Re: Don't update to the latest f33!

2021-02-22 Thread David Both 


No problem - I need to know this. Thanks!




--


*
David P. Both, RHCE
He/Him/His
*
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
The value of any software lies in its usefulness
not in its price.

— Linus Torvalds
*

On Mon, 22 Feb 2021, Michael Catanzaro wrote:


Date: Mon, 22 Feb 2021 18:02:08
From: Michael Catanzaro 
Reply-To: Development discussions related to Fedora

To: David Both 
Cc: Development discussions related to Fedora ,
Steve Dickson 
Subject: Re: Don't update to the latest f33!



On Mon, Feb 22, 2021 at 5:43 pm, David Both  wrote:

 I will check because I thought I had TLS up and working. Apparently not.
 How did you discover this? I will fix it as soon as possible.



All of my mails to you are bouncing. Notice you don't have any direct mails 
from me in your inbox. You're reading this via my reply to 
devel@lists.fedoraproject.org, right?


: TLS is required, but was not offered by host
   mail.both.org[45.20.209.41]

Normally I would send mail that doesn't need to be read by the entire list in 
a private reply, but... well, see above.


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure



___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-22 Thread Michael Catanzaro 



On Mon, Feb 22, 2021 at 5:43 pm, David Both  
wrote:
I will check because I thought I had TLS up and working. Apparently 
not. How did you discover this? I will fix it as soon as possible.




All of my mails to you are bouncing. Notice you don't have any direct 
mails from me in your inbox. You're reading this via my reply to 
devel@lists.fedoraproject.org, right?


: TLS is required, but was not offered by host
   mail.both.org[45.20.209.41]

Normally I would send mail that doesn't need to be read by the entire 
list in a private reply, but... well, see above.


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-22 Thread David Both 
I will check because I thought I had TLS up and working. Apparently not. How 
did you discover this? I will fix it as soon as possible.



I need to get one of my hosts to fail. When I do that I will send the results 
from that as well. These two examples have the correct data from my DHCP server.



From a working VM. Note that this originally had no ifcfg file and now has one 
that specifies DHCP (as opposed to "none") but no DNS entries. 192.168.0.52 is 
my internal name server. This VM uses a single bridged NIC and gets its network 
configuration from 192.168.0.52 rather than the VirtualBox virtual DHCP server.


Note that /run/NetworkManager also contains a resolv.conf file. Some of my 
systems are pointed to that. I know that I need to get everything consistent no 
matter what else I do. ;-)



[root@testvm1 ~]# resolvectl
Global
   Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp0s3)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.52
   DNS Servers: 192.168.0.52 8.8.8.8 8.8.4.4
DNS Domain: both.org ~.
[root@testvm1 ~]#


From a laptop that has always worked with systemd-resolved

[root@sm-voyager etc]# ll /run/systemd/resolve
total 8
drwx-- 2 systemd-resolve systemd-resolve  60 Feb 19 21:26 netif
-rw-r--r-- 1 systemd-resolve systemd-resolve 655 Feb 19 21:26 resolv.conf
-rw-r--r-- 1 systemd-resolve systemd-resolve 745 Feb 19 21:26 stub-resolv.conf
[root@sm-voyager etc]# resolvectl
Global
   Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp41s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.0.52
   DNS Servers: 192.168.0.52 8.8.8.8 8.8.4.4
DNS Domain: both.org

Link 3 (wlp0s20f3)
Current Scopes: none
 Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
[root@sm-voyager etc]#


Thanks!



--


*
David P. Both, RHCE
He/Him/His
*
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
The value of any software lies in its usefulness
not in its price.

— Linus Torvalds
*

On Mon, 22 Feb 2021, Michael Catanzaro wrote:


Date: Mon, 22 Feb 2021 15:47:22
From: Michael Catanzaro 
Reply-To: Development discussions related to Fedora

To: David Both 
Cc: Development discussions related to Fedora ,
Steve Dickson 
Subject: Re: Don't update to the latest f33!

On Mon, Feb 22, 2021 at 1:45 pm, David Both  wrote:

 Do you have any suggestions?


Run 'resolvectl' and post the output so we can see what your configuration 
is. I hinted at this in my previous mail but it seems I didn't explicitly ask 
you to post what it outputs. Please post it so we can see what has happened.


(Also: upgrade your mail server to support TLS!)

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure




___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-22 Thread Michael Catanzaro 
On Mon, Feb 22, 2021 at 1:45 pm, David Both  
wrote:

Do you have any suggestions?


Run 'resolvectl' and post the output so we can see what your 
configuration is. I hinted at this in my previous mail but it seems I 
didn't explicitly ask you to post what it outputs. Please post it so we 
can see what has happened.


(Also: upgrade your mail server to support TLS!)

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-22 Thread David Both 


So here is my plan.

Over the next few days I plan to use one or more VMs to test various 
configurations using systemd-resolved to see which ones work and which do not. 
Then we should be

able to track down why.

Do you have any suggestions?

Thanks.



--


*
David P. Both, RHCE
He/Him/His
*
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
The value of any software lies in its usefulness
not in its price.

— Linus Torvalds
*

On Thu, 18 Feb 2021, Michael Catanzaro wrote:


Date: Thu, 18 Feb 2021 10:46:53
From: Michael Catanzaro 
Reply-To: Development discussions related to Fedora

To: David Both 
Cc: Development discussions related to Fedora ,
Steve Dickson 
Subject: Re: Don't update to the latest f33!

On Thu, Feb 18, 2021 at 10:39 am, David Both  wrote:


 Ok, so I manage my network using DHCP on an internal server for all except
 that server and my Linux firewall/router which both use a complete static
 configuration for networking.

 My DHCP server does provide DNS resolver information which, in order, is
 my internal BIND server (same physical server host), 8.8.8.8, and 8.8.4.4.
 But my hosts were not getting that information. I think the difference
 between the working and failing hosts is possibly (experiments required)
 left-over ifcfg files some of which specified DHCP but also name servers
 while others specified DHCP but did not specify name servers, as well as
 some newer hosts that do not have any ifcfg files. I have also noticed
 that ifcfg files are no longer created automatically but work when
 created. I missed that information also.


OK, so DHCP is not working somehow. Are you running NetworkManager? That is 
my #1 guess right now, because without NetworkManager, you have no easy way 
to get DNS configuration from DHCP to systemd-resolved. systemd-resolved 
doesn't configure itself: that's the responsibility of a higher-level 
management layer, usually NetworkManager, or alternatively systemd-networkd. 
You can configure it manually with your own scripts if you're really 
hardcore. But if you have disabled NetworkManager, then my recommendation 
would be to disable systemd-resolved as well. If you *are* running 
NetworkManager, then unfortunately we're probably going to need to debug 
NetworkManager to figure out why the configuration from DHCP is getting 
dropped. I don't know how to help with that, but that also seems unlikely 
because nobody has reported bugs related to that as far as I know.


If you are running NetworkManager, here are some more general troubleshooting 
steps that I had typed up to send before reading the above:


The most important thing to do is to check the output of 'resolvectl' and 
look for anything suspicious. Ideally the DNS server you want things going to 
will be listed under each desired network interface with +DefaultRoute set. 
Hopefully something will be obviously wrong there, but if not, you can post 
the output of 'resolvectl' here for us to take a look.


To ensure systemd-resolved's configuration doesn't get bypassed, you'll also 
want to ensure you're running Fedora's new default configuration, which you 
should be, since users should be automatically upgraded. But just in case, 
it's good to check:


* Ensure NetworkManager is running ('systemctl status 
NetworkManager.service'). If not, you're on your own and should consider 
disabling systemd-resolved since it's not worth trying to use manually.
* Ensure systemd-resolved is running: 'systemctl status 
systemd-resolved.service'
* Ensure /etc/resolv.conf is symlinked to 
/run/systemd/resolve/stub-resolv.conf (this ensures anything reading it 
manually gets pointed to systemd-resolved's IP address, 127.0.0.53)
* Ensure the hosts line in /etc/nsswitch.conf looks like this: files 
mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] myhostname dns


(Remember to never edit /etc/nsswitch.conf manually, instead edit 
/etc/authselect/user-nsswitch.conf and then run 'sudo authselect 
apply-changes'.)


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure



___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Don't update to the latest f33! (fwd)

2021-02-18 Thread David Both 



Thanks for this information. See in-line.

--


*
David P. Both, RHCE
He/Him/His
*
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
The value of any software lies in its usefulness
not in its price.

— Linus Torvalds
*

On Thu, 18 Feb 2021, Michael Catanzaro wrote:


 Date: Thu, 18 Feb 2021 10:46:53
 From: Michael Catanzaro 
 Reply-To: Development discussions related to Fedora
 
 To: David Both 
 Cc: Development discussions related to Fedora
 ,
 Steve Dickson 
 Subject: Re: Don't update to the latest f33!

 On Thu, Feb 18, 2021 at 10:39 am, David Both  wrote:


  Ok, so I manage my network using DHCP on an internal server for all except
  that server and my Linux firewall/router which both use a complete static
  configuration for networking.

  My DHCP server does provide DNS resolver information which, in order, is
  my internal BIND server (same physical server host), 8.8.8.8, and 8.8.4.4.
  But my hosts were not getting that information. I think the difference
  between the working and failing hosts is possibly (experiments required)
  left-over ifcfg files some of which specified DHCP but also name servers
  while others specified DHCP but did not specify name servers, as well as
  some newer hosts that do not have any ifcfg files. I have also noticed
  that ifcfg files are no longer created automatically but work when
  created. I missed that information also.


 OK, so DHCP is not working somehow. Are you running NetworkManager? That is
 my #1 guess right now, because without NetworkManager, you have no easy way
 to get DNS configuration from DHCP to systemd-resolved. systemd-resolved
 doesn't configure itself: that's the responsibility of a higher-level
 management layer, usually NetworkManager, or alternatively systemd-networkd.
 You can configure it manually with your own scripts if you're really
 hardcore. But if you have disabled NetworkManager, then my recommendation
 would be to disable systemd-resolved as well. If you *are* running
 NetworkManager, then unfortunately we're probably going to need to debug
 NetworkManager to figure out why the configuration from DHCP is getting
 dropped. I don't know how to help with that, but that also seems unlikely
 because nobody has reported bugs related to that as far as I know.

 If you are running NetworkManager, here are some more general
 troubleshooting steps that I had typed up to send before reading the above:


I am running NetworkManager. I had disabled and stopped systemd-resolved on GP 
after other hosts failed. After starting systemd-resolved everything looks to 
be configured correctly:


[root@david ~]# resolvectl
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
 resolv.conf mode: foreign
 DNS Servers: 192.168.0.52
Fallback DNS Servers: 1.1.1.1 8.8.8.8 1.0.0.1 8.8.4.4 2606:4700:4700:: 
2001:4860:4860:: 2606:4700:4700::1001 2001:4860:4860::8844

   DNS Domain: both.org

Link 2 (enp0s31f6)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
  Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 192.168.0.52 8.8.8.8 8.8.4.4
 DNS Domain: both.org ~.

Link 3 (vboxnet0)
Current Scopes: none
  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

But everything is working and has been on my primary workstation - which is why 
I did not see this until I upgraded to F33 on other hosts. This host has no 
ifcfg file.


I really need to experiment with this a bit. I will get back to you with my 
results.




 The most important thing to do is to check the output of 'resolvectl' and
 look for anything suspicious. Ideally the DNS server you want things going
 to will be listed under each desired network interface with +DefaultRoute
 set. Hopefully something will be obviously wrong there, but if not, you can
 post the output of 'resolvectl' here for us to take a look.

 To ensure systemd-resolved's configuration doesn't get bypassed, you'll also
 want to ensure you're running Fedora's new default configuration, which you
 should be, since users should be automatically upgraded. But just in case,
 it's good to check:

 * Ensure NetworkManager is running ('systemctl status
 NetworkManager.service'). If not, you're on your own and should consider
 disabling systemd-resolved since it's not worth trying to use manually.
 * Ensure systemd-resolved is running: 'systemctl status
 systemd-resolved.service'
 * Ensure /etc/resolv.conf is symlinked to
 /run/systemd/resolve/stub-resolv.conf (this ensures anything reading it
 manually gets pointed to systemd-resolved's IP address, 127.0.0.53)
 * Ensure the hosts line in /etc

Re: Don't update to the latest f33!

2021-02-18 Thread Michael Catanzaro 
On Thu, Feb 18, 2021 at 10:39 am, David Both  
wrote:


Ok, so I manage my network using DHCP on an internal server for all 
except that server and my Linux firewall/router which both use a 
complete static configuration for networking.


My DHCP server does provide DNS resolver information which, in order, 
is my internal BIND server (same physical server host), 8.8.8.8, and 
8.8.4.4. But my hosts were not getting that information. I think the 
difference between the working and failing hosts is possibly 
(experiments required) left-over ifcfg files some of which specified 
DHCP but also name servers while others specified DHCP but did not 
specify name servers, as well as some newer hosts that do not have 
any ifcfg files. I have also noticed that ifcfg files are no longer 
created automatically but work when created. I missed that 
information also.


OK, so DHCP is not working somehow. Are you running NetworkManager? 
That is my #1 guess right now, because without NetworkManager, you have 
no easy way to get DNS configuration from DHCP to systemd-resolved. 
systemd-resolved doesn't configure itself: that's the responsibility of 
a higher-level management layer, usually NetworkManager, or 
alternatively systemd-networkd. You can configure it manually with your 
own scripts if you're really hardcore. But if you have disabled 
NetworkManager, then my recommendation would be to disable 
systemd-resolved as well. If you *are* running NetworkManager, then 
unfortunately we're probably going to need to debug NetworkManager to 
figure out why the configuration from DHCP is getting dropped. I don't 
know how to help with that, but that also seems unlikely because nobody 
has reported bugs related to that as far as I know.


If you are running NetworkManager, here are some more general 
troubleshooting steps that I had typed up to send before reading the 
above:


The most important thing to do is to check the output of 'resolvectl' 
and look for anything suspicious. Ideally the DNS server you want 
things going to will be listed under each desired network interface 
with +DefaultRoute set. Hopefully something will be obviously wrong 
there, but if not, you can post the output of 'resolvectl' here for us 
to take a look.


To ensure systemd-resolved's configuration doesn't get bypassed, you'll 
also want to ensure you're running Fedora's new default configuration, 
which you should be, since users should be automatically upgraded. But 
just in case, it's good to check:


* Ensure NetworkManager is running ('systemctl status 
NetworkManager.service'). If not, you're on your own and should 
consider disabling systemd-resolved since it's not worth trying to use 
manually.
* Ensure systemd-resolved is running: 'systemctl status 
systemd-resolved.service'
* Ensure /etc/resolv.conf is symlinked to 
/run/systemd/resolve/stub-resolv.conf (this ensures anything reading it 
manually gets pointed to systemd-resolved's IP address, 127.0.0.53)
* Ensure the hosts line in /etc/nsswitch.conf looks like this: files 
mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] myhostname dns


(Remember to never edit /etc/nsswitch.conf manually, instead edit 
/etc/authselect/user-nsswitch.conf and then run 'sudo authselect 
apply-changes'.)


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-18 Thread David Both 

;-)

Response to earlier email:

Thanks for the informative response Michael.

I plan to read the content at those links in some depth. What I see so far does 
describe how name resolution now works and hints at why this is being done. Even
had I read that it would not have prepared me for the possibility that the 
resolver would fail so completely in my relatively simple environment. Nor does 
it
suggest how to return to a working resolver, either by returning to either nss 
option or correcting the systemd-resolved configuration -- and I still do not

know how to approach that. I will continue to read.

I guess that there are more places to get the information than I have previously 
been aware, but that still doesn't mean that most users will find it or
understand it. I read stuff like this all the time but totally missed that. I 
can't imagine how most regular users and busy-to-their-eyeballs sysadmins will 
run

across this and then know how to connect the dots between change and symptom.

It took me a good bit of experimenting to figure out that /etc/resolv.conf is 
now just a link and the specific link used defines how name resolution actually
works. My usual procedure with resolver problems is to cat /etc/resolv.conf but 
that does not tell me it is a link. I only realized that a major change had been
made by doing a long listing while looking for old or conflicting files. Then I 
was on track to figure it out.


I think your statement about name resolution being bad would only be true if I
were part of one of the edge cases for which the old way failed. This is from a 
user standpoint where "all is good until it fails" rather than a developer
standpoint where "it suck behind the scenes so it needs fixed even if it breaks 
things for a while."


I do like most of what systemd does. I do think that perhaps better testing of 
possible failure modes and circumstances as well as communication of possible 
problems, their symptoms, known fixes, and circumventions would help. And it 
needs to be obvious to anyone looking for that information.






Response to this email:

Ok, so I manage my network using DHCP on an internal server for all except that 
server and my Linux firewall/router which both use a complete static 
configuration for networking.


My DHCP server does provide DNS resolver information which, in order, is my 
internal BIND server (same physical server host), 8.8.8.8, and 8.8.4.4. But my 
hosts were not getting that information. I think the difference between the 
working and failing hosts is possibly (experiments required) left-over ifcfg 
files some of which specified DHCP but also name servers while others specified 
DHCP but did not specify name servers, as well as some newer hosts that do not 
have any ifcfg files. I have also noticed that ifcfg files are no longer created 
automatically but work when created. I missed that information also.




I am willing to help with this.

Thanks!



--


*
David P. Both, RHCE
He/Him/His
*
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
The value of any software lies in its usefulness
not in its price.

— Linus Torvalds
*

On Thu, 18 Feb 2021, Michael Catanzaro wrote:


Date: Thu, 18 Feb 2021 09:34:52
From: Michael Catanzaro 
Reply-To: Development discussions related to Fedora

To: David Both ,
Development discussions related to Fedora 
Cc: Steve Dickson 
Subject: Re: Don't update to the latest f33!

On Thu, Feb 18, 2021 at 8:30 am, Michael Catanzaro  
wrote:

 We don't set DNS there intentionally because it eliminates any benefit of
 using split DNS. Your static global DNS= configuration in resolved.conf is
 used for *every* request, *in addition* to per-link DNS configuration. So
 if you have per-link DNS configuration from DHCP -- which almost everybody
 will except in cloud environments like this -- then you would wind up with
 two parallel DNS queries going out for every lookup, where whichever
 finishes first wins. That's not a good default.


Well I should clarify: it *is* a good default for cloud or server 
environments where it is guaranteed that DHCP will not provide any DNS 
configuration and you just need a simple, static DNS config. So if the cloud 
provider inserted its DNS config here, that was probably the right thing to 
do. It just needs to not use commas. :P


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guid

Re: Don't update to the latest f33!

2021-02-18 Thread Tomasz Torcz 
Dnia Thu, Feb 18, 2021 at 02:37:54PM +, Sven Kieske napisał(a):
> On Do, 2021-02-18 at 08:30 -0600, Michael Catanzaro wrote:
> > Fedora will never configure static DNS servers for you in 
> > 
> > resolved.conf. That config file was manually edited with improper 
> > 
> > syntax to wind up in this broken state. My guess is that it was edited 
> > 
> > by the VPS provider, but who knows.
> 
> still, as a user and sysadmin I would expect
> any service to loudly complain (at least in a logfile)
> about syntax errors in it's configfile, no matter how
> the wrong config got there in the end, if by cfgmgmt, hand edited
> or other system tools.
> 
> but there is no such warning, or did I miss this information?

It complains for me:

% rg ^DNS= /etc/systemd/resolved.conf 
19:DNS=1.1.1.1,1.0.0.1

systemd-resolved[23515]: Failed to add DNS server address '1.1.1.1,1.0.0.1', 
ignoring: Invalid argument

This is with systemd-246.10-1.fc33.x86_64

-- 
Tomasz Torcz“Funeral in the morning, IDE hacking
to...@pipebreaker.pl in the afternoon and evening.” - Alan Cox
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-18 Thread Sven Kieske 
On Do, 2021-02-18 at 08:30 -0600, Michael Catanzaro wrote:
> Fedora will never configure static DNS servers for you in 
> 
> resolved.conf. That config file was manually edited with improper 
> 
> syntax to wind up in this broken state. My guess is that it was edited 
> 
> by the VPS provider, but who knows.

still, as a user and sysadmin I would expect
any service to loudly complain (at least in a logfile)
about syntax errors in it's configfile, no matter how
the wrong config got there in the end, if by cfgmgmt, hand edited
or other system tools.

but there is no such warning, or did I miss this information?

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske
Systementwickler
 
 
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 4-6
32339 Espelkamp
 
Tel.: 05772 / 293-900
Fax: 05772 / 293-333
 
https://www.mittwald.de
 
Geschäftsführer: Robert Meyer, Florian Jürgens
 
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen

Informationen zur Datenverarbeitung im Rahmen unserer Geschäftstätigkeit 
gemäß Art. 13-14 DSGVO sind unter www.mittwald.de/ds abrufbar.



signature.asc
Description: This is a digitally signed message part
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-18 Thread Michael Catanzaro 
On Thu, Feb 18, 2021 at 8:30 am, Michael Catanzaro 
 wrote:
We don't set DNS there intentionally because it eliminates any 
benefit of using split DNS. Your static global DNS= configuration in 
resolved.conf is used for *every* request, *in addition* to per-link 
DNS configuration. So if you have per-link DNS configuration from 
DHCP -- which almost everybody will except in cloud environments like 
this -- then you would wind up with two parallel DNS queries going 
out for every lookup, where whichever finishes first wins. That's not 
a good default.


Well I should clarify: it *is* a good default for cloud or server 
environments where it is guaranteed that DHCP will not provide any DNS 
configuration and you just need a simple, static DNS config. So if the 
cloud provider inserted its DNS config here, that was probably the 
right thing to do. It just needs to not use commas. :P


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-18 Thread Michael Catanzaro 
Fedora will never configure static DNS servers for you in 
resolved.conf. That config file was manually edited with improper 
syntax to wind up in this broken state. My guess is that it was edited 
by the VPS provider, but who knows.


We don't set DNS there intentionally because it eliminates any benefit 
of using split DNS. Your static global DNS= configuration in 
resolved.conf is used for *every* request, *in addition* to per-link 
DNS configuration. So if you have per-link DNS configuration from DHCP 
-- which almost everybody will except in cloud environments like this 
-- then you would wind up with two parallel DNS queries going out for 
every lookup, where whichever finishes first wins. That's not a good 
default.


On Thu, Feb 18, 2021 at 6:52 am, David Both  
wrote:
I do not believe that this is just about lack of fallback and the 
silent fail.
Although that is probably true, it is also about the "silent" change 
from nss to

systemd-resolved and THEN the silent change to zero default fallback.

There was a series of silent changes that brought this failure to 
light.


There are different opinions on the fallback. The opinion that won in 
the end was removing the fallback to expose problems rather than hide 
them. I think that's an OK end result, but I agree it's unfortunate 
that happened in a post-release update such that installing updates can 
break a "working" (sort of) configuration. There's not really anything 
to be done about it now.


Everything still goes through nss, and you can switch from nss-resolve 
back to nss-dns if you want to (but it will be worse).


Not only do I not see the need for a change to a new name service 
client, the
lack of information about the changeover to users outside this list 
is a
terrible example for its lack of communication. Although I try to 
read the
release notes I sometimes seem to miss things or fail to read them 
altogether.


In addition to the release notes:

https://fedoraproject.org/wiki/Changes/systemd-resolved#Release_Notes

And the discussion of upgrade/compatibility impact on the change page:

https://fedoraproject.org/wiki/Changes/systemd-resolved#Upgrade.2Fcompatibility_impact

We also have two blog posts:

https://fedoramagazine.org/systemd-resolved-introduction-to-split-dns/

https://blogs.gnome.org/mcatanzaro/2020/12/17/understanding-systemd-resolved-split-dns-and-vpn-configuration/

In particular, my blog post attempts to explain how terrible our DNS 
resolution was without systemd-resolved. It was bad. Fedora users 
deserve a decent DNS resolver.


Exception: I suspect we might have a real problem for cloud servers 
without DHCP, which I reported in 
https://pagure.io/fedora-server/issue/10.



My remaining question is, where can I find a complete description of
systemd-resolved and what its design goals are?


systemd-resolved(8)

There is also this upstream documentation on how systemd-resolved 
handles VPNs:


https://github.com/systemd/systemd/blob/main/docs/RESOLVED-VPNS.md

That's specific to VPN configuration and intended for people writing 
third-party VPN software, but it shows pretty clearly exactly how 
systemd-resolved decides where to send your DNS, so if you are really 
trying to understand it's good to read.


Michael

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-18 Thread David Both 


I do not believe that this is just about lack of fallback and the silent fail. 
Although that is probably true, it is also about the "silent" change from nss to 
systemd-resolved and THEN the silent change to zero default fallback.


There was a series of silent changes that brought this failure to light.

Not only do I not see the need for a change to a new name service client, the 
lack of information about the changeover to users outside this list is a 
terrible example for its lack of communication. Although I try to read the 
release notes I sometimes seem to miss things or fail to read them altogether.


I am not sure I know how that bit can be fixed but I think it is an organic part 
of this failure. Perhaps such deep and basic changes should be mentioned in the 
release announcements along with a BOLO for related failures.


Do not misunderstand me. I really like systemd overall. Perhaps you have seen my 
series of articles about various systemd tools at Opensource.com. But this bit 
does seem a little extreme. I think I have an idea for a new article. "The 
layers of Linux." ;-)


Anyway, my personal approach to this is a return to nss by disabling 
systemd-resolved until the problem is well and truly fixed. And my name 
resolution is now working exactly as it should.


My remaining question is, where can I find a complete description of 
systemd-resolved and what its design goals are?


Thanks!


--


*
David P. Both, RHCE
He/Him/His
*
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
The value of any software lies in its usefulness
not in its price.

— Linus Torvalds
*

On Thu, 18 Feb 2021, Ed Greshko wrote:


Date: Wed, 17 Feb 2021 21:11:12
From: Ed Greshko 
Reply-To: Development discussions related to Fedora

To: Steve Dickson ,
Development discussions related to Fedora 
Subject: Re: Don't update to the latest f33!

On 18/02/2021 09:18, Steve Dickson wrote:


 On 2/17/21 6:55 PM, Ed Greshko wrote:

 On 18/02/2021 05:11, Steve Dickson wrote:

 I agree... ignoring syntax error or parsing error just does not seem
 like the appropriate thing to do... Error out! Tell me what is broken
 so I can fix it!!

 Replace the "," with a " " in the DNS= entry of
 /etc/systemd/resolved.conf file.

 And if you didn't format it that way, find out who did.

 That is the question!!! I upgraded and DNS broke!

 I didn't even know there was a /etc/systemd/resolved.conf
 file until this unfortunate experience...


I know this won't make you feel any better.  But the problem you've seen has 
probably always existed

on your system but was "hidden" from view.

Previously the default for FallbackDNS as shown in /etc/systemd/resolved.conf 
was


#FallbackDNS=1.1.1.1 8.8.8.8 1.0.0.1 8.8.4.4 2606:4700:4700:: 
2001:4860:4860::

 2606:4700:4700::1001 2001:4860:4860::884

But many folks complained that they didn't want a Fallback defined pointing 
to Google or

other "services".  So, it was removed and is now

#FallbackDNS=

Meaning none are defined.

So, previously, if your DNS= entry was incorrect you'd be protected by the 
existence of the Fallback being

defined.  Now, they are not.

So, whoever supplied the badly formatted /etc/systemd/resolved.conf file is 
the "real" culprit.


If I recall, you're using a VM supplied by a vendor?  If so, have you 
notified them?




___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-17 Thread Ed Greshko 

On 18/02/2021 09:18, Steve Dickson wrote:


On 2/17/21 6:55 PM, Ed Greshko wrote:

On 18/02/2021 05:11, Steve Dickson wrote:

I agree... ignoring syntax error or parsing error just does not seem
like the appropriate thing to do... Error out! Tell me what is broken
so I can fix it!!

Replace the "," with a " " in the DNS= entry of /etc/systemd/resolved.conf file.

And if you didn't format it that way, find out who did.

That is the question!!! I upgraded and DNS broke!

I didn't even know there was a /etc/systemd/resolved.conf
file until this unfortunate experience...


I know this won't make you feel any better.  But the problem you've seen has 
probably always existed
on your system but was "hidden" from view.

Previously the default for FallbackDNS as shown in /etc/systemd/resolved.conf 
was

#FallbackDNS=1.1.1.1 8.8.8.8 1.0.0.1 8.8.4.4 2606:4700:4700:: 
2001:4860:4860::
 2606:4700:4700::1001 2001:4860:4860::884

But many folks complained that they didn't want a Fallback defined pointing to 
Google or
other "services".  So, it was removed and is now

#FallbackDNS=

Meaning none are defined.

So, previously, if your DNS= entry was incorrect you'd be protected by the 
existence of the Fallback being
defined.  Now, they are not.

So, whoever supplied the badly formatted /etc/systemd/resolved.conf file is the 
"real" culprit.

If I recall, you're using a VM supplied by a vendor?  If so, have you notified 
them?

--
People who believe they don't make mistakes have already made one.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-17 Thread Steve Dickson 


On 2/17/21 6:55 PM, Ed Greshko wrote:
> On 18/02/2021 05:11, Steve Dickson wrote:
>> I agree... ignoring syntax error or parsing error just does not seem
>> like the appropriate thing to do... Error out! Tell me what is broken
>> so I can fix it!!
> 
> Replace the "," with a " " in the DNS= entry of /etc/systemd/resolved.conf 
> file.
> 
> And if you didn't format it that way, find out who did.
That is the question!!! I upgraded and DNS broke!

I didn't even know there was a /etc/systemd/resolved.conf
file until this unfortunate experience... 

> 
> And, if you've never made an incorrect format in a configuration file in your 
> life, consider yourself
> lucky.  The worst ones are formatting failures which occur silently yet 
> things don't work.
> 
Of course I have... when I change things and break things I see the 
error... but in this case I upgraded (aka I changed nothing) and the
error was ignored... Killing my DNS... That is a bug.. IMHO.. 

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-17 Thread Ed Greshko 

On 18/02/2021 05:11, Steve Dickson wrote:

I agree... ignoring syntax error or parsing error just does not seem
like the appropriate thing to do... Error out! Tell me what is broken
so I can fix it!!


Replace the "," with a " " in the DNS= entry of /etc/systemd/resolved.conf file.

And if you didn't format it that way, find out who did.

And, if you've never made an incorrect format in a configuration file in your 
life, consider yourself
lucky.  The worst ones are formatting failures which occur silently yet things 
don't work.

--
People who believe they don't make mistakes have already made one.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-17 Thread Steve Dickson 


On 2/16/21 9:03 AM, Ed Greshko wrote:
> On 16/02/2021 21:37, Steve Dickson wrote:
>>
>> On 2/15/21 9:16 PM, Dominique Martinet wrote:
>>> Steve Dickson wrote on Mon, Feb 15, 2021 at 09:04:52PM -0500:
> I think if no IP was successfully parsed the fallback ought to kick in,
> so it's a systemd-resolved bug -- do you want to report this upstream or
> shall I now I've had a look?
 Fedora bz or an upstream bz? If is the latter where do I report it?
>>> We have systemd devs in fedora so I think either would work out.
>>>
>>> upstream is on github: https://github.com/systemd/systemd/issues
>>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1929212
>>
>> Thanks for the help!
> 
> FWIW, I suppose I don't know why a BZ is needed since the 
> /etc/systemd/resolved.conf has a sample
> for the DNS= parameter showing:
> 
> # Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
> # Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700:: 2606:4700:4700::1001
> # Google: 8.8.8.8 8.8.4.4 2001:4860:4860:: 2001:4860:4860::884
> 
> And the man page for resolved.conf explicitly states:
> 
>     DNS=
>    A space-separated list of IPv4 and IPv6 addresses to use as system
>    DNS servers.
> 
> Is the expectation that any character which may be considered a delimiter 
> should be acceptable?Who/what was setting DNS=?? It was not me... and 
> obviously it didn't read the man page! :-) 
> Wouldn't the more appropriate course of action be to correct format?
Fail!!! If something is wrong which will cause DNS not to work... Fail!!
Give the Admin a changed to fix the problem... IMHO... 

steved.

> 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-17 Thread Steve Dickson 


On 2/16/21 9:02 AM, Troy Curtis Jr wrote:
> 
> 
> On Mon, Feb 15, 2021 at 10:02 PM Dominique Martinet  > wrote:
> 
> Michael Catanzaro wrote on Mon, Feb 15, 2021 at 08:46:57PM -0600:
> > We removed the fallbacks due to complaints from users who didn't want 
> DNS
> > ever going to Cloudflare or Google. So the lack of fallback is expected 
> and
> > should not be reported as a bug.
> 
> setting DNS= (or DNS="") explicitely should not fallback, I agree with
> that. There are people who want no DNS whatsoever and that should be
> configurable.
> 
> But if extract_first_word() returned a non-empty string and
> manager_add_dns_server_by_string fails (for all iterations of the loop),
> it should definitely kick some fallback in -- the user obviously wanted
> *something*, it just doesn't work.
> 
> 
> Steve's situation provides the perfect example for why a fallback is likely 
> undesirable. It sounds like his
> configuration never worked. There were explicit DNS values configured that 
> weren't being used, yet
> he never noticed because it fell back to something that seemed to work. It 
> would take a deeper and
> deliberate look before the user realized the desired configuration wasn't 
> applied. It is better to error
> than guess in many cases.
I agree... ignoring syntax error or parsing error just does not seem
like the appropriate thing to do... Error out! Tell me what is broken
so I can fix it!!

steved.  
>  
> 
> 
> > I think we have larger issues with DNS server assignment on cloud 
> servers,
> > which I've reported as https://pagure.io/fedora-server/issue/10 
> . But I also
> > notice Steve's case is different, since he really does have some static 
> DNS
> > configuration, just using commas where spaces are required. So seems 
> like a
> > misconfiguration by the cloud provider?
> 
> Not sure where the configuration snippet with comma comes from but yes
> ultimately it's "just" a configuration error.
> Nevertheless, a config that somehow worked until a recent update through
> fallback, I don't think we want more unhappy users :)
> 
> -- 
> Dominique
> ___
> devel mailing list -- devel@lists.fedoraproject.org 
> 
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org 
> 
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ 
> 
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines 
> 
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org 
> 
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure 
> 
> 
> 
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure
> 
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-16 Thread Ed Greshko 

On 17/02/2021 04:24, Marius Schwarz wrote:

Am 16.02.21 um 15:03 schrieb Ed Greshko:



Thanks for the help!


FWIW, I suppose I don't know why a BZ is needed since the 
/etc/systemd/resolved.conf has a sample
for the DNS= parameter showing:




I think that "," is received by a dhcp answere from the dhcpd, which knows two dns and 
sets it that way. Maybe a mistake in the dhcp implementation or config line. IMHO systemd should be 
fail-tolerant to this kind of "bug", so a br is a good idea.



The file in question is /etc/systemd/resolved.conf.  This file isn't 
changed/managed by DHCP.

--
People who believe they don't make mistakes have already made one.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-16 Thread Marius Schwarz 

Am 16.02.21 um 15:03 schrieb Ed Greshko:



Thanks for the help!


FWIW, I suppose I don't know why a BZ is needed since the 
/etc/systemd/resolved.conf has a sample

for the DNS= parameter showing:




I think that "," is received by a dhcp answere from the dhcpd, which 
knows two dns and sets it that way. Maybe a mistake in the dhcp 
implementation or config line. IMHO systemd should be fail-tolerant to 
this kind of "bug", so a br is a good idea.


best regards,
Marius Schwarz
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-16 Thread Łukasz Posadowski 
W dniu pon, 15.02.2021 o godzinie 17∶40 -0500, użytkownik Steve Dickson
napisał:
> Hello,
> 
> I just updated to latest Fedora 33 and 
> I no longer have any DNS name solution. 
> The network is up... but... 
> 
> $ ping www.yahoo.com
> ping: www.yahoo.com: Name or service not known
> 
> I changed nothing! 
> 
> How would be the bet way to debug this???

Thanks. I found that bug too. You can add dns server and search domain
directly into /etc/systemd/redolved.conf .

For me, yahoo.com resolving would work, but I couldn't resolve hosts
from my local domain, configured on a pihole, like:
- fedora.ping.local, 
- rawhide.ping.local,
- etc...

I have Fedora 33 on a VPS in OVH and it's working fine there, without
the need for any configuration in resolved.

-- 
Łukasz Posadowski

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-16 Thread Ed Greshko 

On 16/02/2021 21:37, Steve Dickson wrote:


On 2/15/21 9:16 PM, Dominique Martinet wrote:

Steve Dickson wrote on Mon, Feb 15, 2021 at 09:04:52PM -0500:

I think if no IP was successfully parsed the fallback ought to kick in,
so it's a systemd-resolved bug -- do you want to report this upstream or
shall I now I've had a look?

Fedora bz or an upstream bz? If is the latter where do I report it?

We have systemd devs in fedora so I think either would work out.

upstream is on github: https://github.com/systemd/systemd/issues


https://bugzilla.redhat.com/show_bug.cgi?id=1929212

Thanks for the help!


FWIW, I suppose I don't know why a BZ is needed since the 
/etc/systemd/resolved.conf has a sample
for the DNS= parameter showing:

# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700:: 2606:4700:4700::1001
# Google: 8.8.8.8 8.8.4.4 2001:4860:4860:: 2001:4860:4860::884

And the man page for resolved.conf explicitly states:

    DNS=
   A space-separated list of IPv4 and IPv6 addresses to use as system
   DNS servers.

Is the expectation that any character which may be considered a delimiter 
should be acceptable?

Wouldn't the more appropriate course of action be to correct format?

--
People who believe they don't make mistakes have already made one.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-16 Thread Troy Curtis Jr 
On Mon, Feb 15, 2021 at 10:02 PM Dominique Martinet 
wrote:

> Michael Catanzaro wrote on Mon, Feb 15, 2021 at 08:46:57PM -0600:
> > We removed the fallbacks due to complaints from users who didn't want DNS
> > ever going to Cloudflare or Google. So the lack of fallback is expected
> and
> > should not be reported as a bug.
>
> setting DNS= (or DNS="") explicitely should not fallback, I agree with
> that. There are people who want no DNS whatsoever and that should be
> configurable.
>
> But if extract_first_word() returned a non-empty string and
> manager_add_dns_server_by_string fails (for all iterations of the loop),
> it should definitely kick some fallback in -- the user obviously wanted
> *something*, it just doesn't work.
>
>
Steve's situation provides the perfect example for why a fallback is likely
undesirable. It sounds like his
configuration never worked. There were explicit DNS values configured that
weren't being used, yet
he never noticed because it fell back to something that seemed to work. It
would take a deeper and
deliberate look before the user realized the desired configuration wasn't
applied. It is better to error
than guess in many cases.


>
> > I think we have larger issues with DNS server assignment on cloud
> servers,
> > which I've reported as https://pagure.io/fedora-server/issue/10. But I
> also
> > notice Steve's case is different, since he really does have some static
> DNS
> > configuration, just using commas where spaces are required. So seems
> like a
> > misconfiguration by the cloud provider?
>
> Not sure where the configuration snippet with comma comes from but yes
> ultimately it's "just" a configuration error.
> Nevertheless, a config that somehow worked until a recent update through
> fallback, I don't think we want more unhappy users :)
>
> --
> Dominique
> ___
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-16 Thread Steve Dickson 


On 2/16/21 6:05 AM, David Both wrote:
> This situation is due to the change from the old resolver to the new 
> systemd-resolved.
> 
> I have a page on my technical web site that describes the problem and the 
> circumvention.
> 
> http://www.linux-databook.info/?page_id=5951
> 
> This does not, erm, resolve the problem but it does get you back to a working 
> resover.
Right stopping/disabling the systemd-resolved then creating your own 
/etc/resovled.conf
is the work around... 

systemd is in the booting business... However did it get in DNS business... 
And that was a good idea??? ;-)

> 
> I hope this helps.
It did... Thanks you!

steved
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-16 Thread Steve Dickson 


On 2/15/21 9:16 PM, Dominique Martinet wrote:
> Steve Dickson wrote on Mon, Feb 15, 2021 at 09:04:52PM -0500:
>>> I think if no IP was successfully parsed the fallback ought to kick in,
>>> so it's a systemd-resolved bug -- do you want to report this upstream or
>>> shall I now I've had a look?
>>
>> Fedora bz or an upstream bz? If is the latter where do I report it?
> 
> We have systemd devs in fedora so I think either would work out.
> 
> upstream is on github: https://github.com/systemd/systemd/issues
> 
https://bugzilla.redhat.com/show_bug.cgi?id=1929212

Thanks for the help!

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-16 Thread David Both 
This situation is due to the change from the old resolver to the new 
systemd-resolved.


I have a page on my technical web site that describes the problem and the 
circumvention.


http://www.linux-databook.info/?page_id=5951

This does not, erm, resolve the problem but it does get you back to a working 
resover.


I hope this helps.


--


*
David P. Both, RHCE
He/Him/His
*
www.both.org - My personal web site
www.Linux-Databook.info - Home of the DataBook for Linux
DataBook is a Registered Trademark of David Both
*
The value of any software lies in its usefulness
not in its price.

— Linus Torvalds
*

On Mon, 15 Feb 2021, Steve Dickson wrote:


Date: Mon, 15 Feb 2021 17:40:10
From: Steve Dickson 
Reply-To: Development discussions related to Fedora

To: devel@lists.fedoraproject.org
Subject: Don't update to the latest f33!

Hello,

I just updated to latest Fedora 33 and
I no longer have any DNS name solution.
The network is up... but...

$ ping www.yahoo.com
ping: www.yahoo.com: Name or service not known

I changed nothing!

How would be the bet way to debug this???

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure


___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Dominique Martinet 
Michael Catanzaro wrote on Mon, Feb 15, 2021 at 08:46:57PM -0600:
> We removed the fallbacks due to complaints from users who didn't want DNS
> ever going to Cloudflare or Google. So the lack of fallback is expected and
> should not be reported as a bug.

setting DNS= (or DNS="") explicitely should not fallback, I agree with
that. There are people who want no DNS whatsoever and that should be
configurable.

But if extract_first_word() returned a non-empty string and
manager_add_dns_server_by_string fails (for all iterations of the loop),
it should definitely kick some fallback in -- the user obviously wanted
*something*, it just doesn't work.


> I think we have larger issues with DNS server assignment on cloud servers,
> which I've reported as https://pagure.io/fedora-server/issue/10. But I also
> notice Steve's case is different, since he really does have some static DNS
> configuration, just using commas where spaces are required. So seems like a
> misconfiguration by the cloud provider?

Not sure where the configuration snippet with comma comes from but yes
ultimately it's "just" a configuration error.
Nevertheless, a config that somehow worked until a recent update through
fallback, I don't think we want more unhappy users :)

-- 
Dominique
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Michael Catanzaro 



On Tue, Feb 16, 2021 at 10:53 am, Dominique Martinet 
 wrote:


I think if no IP was successfully parsed the fallback ought to kick 
in,
so it's a systemd-resolved bug -- do you want to report this upstream 
or

shall I now I've had a look?


Hi Dominique,

We removed the fallbacks due to complaints from users who didn't want 
DNS ever going to Cloudflare or Google. So the lack of fallback is 
expected and should not be reported as a bug.


I think we have larger issues with DNS server assignment on cloud 
servers, which I've reported as 
https://pagure.io/fedora-server/issue/10. But I also notice Steve's 
case is different, since he really does have some static DNS 
configuration, just using commas where spaces are required. So seems 
like a misconfiguration by the cloud provider?


Michael

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Dominique Martinet 
Steve Dickson wrote on Mon, Feb 15, 2021 at 09:04:52PM -0500:
> > I think if no IP was successfully parsed the fallback ought to kick in,
> > so it's a systemd-resolved bug -- do you want to report this upstream or
> > shall I now I've had a look?
>
> Fedora bz or an upstream bz? If is the latter where do I report it?

We have systemd devs in fedora so I think either would work out.

upstream is on github: https://github.com/systemd/systemd/issues

-- 
Dominique
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 8:53 PM, Dominique Martinet wrote:
> Hi Steve,
> 
> Steve Dickson wrote on Mon, Feb 15, 2021 at 08:40:17PM -0500:
>> When I have DNS=67.207.67.3,67.207.67.2 I get
> 
> FWIW the man page states it is a space-separated list of IPs, you might
> want to try DNS="67.207.67.3 67.207.67.2"
> 
> I quickly had a look at the code and I don't think anything changed
> recently with how the parsing works, but dd2e9e1d0e82 ("resolve: ignore
> invalid service template name") (18 Nov 2020) changed the error bubbling
> up (it's now ignored when it was an error), so the fallback no longer
> kicks in for you.
> 
> 
> I think if no IP was successfully parsed the fallback ought to kick in,
> so it's a systemd-resolved bug -- do you want to report this upstream or
> shall I now I've had a look?
> 
Fedora bz or an upstream bz? If is the latter where do I report it?

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Dominique Martinet 
Hi Steve,

Steve Dickson wrote on Mon, Feb 15, 2021 at 08:40:17PM -0500:
> When I have DNS=67.207.67.3,67.207.67.2 I get

FWIW the man page states it is a space-separated list of IPs, you might
want to try DNS="67.207.67.3 67.207.67.2"

I quickly had a look at the code and I don't think anything changed
recently with how the parsing works, but dd2e9e1d0e82 ("resolve: ignore
invalid service template name") (18 Nov 2020) changed the error bubbling
up (it's now ignored when it was an error), so the fallback no longer
kicks in for you.


I think if no IP was successfully parsed the fallback ought to kick in,
so it's a systemd-resolved bug -- do you want to report this upstream or
shall I now I've had a look?

-- 
Dominique
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 8:16 PM, Ed Greshko wrote:
> On 16/02/2021 09:10, Steve Dickson wrote:
>> On 2/15/21 7:55 PM, Ed Greshko wrote:
>>> On 16/02/2021 08:50, Steve Dickson wrote:
 But I think this is the problem... 

 systemctl start systemd-resolved
 systemctl -o cat status systemd-resolved
 Starting Network Name Resolution...
 Positive Trust Anchors:
 . IN DS 20326 8 2 
 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
 Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 
 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.i>
 Failed to add DNS server address '67.207.67.2,67.207.67.3', ignoring: 
 Invalid argument
 Using system hostname 'steved-v4dev-f33.nfsv4.dev'.
 Started Network Name Resolution.

 What has changed in the parsing of DNS server addresses???
>>> I get...
>>>
>>> Positive Trust Anchors:
>>> . IN DS 20326 8 2 
>>> e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
>>> Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 
>>> 17.172.in-addr.arpa 1>
>>> Using system hostname 'meimei.greshko.com'.
>>>
>>> I don't see where your DNS servers are defined from the previous post you 
>>> showed.
>>>
>>> My primary interface is enp2s0 and I get...
>>>
>>> [egreshko@meimei ~]$ nmcli device show enp2s0 | grep -i dns
>>> IP4.DNS[1]: 192.168.1.142
>>> IP6.DNS[1]: 2001:b030:112f::19
>>>
>>> Does something get returned for your eth0 device?
>> No...
>>
>> nmcli device show eth0 | grep -i dns
>> nmcli device show eth1 | grep -i dns
>>
>> but... after changing /etc/systemd/resolved.conf to DNS=8.8.8.8
>> Then doing a systemctl restart systemd-resolved
>> The dns started to work... There is an issue
>> with the latest systemd-resolved
> 
> I don't think so
> 
> In my /etc/systemd/resolved.conf I have
> 
> #DNS=
When I have DNS=67.207.67.3,67.207.67.2 I get
# systemctl -o cat status systemd-resolved
Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 
18.172.in-addr.arpa 19.172.i>
Failed to add DNS server address '67.207.67.2,67.207.67.3', ignoring: Invalid 
argument

When I change DNS=67.207.67.2 and restart systemd-resolved
my dns comes back... w/out the error.

> 
> So, you're just manually adding a DNS server.  
No... the DNS=67.207.67.2,67.207.67.3 is coming from
the cloud provider.

> You're interface still doesn't have a DNS server defined.
> As Far As I can Tell.
Right! Because whatever changed in systemd-resolved can longer
parse DNS=,. Which it could before...

> 
> Why don't you try adding servers to your network configuration instead?
I'm a VM in a cloud... I have no control over the network servers. 

> 
> I have systemd-246.10-1.fc33.x86_64 installed on all systems with no problems.
I do to... 
# rpm -q systemd
systemd-246.10-1.fc33.x86_64

But you don't have in ',' in your DNS statments.

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Ed Greshko 

On 16/02/2021 09:10, Steve Dickson wrote:


On 2/15/21 7:55 PM, Ed Greshko wrote:

On 16/02/2021 08:50, Steve Dickson wrote:

But I think this is the problem...

systemctl start systemd-resolved
systemctl -o cat status systemd-resolved
Starting Network Name Resolution...
Positive Trust Anchors:
. IN DS 20326 8 2 
e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 
18.172.in-addr.arpa 19.172.i>
Failed to add DNS server address '67.207.67.2,67.207.67.3', ignoring: Invalid 
argument
Using system hostname 'steved-v4dev-f33.nfsv4.dev'.
Started Network Name Resolution.

What has changed in the parsing of DNS server addresses???

I get...

Positive Trust Anchors:
. IN DS 20326 8 2 
e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 
1>
Using system hostname 'meimei.greshko.com'.

I don't see where your DNS servers are defined from the previous post you 
showed.

My primary interface is enp2s0 and I get...

[egreshko@meimei ~]$ nmcli device show enp2s0 | grep -i dns
IP4.DNS[1]: 192.168.1.142
IP6.DNS[1]: 2001:b030:112f::19

Does something get returned for your eth0 device?

No...

nmcli device show eth0 | grep -i dns
nmcli device show eth1 | grep -i dns

but... after changing /etc/systemd/resolved.conf to DNS=8.8.8.8
Then doing a systemctl restart systemd-resolved
The dns started to work... There is an issue
with the latest systemd-resolved


I don't think so

In my /etc/systemd/resolved.conf I have

#DNS=

So, you're just manually adding a DNS server.  You're interface still doesn't 
have a DNS server defined.
As Far As I can Tell.

Why don't you try adding servers to your network configuration instead?

I have systemd-246.10-1.fc33.x86_64 installed on all systems with no problems.

--
People who believe they don't make mistakes have already made one.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 7:55 PM, Ed Greshko wrote:
> On 16/02/2021 08:50, Steve Dickson wrote:
>> But I think this is the problem... 
>>
>> systemctl start systemd-resolved
>> systemctl -o cat status systemd-resolved
>> Starting Network Name Resolution...
>> Positive Trust Anchors:
>> . IN DS 20326 8 2 
>> e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
>> Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 
>> 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.i>
>> Failed to add DNS server address '67.207.67.2,67.207.67.3', ignoring: 
>> Invalid argument
>> Using system hostname 'steved-v4dev-f33.nfsv4.dev'.
>> Started Network Name Resolution.
>>
>> What has changed in the parsing of DNS server addresses???
> 
> I get...
> 
> Positive Trust Anchors:
> . IN DS 20326 8 2 
> e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
> Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 
> 17.172.in-addr.arpa 1>
> Using system hostname 'meimei.greshko.com'.
> 
> I don't see where your DNS servers are defined from the previous post you 
> showed.
> 
> My primary interface is enp2s0 and I get...
> 
> [egreshko@meimei ~]$ nmcli device show enp2s0 | grep -i dns
> IP4.DNS[1]: 192.168.1.142
> IP6.DNS[1]: 2001:b030:112f::19
> 
> Does something get returned for your eth0 device?
No...

nmcli device show eth0 | grep -i dns
nmcli device show eth1 | grep -i dns

but... after changing /etc/systemd/resolved.conf to DNS=8.8.8.8
Then doing a systemctl restart systemd-resolved
The dns started to work... There is an issue
with the latest systemd-resolved

steved.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Ed Greshko 

On 16/02/2021 08:50, Steve Dickson wrote:

But I think this is the problem...

systemctl start systemd-resolved
systemctl -o cat status systemd-resolved
Starting Network Name Resolution...
Positive Trust Anchors:
. IN DS 20326 8 2 
e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 
18.172.in-addr.arpa 19.172.i>
Failed to add DNS server address '67.207.67.2,67.207.67.3', ignoring: Invalid 
argument
Using system hostname 'steved-v4dev-f33.nfsv4.dev'.
Started Network Name Resolution.

What has changed in the parsing of DNS server addresses???


I get...

Positive Trust Anchors:
. IN DS 20326 8 2 
e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 
1>
Using system hostname 'meimei.greshko.com'.

I don't see where your DNS servers are defined from the previous post you 
showed.

My primary interface is enp2s0 and I get...

[egreshko@meimei ~]$ nmcli device show enp2s0 | grep -i dns
IP4.DNS[1]: 192.168.1.142
IP6.DNS[1]: 2001:b030:112f::19

Does something get returned for your eth0 device?

--
People who believe they don't make mistakes have already made one.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 7:31 PM, Ed Greshko wrote:
> I think I may have sent this off-list
> 
> On 16/02/2021 08:17, Steve Dickson wrote:
>> On 2/15/21 7:12 PM, Ed Greshko wrote:
>>> On 16/02/2021 06:40, Steve Dickson wrote:
 I just updated to latest Fedora 33 and
 I no longer have any DNS name solution.
 The network is up... but...

 $ pingwww.yahoo.com
 ping:www.yahoo.com: Name or service not known

 I changed nothing!

 How would be the bet way to debug this???
>>> What is the output of
>>>
>>> resolvectl status
>>>
>>>
>> # resolvectl status
>> Global
>>     Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
>> resolv.conf mode: missing
>>
>> Link 2 (eth0)
>> Current Scopes: LLMNR/IPv4 LLMNR/IPv6
>>   Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
>>
>> Link 3 (eth1)
>> Current Scopes: LLMNR/IPv4 LLMNR/IPv6
>>   Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
>>
> 
> Well, that is an indication of a problem as it should return something 
> like
> 
> Link 2 (enp2s0)
>     Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
>  Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS 
> DNSSEC=no/unsupported
> Current DNS Server: 192.168.1.142
>    DNS Servers: 192.168.1.142 2001:b030:112f::19
>     DNS Domain: greshko.com
> 
> The question then is how your eth0 and/or eth1 obtain their IP addresses.  
> Are they configured
> statically or via DHCP?
> 
> 
statically...

But I think this is the problem... 

systemctl start systemd-resolved
systemctl -o cat status systemd-resolved
Starting Network Name Resolution...
Positive Trust Anchors:
. IN DS 20326 8 2 
e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 
18.172.in-addr.arpa 19.172.i>
Failed to add DNS server address '67.207.67.2,67.207.67.3', ignoring: Invalid 
argument
Using system hostname 'steved-v4dev-f33.nfsv4.dev'.
Started Network Name Resolution.

What has changed in the parsing of DNS server addresses???

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Ed Greshko 

On 16/02/2021 08:35, Steve Dickson wrote:


On 2/15/21 7:24 PM, Ed Greshko wrote:

On 16/02/2021 08:17, Steve Dickson wrote:

On 2/15/21 7:12 PM, Ed Greshko wrote:

On 16/02/2021 06:40, Steve Dickson wrote:

I just updated to latest Fedora 33 and
I no longer have any DNS name solution.
The network is up... but...

$ pingwww.yahoo.com
ping:www.yahoo.com: Name or service not known

I changed nothing!

How would be the bet way to debug this???

What is the output of

resolvectl status



# resolvectl status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: missing

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (eth1)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported


Well, that is an indication of a problem as it should return something like

Link 2 (enp2s0)
     Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
  Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS 
DNSSEC=no/unsupported
Current DNS Server: 192.168.1.142
    DNS Servers: 192.168.1.142 2001:b030:112f::19
     DNS Domain: greshko.com

The question then is how your eth0 and/or eth1 obtain their IP addresses.  Are 
they configured
statically or via DHCP?

Both Statically:

BOOTPROTO=none
DEFROUTE=yes
DEVICE=eth0
GATEWAY=164.90.128.1
HWADDR=22:df:7b:34:93:fe
IPADDR=164.90.129.207
IPADDR6=2604:a880:800:c1::470:e001/64
IPV6ADDR=2604:a880:800:c1::470:e001/64
IPV6INIT=yes
IPV6_DEFAULTGW=2604:A880:0800:00C1::::0001
NETMASK=255.255.240.0
NETMASK1=255.255.0.0
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
USERCTL=yes

BOOTPROTO=none
DEVICE=eth1
HWADDR=a6:91:39:b6:3c:7e
IPADDR=10.108.0.2
NETMASK=255.255.240.0
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
USERCTL=no

steved.



What happened to (for example)

DNS1=192.168.1.142
DOMAIN=greshko.com

???


--
People who believe they don't make mistakes have already made one.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 7:25 PM, Sam Varshavchik wrote:
>> # cat /run/NetworkManager/no-stub-resolv.conf
>> cat: /run/NetworkManager/no-stub-resolv.conf: No such file or directory
>>
>> Who is suppose to create that? It is on /run so it be created on every 
>> reboot...
> 
> NetworkManager. Maybe you have /run/NetworkManager/resolv.conf, I have both 
> of them. I'm too lazy to look up what's the difference.
Nope... 

# ls /run/NetworkManager/resolv.conf
/bin/ls: cannot access '/run/NetworkManager/resolv.conf': No such file or 
directory

> 
>> > Now, perform a test lookup using the dig command, directly, to your real 
>> > DNS server.
>> >
>> > dig @8.8.8.8 www.yahoo.com
>> I can't do this because bind-utils was not install and I can not install it
>> because DNS is broken..
> 
> "host" has an optional second parameter, the DNS server's IP address.
> 
Unfortunately..  # host
bash: host: command not found
:-)

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 7:24 PM, Ed Greshko wrote:
> On 16/02/2021 08:17, Steve Dickson wrote:
>> On 2/15/21 7:12 PM, Ed Greshko wrote:
>>> On 16/02/2021 06:40, Steve Dickson wrote:
 I just updated to latest Fedora 33 and
 I no longer have any DNS name solution.
 The network is up... but...

 $ pingwww.yahoo.com
 ping:www.yahoo.com: Name or service not known

 I changed nothing!

 How would be the bet way to debug this???
>>> What is the output of
>>>
>>> resolvectl status
>>>
>>>
>> # resolvectl status
>> Global
>>Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
>> resolv.conf mode: missing  
>>
>> Link 2 (eth0)
>> Current Scopes: LLMNR/IPv4 LLMNR/IPv6   
>>  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
>>
>> Link 3 (eth1)
>> Current Scopes: LLMNR/IPv4 LLMNR/IPv6   
>>  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
>>
> 
> Well, that is an indication of a problem as it should return something 
> like
> 
> Link 2 (enp2s0)
>     Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 
>  
>  Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS 
> DNSSEC=no/unsupported
> Current DNS Server: 192.168.1.142 
>  
>    DNS Servers: 192.168.1.142 2001:b030:112f::19  
>  
>     DNS Domain: greshko.com
> 
> The question then is how your eth0 and/or eth1 obtain their IP addresses.  
> Are they configured
> statically or via DHCP?
Both Statically:

BOOTPROTO=none
DEFROUTE=yes
DEVICE=eth0
GATEWAY=164.90.128.1
HWADDR=22:df:7b:34:93:fe
IPADDR=164.90.129.207
IPADDR6=2604:a880:800:c1::470:e001/64
IPV6ADDR=2604:a880:800:c1::470:e001/64
IPV6INIT=yes
IPV6_DEFAULTGW=2604:A880:0800:00C1::::0001
NETMASK=255.255.240.0
NETMASK1=255.255.0.0
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
USERCTL=yes

BOOTPROTO=none
DEVICE=eth1
HWADDR=a6:91:39:b6:3c:7e
IPADDR=10.108.0.2
NETMASK=255.255.240.0
ONBOOT=yes
STARTMODE=auto
TYPE=Ethernet
USERCTL=no

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Ed Greshko 

I think I may have sent this off-list

On 16/02/2021 08:17, Steve Dickson wrote:

On 2/15/21 7:12 PM, Ed Greshko wrote:

On 16/02/2021 06:40, Steve Dickson wrote:

I just updated to latest Fedora 33 and
I no longer have any DNS name solution.
The network is up... but...

$ pingwww.yahoo.com
ping:www.yahoo.com: Name or service not known

I changed nothing!

How would be the bet way to debug this???

What is the output of

resolvectl status



# resolvectl status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: missing

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (eth1)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported



Well, that is an indication of a problem as it should return something like

Link 2 (enp2s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.142
   DNS Servers: 192.168.1.142 2001:b030:112f::19
    DNS Domain: greshko.com

The question then is how your eth0 and/or eth1 obtain their IP addresses.  Are 
they configured
statically or via DHCP?


--
People who believe they don't make mistakes have already made one.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Sam Varshavchik 

Steve Dickson writes:




On 2/15/21 6:19 PM, Sam Varshavchik wrote:
> Steve Dickson writes:
>
>> Hello,
>>
>> I just updated to latest Fedora 33 and
>> I no longer have any DNS name solution.
>> The network is up... but...
>>
>> $ ping www.yahoo.com
>> ping: www.yahoo.com: Name or service not known
>>
>> I changed nothing!
>>
>> How would be the bet way to debug this???
>
> Inspect what it's your /etc/resolv.conf, confirm that your name server is  
127.0.0.10, or something this bizarre.

I guess it is bizarre...
# See man:systemd-resolved.service(8) for details about the supported modes  
of

# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad

>
> Now look in /run/NetworkManager/no-stub-resolv.conf to see what your real  
DNS server is. Let's assume that you see it's 8.8.8.8, but you should be  
able to recognize your usual DNS server in there.

# cat /run/NetworkManager/no-stub-resolv.conf
cat: /run/NetworkManager/no-stub-resolv.conf: No such file or directory

Who is suppose to create that? It is on /run so it be created on every  
reboot...


NetworkManager. Maybe you have /run/NetworkManager/resolv.conf, I have both  
of them. I'm too lazy to look up what's the difference.


> Now, perform a test lookup using the dig command, directly, to your real  
DNS server.

>
> dig @8.8.8.8 www.yahoo.com
I can't do this because bind-utils was not install and I can not install it
because DNS is broken..


"host" has an optional second parameter, the DNS server's IP address.




pgp42E_pY3uee.pgp
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Ed Greshko 

On 16/02/2021 08:17, Steve Dickson wrote:


On 2/15/21 7:12 PM, Ed Greshko wrote:

On 16/02/2021 06:40, Steve Dickson wrote:

I just updated to latest Fedora 33 and
I no longer have any DNS name solution.
The network is up... but...

$ pingwww.yahoo.com
ping:www.yahoo.com: Name or service not known

I changed nothing!

How would be the bet way to debug this???

What is the output of

resolvectl status



# resolvectl status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: missing

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (eth1)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported



Well, that is an indication of a problem as it should return something like

Link 2 (enp2s0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.142
   DNS Servers: 192.168.1.142 2001:b030:112f::19
    DNS Domain: greshko.com

The question then is how your eth0 and/or eth1 obtain their IP addresses.  Are 
they configured
statically or via DHCP?


--
People who believe they don't make mistakes have already made one.

___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 7:12 PM, Ed Greshko wrote:
> On 16/02/2021 06:40, Steve Dickson wrote:
>> I just updated to latest Fedora 33 and
>> I no longer have any DNS name solution.
>> The network is up... but...
>>
>> $ pingwww.yahoo.com
>> ping:www.yahoo.com: Name or service not known
>>
>> I changed nothing!
>>
>> How would be the bet way to debug this???
> 
> What is the output of
> 
> resolvectl status
> 
> 
# resolvectl status
Global
   Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: missing  

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6   
 Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (eth1)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6   
 Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Ed Greshko 

On 16/02/2021 06:40, Steve Dickson wrote:

I just updated to latest Fedora 33 and
I no longer have any DNS name solution.
The network is up... but...

$ pingwww.yahoo.com
ping:www.yahoo.com: Name or service not known

I changed nothing!

How would be the bet way to debug this???


What is the output of

resolvectl status


--
People who believe they don't make mistakes have already made one.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 6:19 PM, Sam Varshavchik wrote:
> Steve Dickson writes:
> 
>> Hello,
>>
>> I just updated to latest Fedora 33 and
>> I no longer have any DNS name solution.
>> The network is up... but...
>>
>> $ ping www.yahoo.com
>> ping: www.yahoo.com: Name or service not known
>>
>> I changed nothing!
>>
>> How would be the bet way to debug this???
> 
> Inspect what it's your /etc/resolv.conf, confirm that your name server is 
> 127.0.0.10, or something this bizarre.
I guess it is bizarre... 
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad

> 
> Now look in /run/NetworkManager/no-stub-resolv.conf to see what your real DNS 
> server is. Let's assume that you see it's 8.8.8.8, but you should be able to 
> recognize your usual DNS server in there.
# cat /run/NetworkManager/no-stub-resolv.conf 
cat: /run/NetworkManager/no-stub-resolv.conf: No such file or directory

Who is suppose to create that? It is on /run so it be created on every 
reboot... 
> 
> Now, perform a test lookup using the dig command, directly, to your real DNS 
> server.
> 
> dig @8.8.8.8 www.yahoo.com
I can't do this because bind-utils was not install and I can not install it
because DNS is broken..

> 
> Make sure you use the IP address you got from no-stub-resolv.conf
> 
> Assuming that this lookup succeeds, proceed as follows:
> 
> systemctl stop systemd-resolved
> systemctl disable systemd-resolved
> rm -f /etc/resolv.conf
> ln -s ../run/NetworkManager/no-stub-resolv.conf /etc/resolv.conf
since there is no no-stub-resolv.conf... 
ln -s ../run/NetworkManager/no-stub-resolv.conf /etc/resolv.conf
# cat /etc/resolv.conf 
cat: /etc/resolv.conf: No such file or directory

> 
> Verify that your DNS service is now working, then announce that you joined 
> the systemd fan club, and ask for your membership information.
I wish I could! :-) 

I think the bottom line is /run/NetworkManager/no-stub-resolv.conf is
is no longer being created... 

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 


On 2/15/21 6:00 PM, Stephen John Smoogen wrote:
> 
> 
> On Mon, 15 Feb 2021 at 17:39, Steve Dickson  > wrote:
> 
> Hello,
> 
> I just updated to latest Fedora 33 and
> I no longer have any DNS name solution.
> The network is up... but...
> 
> $ ping www.yahoo.com 
> ping: www.yahoo.com : Name or service not known
> 
> I changed nothing!
> 
> How would be the bet way to debug this???
> 
> 
> It could be all kinds of things.. I updated this morning and still have DNS 
> so not sure which.
> 
> 1. what does /etc/resolv.conf say? Mine is pretty default but there are 
> different ways this could be happening:
> # See man:systemd-resolved.service(8) for details about the supported modes of
> # operation for /etc/resolv.conf.
> 
> nameserver 127.0.0.53
> options edns0 trust-ad
> search redhat.com  southeast.rr.com 
> 
This is on a server in the cloud.. which might the problem but it
was not before the update. Here is what the /etc/resolv.conf

# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad

> 
>  2. what does systemd-resolv say
> [ssmoogen@localhost freenode-znc]$ systemd-resolve www.yahoo.com 
> 
systemd-resolve www.yahoo.com
www.yahoo.com: resolve call failed: No appropriate name servers or networks for 
name found

I do find this odd... a second network interface. Not sure
where that came from... 

eth1: flags=4163  mtu 1500
inet 10.108.0.2  netmask 255.255.240.0  broadcast 10.108.15.255
inet6 fe80::a491:39ff:feb6:3c7e  prefixlen 64  scopeid 0x20
ether a6:91:39:b6:3c:7e  txqueuelen 1000  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 19  bytes 1370 (1.3 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Obviously that is a non route-able address... I did turn i off but
it did not help with the DNS.. 

> 3. again if you are set up with systemd-resolv does it show up as broken in 
> systemctl or
> [root@localhost ~]# ss -npl| grep systemd-resolv
It seems to be live... https://paste.centos.org/view/52f7ce26

Thanks!

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Sam Varshavchik 

Steve Dickson writes:


Hello,

I just updated to latest Fedora 33 and
I no longer have any DNS name solution.
The network is up... but...

$ ping www.yahoo.com
ping: www.yahoo.com: Name or service not known

I changed nothing!

How would be the bet way to debug this???


Inspect what it's your /etc/resolv.conf, confirm that your name server is  
127.0.0.10, or something this bizarre.


Now look in /run/NetworkManager/no-stub-resolv.conf to see what your real  
DNS server is. Let's assume that you see it's 8.8.8.8, but you should be  
able to recognize your usual DNS server in there.


Now, perform a test lookup using the dig command, directly, to your real DNS  
server.


dig @8.8.8.8 www.yahoo.com

Make sure you use the IP address you got from no-stub-resolv.conf

Assuming that this lookup succeeds, proceed as follows:

systemctl stop systemd-resolved
systemctl disable systemd-resolved
rm -f /etc/resolv.conf
ln -s ../run/NetworkManager/no-stub-resolv.conf /etc/resolv.conf

Verify that your DNS service is now working, then announce that you joined  
the systemd fan club, and ask for your membership information.





pgpWzRAprEgzl.pgp
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Don't update to the latest f33!

2021-02-15 Thread Stephen John Smoogen 
On Mon, 15 Feb 2021 at 17:39, Steve Dickson  wrote:

> Hello,
>
> I just updated to latest Fedora 33 and
> I no longer have any DNS name solution.
> The network is up... but...
>
> $ ping www.yahoo.com
> ping: www.yahoo.com: Name or service not known
>
> I changed nothing!
>
> How would be the bet way to debug this???
>
>
It could be all kinds of things.. I updated this morning and still have DNS
so not sure which.

1. what does /etc/resolv.conf say? Mine is pretty default but there are
different ways this could be happening:
[ssmoogen@localhost freenode-znc]$ cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but
only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different
symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes
of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search redhat.com southeast.rr.com

 2. what does systemd-resolv say
[ssmoogen@localhost freenode-znc]$ systemd-resolve www.yahoo.com
www.yahoo.com: 74.6.143.25 -- link: ens1u2u1u2
   74.6.143.26 -- link: ens1u2u1u2
   2001:4998:124:1507::f001-- link: ens1u2u1u2
   2001:4998:124:1507::f000-- link: ens1u2u1u2
   (new-fp-shed.wg1.b.yahoo.com)

-- Information acquired via protocol DNS in 1.5ms.
-- Data is authenticated: no

3. again if you are set up with systemd-resolv does it show up as broken in
systemctl or
[root@localhost ~]# ss -npl| grep systemd-resolv
u_dgr UNCONN 0  0
 * 39594  * 16930
 users:(("systemd-resolve",pid=7472,fd=3))

udp   UNCONN 0  0
 127.0.0.53%lo:53   0.0.0.0:*
 users:(("systemd-resolve",pid=7472,fd=16))

udp   UNCONN 0  0
   0.0.0.0:5355 0.0.0.0:*
 users:(("systemd-resolve",pid=7472,fd=11))

udp   UNCONN 0  0
  [::]:5355[::]:*
 users:(("systemd-resolve",pid=7472,fd=13))

tcp   LISTEN 0  4096
0.0.0.0:5355 0.0.0.0:*
 users:(("systemd-resolve",pid=7472,fd=12))

tcp   LISTEN 0  4096
  127.0.0.53%lo:53   0.0.0.0:*
 users:(("systemd-resolve",pid=7472,fd=17))

tcp   LISTEN 0  4096
   [::]:5355[::]:*
 users:(("systemd-resolve",pid=7472,fd=14))


-- 
Stephen J Smoogen.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Don't update to the latest f33!

2021-02-15 Thread Steve Dickson 
Hello,

I just updated to latest Fedora 33 and 
I no longer have any DNS name solution. 
The network is up... but... 

$ ping www.yahoo.com
ping: www.yahoo.com: Name or service not known

I changed nothing! 

How would be the bet way to debug this???

steved.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure