On 2022-01-04 19:33:14 +0100, Andrej Shadura wrote: > On Tue, 4 Jan 2022, at 19:26, Vincent Lefevre wrote: > > With resolvconf disabled, I get > > > > nameserver 127.0.0.1 > > nameserver 10.9.0.4 > > > > where 127.0.0.1 is added by dhclient thanks to > > > > prepend domain-name-servers 127.0.0.1; > > Why do you have this? This basically overrides the DHCP server by > directing queries to your localhost DNS.
One reason is that because ISPs may block websites via DNS (for good or bad reasons). For instance: https://www.soundofscience.fr/1723 (article in French). So I prefer to bypass the DNS servers of the ISP if this works, and use them only in case of failure (the issue with SNCF wifi, probably because it filters UDP[*], is an example). [*] BTW, there's also a Parisian university that filters UDP for its wifi hotspot (which prevents mosh and NTP from working), so SNCF may not be the only case when there would be issues with resolvconf. > > /run/resolvconf/interface/lo.unbound contains: > > > > nameserver 127.0.0.1 > > This is correct: when you run a DNS server at localhost, you don’t > usually want queries to slip to the network. No, this is not. I have specifically configured my DHCP client to use the provided DNS servers as a fallback. If I did not want that, I would have removed "domain-name-servers" from its configuration. Said otherwise, resolvconf should honor the configuration of the DHCP client. > > I have not modified the resolvconf settings: I expect that it should > > work by default. > > I would think this might be a bug in unbound, but since you report > that the DHCP-provided DNS works when both nameserver lines are in, > I think you probably don’t have unbound running, and you likely have > not purged its configuration when you removed it. See above for the reason I use unbound. And I don't think that unbound can do anything, as it doesn't know the concept of servers provided by DHCP. > Localhost should not be the first entry in your resolv.conf if you > want to be able to use other DNS servers. ISPs are likely to redirect blocked domains/hosts to a different host (e.g. so that the user can get the reason of the blocking). So this would not work. Anyway, if I wanted to use localhost as a fallback, I would not have used "prepend", but "append" in dhclient.conf. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
