Package: dnssec-trigger Version: 0.13-6 Severity: important Two (related) problems I have identified with dnssec-triggerd: 1. only the first defined search domain is added to resolv.conf 2. the domain itself is absent from the resolv.conf entirely
Below information and output has some text redacted/replaced to avoid exposing internal network configuration details via a public bug report, and clarity. -- Related configuration changes from package defaults /etc/dnssec.conf set_search_domains=yes /etc/dnssec-trigger/dnssec-trigger.conf domain: "zone0.example.com" search: "zone1.example.com zone2.example.com zone3.example.com" /etc/NetworkManager/NetworkManager.conf [main] dns=unbound /etc/unbound/unbound.conf.d/99-custom.conf # various server and forward-zone settings # I do *not* have (or want) global forwarders -- Generated resolv.conf # Generated by dnssec-trigger-script nameserver 127.0.0.1 search zone1.example.com -- Desired resolv.conf nameserver 127.0.0.1 domain zone0.example.com search zone1.example.com zone2.example.com zone3.example.com -- journalctl output for dnssec-triggerd systemd[1]: Starting Reconfigure local DNSSEC resolver on connectivity changes... dnssec-trigger-script[5784]: Backing up /etc/resolv.conf as /run/dnssec-trigger/resolv.conf.backup... dnssec-trigger-script[5784]: Cannot back up '/etc/resolv.conf' as '/run/dnssec-trigger/resolv.conf.backup': No such file or directory dnssec-triggerd[5789]: [5789] info: dnssec-trigger 0.13 start dnssec-triggerd[5789]: Search domains: zone1.example.com dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable dnssec-trigger-script[5790]: Global forwarders: REDACTED REDACTED dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable dnssec-triggerd[5789]: ok dnssec-triggerd[5789]: Search domains: zone1.example.com dnssec-trigger-script[5790]: Connection provided zone 'zone1.example.com' (validated): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone 'c.f.ip6.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone 'd.f.ip6.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '168.192.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '16.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '17.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '18.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '19.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '20.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '21.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '22.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '23.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '24.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '25.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '26.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '27.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '28.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '29.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '30.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '31.172.in-addr.arpa' (insecure): REDACTED, REDACTED dnssec-trigger-script[5790]: Connection provided zone '10.in-addr.arpa' (insecure): REDACTED, REDACTED systemd[1]: Started Reconfigure local DNSSEC resolver on connectivity changes. -- follows is reportbug included information -- -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages dnssec-trigger depends on: ii gir1.2-networkmanager-1.0 1.6.2-3 ii init-system-helpers 1.48 ii libc6 2.24-11+deb9u1 ii libgdk-pixbuf2.0-0 2.36.5-2+deb9u2 ii libglib2.0-0 2.50.3-2 ii libgtk2.0-0 2.24.31-2 ii libldns2 1.7.0-1 ii libssl1.1 1.1.0f-3+deb9u1 ii python 2.7.13-2 ii python-gi 3.22.0-2 ii python-lockfile 1:0.12.2-2 ii unbound 1.6.0-3+deb9u1 dnssec-trigger recommends no packages. dnssec-trigger suggests no packages. -- Configuration Files: /etc/dnssec-trigger/dnssec-trigger.conf changed [not included] /etc/dnssec.conf changed [not included] -- no debconf information