- Petr Menšík, Fedora project contributor PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Wine NETBIOS (CIFS) name to IP?
Hi, would command line nmblookup work better instead? It is not wine related, just samba-client package tool. Depends on what your windows domain server is, but recent windows use normal DNS for service discovery if the server allows it. Plain old dig may discover IP just the same way. nmblookup $HOSTNAME should find any conflicting machine. Cheers, Petr On 10/15/21 03:40, ToddAndMargo via users wrote: > On 10/14/21 18:06, Tom Horsley wrote: >> On Thu, 14 Oct 2021 17:41:33 -0700 >> ToddAndMargo via users wrote: >> >>> Anyone know how to get Wine to cough up >>> (a highly technical term) the IP address >>> form a CIFS NETBIOS name? >> >> I know nothing about that, but I do know that I managed to >> switch all my windows systems (and linux file servers) to use >> WSD as the discovery protocol, and all my problems with >> windows discovery of devices and such vanished. > > I got a customer who named one of the Windows devises > the same name as the Wine server > > To find the IP in W10+ > > How to get the IP address from the CIFS NETBIOS name: > > --> or click on Windows explorer > --> click on Network (bottom, left column) > --> right column Right Click --> view --> Details > --> view (top pull down) > --> "add columns", check IP Address > > I just wanted to find a way to do it from my wine server > as well > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: nsswitch.conf again
Hi Eyal, It might be too long. But maybe you could solve it by fixing systemd-resolved or disabling it completely. systemd-resolved should contact DNS as usual, all your aliases should work there unless overriden in /etc/hosts. If you do not want to systemd-resolved to interfere, disable it by: $ (sudo) systemctl disable --now systemd-resolved $ (sudo) rm /etc/resolv.conf $ (sudo) ln -s /run/NetworkManager/resolv.conf /etc/resolv.conf It would not provide split-DNS on VPN, but should always reach dns module in /etc/nsswitch.conf in default configuration. If you want to use it and fix it instead, resolvectl output would help us guess what might be wrong with it. Cheers, Petr On 7/18/21 3:18 AM, Eyal Lebedinsky wrote: > This was brought up before, but today again it bit me. There was a > glibc update (fc34) > which provides a new nsswitch.conf with this line > hosts: files myhostname resolve [!UNAVAIL=return] dns > which caused all the aliases I had for my server to fail because my > local dns was not looked up. > > Had to again remove the '[!UNAVAIL=return]' stanza. > > Is this issue being fixed? I found this > https://bugzilla.redhat.com/show_bug.cgi?id=1717384 > which suggests nsswitch.conf will become a fedora file (not glibc) and > hopefully better, but this log > has now been open for a long time. > > Regards > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Live on USB with another data partition
Hi! I am trying to make my 64GB flash drive bootable to Fedora. It is quite easy to write iso image using dd to flash drive. However, I would like to use the unused flash drive space for normal files on VFAT partition. I would like to keep booting both over legacy MBR and UEFI on the same time. I think just adding a new partition after writing ISO image would be enough. I know livecd-iso-to-disk exists, but it forces me to choose between legacy or EFI bootable image. It does not allow both on the same drive. However partition table on Live image is created strange way. gdisk refuses to edit first partition at all. Legacy msdos partition table starts at block 0, which is unusual. Is it required for something? Is there tool able to edit GPT table of live image? $ sfdisk -l Fedora-Workstation-Live-x86_64-34-1.2.iso Disk Fedora-Workstation-Live-x86_64-34-1.2.iso: 1.87 GiB, 2007367680 bytes, 3920640 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x6b5ab614 Device Boot Start End Sectors Size Id Type Fedora-Workstation-Live-x86_64-34-1.2.iso1 * 0 3920639 3920640 1.9G 0 Empty Fedora-Workstation-Live-x86_64-34-1.2.iso2 172 20543 20372 9.9M ef EFI (FAT-12/16/32) Fedora-Workstation-Live-x86_64-34-1.2.iso3 20544 63391 42848 20.9M 0 Empty $ gdisk -l Fedora-Workstation-Live-x86_64-34-1.2.iso GPT fdisk (gdisk) version 1.0.7 Partition table scan: MBR: MBR only BSD: not present APM: not present GPT: present Found valid MBR and GPT. Which do you want to use? 1 - MBR 2 - GPT 3 - Create blank GPT Your answer: 2 Using GPT and creating fresh protective MBR. Warning! Main partition table overlaps the first partition by 64 blocks! You will need to delete this partition or resize it in another utility. Disk Fedora-Workstation-Live-x86_64-34-1.2.iso: 3920640 sectors, 1.9 GiB Sector size (logical): 512 bytes Disk identifier (GUID): EC09CB0A-A8D6-4BC3-8A3A-BA2784A6B211 Partition table holds up to 248 entries Main partition table begins at sector 2 and ends at sector 63 First usable sector is 64, last usable sector is 3920576 Partitions will be aligned on 4-sector boundaries Total free space is 1 sectors (512 bytes) Number Start (sector) End (sector) Size Code Name 2 172 20543 9.9 MiB 0700 ISOHybrid1 3 20544 63391 20.9 MiB AF00 ISOHybrid2 Note it does not even display Number 1 partition ^^. Instead it complains I need to use another utility. I haven't found utility able to do it. Can you recommend something? I consider myself power user, even non-trivial way would be acceptable. Note the warning, complaining partition starts at block 0, not block 64. Unfortunately gdisk does not let me create new partition 1 starting on block 64. Are there other tools for writing live images to flash drive, which can prepare both EFI and legacy boot image, but create editable partition table instead? Thanks, Petr -- Petr Menšík PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: F32 bind9 split dns debug
internal-lan-view" > { > match-clients { internals; }; > > allow-recursion { internals; }; > allow-recursion-on { internals; }; > > zone "linuxlighthouse.com" { >type master; >file "/var/named/internal.db"; >allow-query { internals; }; > }; > }; > > view "external-wan-view" > { > match-clients { any; }; > recursion no; > > allow-query { any; }; > allow-transfer { 108.220.213.120/29; }; > > zone "linuxlighthouse.com" { > type master; > file "/var/named/linuxlighthouse.com.db"; > }; > > zone "213.220.108.in-addr.arpa" { > type master; > file "/var/named/213.220.108.in-addr.arpa"; > }; > }; > > > > > > > > On Fri, Nov 13, 2020 at 6:10 AM Petr Menšík wrote: > >> Hi Jack, >> >> On 11/13/20 8:02 AM, Jack Craig wrote: >>> hi all, >>> any dns pros in the house?? >>> >>> i am trying to debug a split view dns. >>> i am using F32 & bind9 where i have internal & external views. >>> >>> internal network 10.0.0.0/24, external 108.220.213.120/29 >>> >>> what i think i am seeing is a refusal of query, but Why?? >>> >>> where can i find a query_log print-severity definition? >>> >>> dig shows, ... >>> >>> dig ws.linuxlighthouse.com ns >>> >>> ; <<>> DiG 9.11.23-RedHat-9.11.23-1.fc32 <<>> ws.linuxlighthouse.com ns >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45484 >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 4096 >>> ;; QUESTION SECTION: >>> ;ws.linuxlighthouse.com. IN NS >>> >>> ;; Query time: 355 msec >>> ;; SERVER: 10.0.0.1#53(10.0.0.1) >>> ;; WHEN: Thu Nov 12 22:53:45 PST 2020 >>> ;; MSG SIZE rcvd: 51 >>> >>> dig 108.220.213.121 >>> >>> ; <<>> DiG 9.11.23-RedHat-9.11.23-1.fc32 <<>> 108.220.213.121 >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46338 >>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 4096 >>> ;; QUESTION SECTION: >>> ;108.220.213.121. IN A >>> >>> ;; ANSWER SECTION: >>> 108.220.213.121. 0 IN A 108.220.213.121 >>> >>> ;; Query time: 1 msec >>> ;; SERVER: 10.0.0.1#53(10.0.0.1) >>> ;; WHEN: Thu Nov 12 22:54:52 PST 2020 >>> ;; MSG SIZE rcvd: 60 >>> >>> suggestions? >>> >>> tia, jackc... >>> >>> >>> my named.conf >>> >>> /* top of file */ >>> >>> acl slaves { >>> 108.220.213.122; >>> }; >>> >>> acl internals { >>> 10.0.0.0/24; >>> 127.0.0.0/8; >>> }; >>> >>> /* >>> 108.220.213.120/29; >>> */ >>> >>> options >>> { >>> // Put files that named is allowed to write in the data/ directory: >>> directory "/var/named"; // "Working" directory >>> dump-file "data/cache_dump.db"; >>> statistics-file "data/named_stats.txt"; >>> memstatistics-file "data/named_mem_stats.txt"; >>> secroots-file "data/named.secroots"; >>> recursing-file "data/named.recursing"; >>> >>> listen-on port 53 { localhost; }; >> Localhost usually has only 127.0.0.0/8 and ::1 addresses. Without both >> internal address and external or any; Outside IPv4 packet would never >> reach bind. >>> listen-on-v6 port 53 { any; }; >>> >>> allow-query { internals; }; >> Move this to views. allow-query includes recursive and non-recursive >> queries. Kind of firewall equivalent. Just let it inside or not. >>> allow-query-cache { any; }; >> Unless you override this in view, this would make your (internal) cache >> open to outside world. It it would act authoritative for outside and >> recursive for inside clients,
Re: systemd-resolved breakage
Sad thing is, I want Network Manager to write my resolv.conf as it did before. I just want systemd-resolved disabled and keep simple text file in /etc/resolv.conf. I haven't found automatic way to recover my system, after I do: systemctl disable --now systemd-resolved It keep broken /etc/resolv.conf, which I have to fix manually. systemctl restart NetworkManager does not help. Am I missing something? would NetworkManager.conf: dns=default Write resolv.conf again? Can I make it rewrite after disabling systemd-resolved? Why doesn't it restore /etc/resolv.conf on systemd-resolved shutdown? On 11/13/20 2:22 PM, Tom Horsley wrote: > (Relatively) simple fix: > > systemctl stop systemd-resolvd > systemctl disable systemd-resolvd > > Edit /etc/NetworkManager/NetworkManager.conf And in the [main] > section stick this: > > [main] > dns=none > > Now rm -f /etc/resolv.conf > > Now create your own /etc/resolv.conf file from scratch with > the nameserver and search directives you actually want. > > Systemd won't stick its nose in, NetworkManager won't clobber > your resolve.conf file, your network will actually function :-). > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB OpenPGP_0x4931CA5B6C9FC5CB_and_old_rev.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: F32 bind9 split dns debug
1D ; refresh >1H ; retry >1W ; expire >86400 ) ; minimum > ; > ;jack.craig.ap...@gmail.com > ; > @ IN NS ws > IN MX 10 mail > IN A 108.220.213.121 > > wsIN A 108.220.213.121 > www IN A 108.220.213.121 > mail IN A 108.220.213.121 > > ; cname later > ;ws2 IN A 68.94.157.1 > ;dns157r8.sbcglobal.net. IN A 68.94.157.8 > > ; > ; DNSSEC/CAA setup > ; example.org. CAA 128 issue "letsencrypt.org" > > ; linuxlighthouse.com. CAA 128 issue "letsencrypt.org" > > > ; > $include "/var/named/linuxlighthouse.com.db" > > @ IN A 10.0.0.1 > wsIN A 10.0.0.101 > www IN A 10.0.0.101 > ws2 IN A 10.0.0.102 > > [jackc@ws ~$ > > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB OpenPGP_0x4931CA5B6C9FC5CB_and_old_rev.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: BIND 9.16
Hi Jerry, I am actually bind maintainer. I would recommend using fedpkg command instead. It does more or less the same as mock here, but is a bit simpler to use. Just use: fedpkg clone bind cd bind git checkout f32 fedpkg mock-build Adding to mock group is still required however. It would build your own version, from the sources provided. They can be found on https://src.fedoraproject.org. fedpkg mock-build is a frontend to mock, which would build it from clean chroot for given release. Manual mock commands are still possible. fedpkg local is quite useful, if you want just quick rebuild on your machine. And if you would be interested, v9_16 branch can be cloned from my bind fork[1]. That are sources my packages were built from. Forks from other packages could be found on Fedora package sources. But their use is at your own risk. Regards, Petr 1. https://src.fedoraproject.org/fork/pemensik/rpms/bind On 4/29/20 1:22 AM, Jerry James wrote: > Samuel's answers were excellent. I just want to add one thing. > > On Tue, Apr 28, 2020 at 4:11 PM Samuel Sieb wrote: >> That is a huge topic. I don't know where to start with that. I use >> "rpmbuild" for my purposes, but I've seen it mentioned that "mock" is >> the recommended way to build. Actual packages for Fedora get built in >> koji. https://koji.fedoraproject.org/koji/ There are a set of command >> line utilities for managing packages and running builds. > > For those interested, here's how to try mock yourself. Install mock: > > sudo dnf install mock > > Add yourself to the mock group: > > sudo usermod -a -G mock > > Go find a package you care about on koji. Since this thread is about > bind, let's look it up. Visit https://koji.fedoraproject.org/koji/. > In the upper right, there is a dropdown which is set to "Packages" > (leave that alone), a text box, and a button that says "SEARCH". Type > bind in the text box and press return or click the SEARCH button. You > now see a list of the bind builds that koji knows about. Click on the > top one. This gives you a bunch of information about that build. > Look down the left side until you find "RPMs". That is a list of rpm > files associated with this build. Find the "src" label. Just below > that should be a line that looks like this: > > bind-9.11.18-2.fc33.src.rpm (info) (download) > > Click on the download link. You now have a source rpm in your > Downloads directory. Let's pretend you have > ~/Downloads/bind-9.11.18-2.fc33.src.rpm. Build it yourself like this > (assuming you have x86_64 hardware, which seems like a pretty safe > assumption): > > mock -r fedora-rawhide-x86_64 --rebuild > ~/Downloads/bind-9.11.18-2.fc33.src.rpm > > If you want to build for Fedora 32 instead, do it like this: > > mock -r fedora-32-x86_64 --rebuild ~/Downloads/bind-9.11.18-2.fc33.src.rpm > > Look in /etc/mock to see all of the distributions you can build for. > If you have x86_64 hardware, you can build for the x86_64 and i386 > targets. If you want to build for other types of hardware, ask me how > to do it. > > After initiating the mock build, look in > /var/lib/mock/fedora-rawhide-x86_64 (or > /var/lib/mock/fedora-32-x86_64) to see where the build happened. > Build logs and binary artifacts go in the "result" directory. The > build itself happens in a chroot, which is in the "root" directory. > Look in "root/builddir/build" to find all of the usual directories > created by rpmbuild. > > I think all of that counts as "one thing", don't you? :-) Regards, > -- Petr Menšík Software Engineer Red Hat, http://www.redhat.com/ email: pemen...@redhat.com PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
BIND test builds
Hello Fedora users, I have prepared BIND 9.16 builds on COPR [1]. It can be used to install more recent version of bind onto supported Fedora, or CentOS 8. It is technology preview, some derived version should land in Fedora Rawhide and Fedora 33. I would like to ask opinions on that builds. And receive some testing, before it would replace current 9.11 Extended Support Version. I would not recommend it for production use yet, but would like to have some testing on it. If you would like to give it a try, please report possible issues here or directly to me. It is not official build and its issues do not belong to Red Hat Bugzilla. I have made also development version 9.17 builds[2] for even more brave users. Consider it very experimental and with low maintenance priority. But it seems it works. Enable that repository by instructions, then use just: dnf install bind Any test reports would be welcome. Regards, Petr 1. https://copr.fedorainfracloud.org/coprs/pemensik/bind-9.16/ 2. https://copr.fedorainfracloud.org/coprs/pemensik/bind-9.17/ -- Petr Menšík PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB signature.asc Description: OpenPGP digital signature ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Named GeoIP just got large
> On Wed, 2019-11-06 at 18:46 +0000, Petr Menšík wrote: > > What is "it"? Kindly follow long-standing convention and quote the part > of a message you are responding to. HyperKitty does NOT do this > automatically. > > poc Oh, right, thanks. Overlooked quote button on HyperKitty. This is I was referring to. > Hi All, > > # ls -al /var/named/chroot/usr/share/GeoIP/GeoLite2-City.mmdb > -rw-r--r--. 1 root root 62899374 Oct 8 12:07 > /var/named/chroot/usr/share/GeoIP/GeoLite2-City.mmdb > > Just got ~20 times larger. Can I delete it and start over? > > Many thanks, > -T Following commands would print the same Inode, meaning they are the same files. No space is saved by deleting the first one. Files in /var/named/chroot should disappear as soon named-chroot.service is stopped. Try du -sh /var/named/chroot when running and when stopped. Should be almost zero when turned off, most of files are just borrowed from the system. stat /var/named/chroot/usr/share/GeoIP/GeoLite2-City.mmdb stat /usr/share/GeoIP/GeoLite2-City.mmdb ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Re: Named GeoIP just got large
Hi Todd, It should not be deleted. It is packaged contents of usr/share/GeoIP/, just bind mounted into /var/named/chroot when named-chroot.service is running. As soon as it stops, it is unmounted. mount --bind means it does not use more space. It can be a bit confusing, but those files are still only once saved on disk. But the same files are visible in /usr/share/GeoIP and /var/named/chroot/usr/share/GeoIP. It can be verified by commands: stat /usr/share/GeoIP/ stat /var/named/chroot/usr/share/GeoIP/ It has the same values, including Inode. That means it is the same directory, just in another location. If you do not need it, you can comment out /usr/share/GeoIP in /etc/named-chroot.files But it would not free any space, because it did not took any. It would just presenting that directory in chroot. Regards, Petr, bind maintainer ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org