date:20240128

Re: How to disable DNS search received by DHCP

2024-01-28 Thread Tim via users

On Sun, 2024-01-28 at 08:12 +, Strahil Nikolov via users wrote:
> I do control the DHCP and the DNS servers in my network and I did
> manage to make the DHCP stop proposing 'domain-search' and yet
> NetworkManager (after OKD update and my interventions with
> /etc/resolv.conf systemd-resolved is no longer a factor) is still
> assigning a search stanza in the /etc/resolv.conf on the hosts.
> On the otherside , the CoreDNS (the stupid thing that appends the
> search stanza from /etc/resolv.conf) is not under my control but I
> can check.

The search parameter is only supposed to be appended to a query if
there is no answer for the query as it is, or if you just have a
hostname (typically, a name with no dots in it) a fully qualified
domain name is required to resolve the query.

e.g.  If my IP is 192.168.1.1 and I do reverse lookup on it, and find
my hostname is feefiefum, further lookups can be done find my fully
qualified domain name, or the lookup might have provided the whole
thing with the first query.  Or, if I already know my hostname is
feefiefum, lookups can be done to find my fully qualified domain name,
though a simple approach is to try appending the "search" name.

So, something isn't providing full answers in the first place, and it's
trying to find out some other way.

You DHCP servers should be providing the full details required for your
network (hostname and domain name), and your DNS servers should be
providing the full answers for them.  And hopefully your network is set
up to query your own servers, first.

In the old dhcpd.conf file, that would mean 

  option domain-name "quay.io.";

And if you have integrated DNS and DHCP for dynamic addressing, you'd
also have a:

  ddns-domainname "quay.io.";

The trailing dot is important.  It means that it is the end of the
chain.

You should be assigning your clients hostnames, in other words your
pc's full address could be "something.quay.io" not just "quay.io". 
Although quay.io is a hostname in the .io top level domain, it's a
country TLD, and I doubt you're in control of "io".  I see that quay.io
exists; if it's not your domain then you're going to have a lot of pain
trying to use it for your own purposes.

Since you mentioned "quay.io" in your first post, your DNS server ought
to have data for that domain.  If it doesn't, then of course name
resolution may try adding the suggested domain name suffixes.

Again your DNS records should have an entry for the particular hostname
your using in the zone file for that domain, and that zone file should
have all the proper data for that domainname.

-- 

NB:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the list.

The following system info data is generated fresh for each post:

uname -rsvp
Linux 6.2.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53
UTC 2023 x86_64
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: OT: what is an NSC?

2024-01-28 Thread ToddAndMargo via users


On 1/28/24 06:27, ToddAndMargo via users wrote:

On 1/28/24 06:00, Roger Heflin wrote:

Google PCI (PCI is the term for the credit card environment rules) and
NSC and it comes back as "network security control".

So firewall rules/ACL's and possibly network inspection devices and
anything else that is a network control.

On Sun, Jan 28, 2024 at 5:04 AM ToddAndMargo via users
 wrote:


I googled my fingers off.  No matter how I tried,
I got bazillions of hits for "National Safety Council".
So I gave up and asked here.


I couldn't even find it here:
https://www.pcisecuritystandards.org/glossary/#glossary-n
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: OT: what is an NSC?

2024-01-28 Thread ToddAndMargo via users


On 1/28/24 06:00, Roger Heflin wrote:

Google PCI (PCI is the term for the credit card environment rules) and
NSC and it comes back as "network security control".

So firewall rules/ACL's and possibly network inspection devices and
anything else that is a network control.

On Sun, Jan 28, 2024 at 5:04 AM ToddAndMargo via users
 wrote:


I googled my fingers off.  No matter how I tried,
I got bazillions of hits for "National Safety Council".
So I gave up and asked here.
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: OT: what is an NSC?

2024-01-28 Thread Roger Heflin

Google PCI (PCI is the term for the credit card environment rules) and
NSC and it comes back as "network security control".

So firewall rules/ACL's and possibly network inspection devices and
anything else that is a network control.

On Sun, Jan 28, 2024 at 5:04 AM ToddAndMargo via users
 wrote:
>
> Hi All,
>
> Sorry for asking an off topic question here, but
> I know you guys will know the answer off the
> top of your heads.
>
> What is an "NSC" used in this context?
>
> 1.3.3 NSCs are installed between all wireless
> networks and the CDE, regardless of whether
> the wireless network is a CDE
>
> CDE is Card Holder Environment.
>
> Many thanks,
> -T
> --
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: OT: what is an NSC?

2024-01-28 Thread ToddAndMargo via users


On 1/28/24 03:07, Patrick O'Callaghan wrote:

On Sun, 2024-01-28 at 03:04 -0800, ToddAndMargo via users wrote:

Hi All,

Sorry for asking an off topic question here, but
I know you guys will know the answer off the
top of your heads.

What is an "NSC" used in this context?

     1.3.3 NSCs are installed between all wireless
     networks and the CDE, regardless of whether
     the wireless network is a CDE

CDE is Card Holder Environment.


It might be more understandable if you said where this quote comes
from.

poc


Richard answered the question.  It means "Network security controls"

In answer to your question:
https://docs-prv.pcisecuritystandards.org/SAQ%20(Assessment)/SAQ/PCI-DSS-v4-0-SAQ-C-r1.pdf
Page 15,  1.3.1 "expected Testing"
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: OT: what is an NSC?

2024-01-28 Thread ToddAndMargo via users

On 1/28/24 03:51, Richard wrote:

 Original Message 

Date: Sunday, January 28, 2024 11:07:14 +
From: Patrick O'Callaghan 

On Sun, 2024-01-28 at 03:04 -0800, ToddAndMargo via users wrote:

Hi All,

Sorry for asking an off topic question here, but
I know you guys will know the answer off the
top of your heads.

What is an "NSC" used in this context?

     1.3.3 NSCs are installed between all wireless
     networks and the CDE, regardless of whether
     the wireless network is a CDE

CDE is Card Holder Environment.

It might be more understandable if you said where this quote comes
from.

poc
--

That snippet is from:

Scrolling up from the 1.3 section to 1.2 ... one will see that, in
this M$ context, NCS is "Network security controls (NSCs)"

[putting the quoted bit into a search engine turned this up as the
first result ... ]

Thank you!
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: OT: what is an NSC?

2024-01-28 Thread Richard



 Original Message 
> Date: Sunday, January 28, 2024 11:07:14 +
> From: Patrick O'Callaghan 
>
> On Sun, 2024-01-28 at 03:04 -0800, ToddAndMargo via users wrote:
>> Hi All,
>> 
>> Sorry for asking an off topic question here, but
>> I know you guys will know the answer off the
>> top of your heads.
>> 
>> What is an "NSC" used in this context?
>> 
>>     1.3.3 NSCs are installed between all wireless
>>     networks and the CDE, regardless of whether
>>     the wireless network is a CDE
>> 
>> CDE is Card Holder Environment.
> 
> It might be more understandable if you said where this quote comes
> from.
> 
> poc
> --

That snippet is from:



Scrolling up from the 1.3 section to 1.2 ... one will see that, in
this M$ context, NCS is "Network security controls (NSCs)"

[putting the quoted bit into a search engine turned this up as the
first result ... ]

--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: OT: what is an NSC?

2024-01-28 Thread Patrick O'Callaghan

On Sun, 2024-01-28 at 03:04 -0800, ToddAndMargo via users wrote:
> Hi All,
> 
> Sorry for asking an off topic question here, but
> I know you guys will know the answer off the
> top of your heads.
> 
> What is an "NSC" used in this context?
> 
>     1.3.3 NSCs are installed between all wireless
>     networks and the CDE, regardless of whether
>     the wireless network is a CDE
> 
> CDE is Card Holder Environment.

It might be more understandable if you said where this quote comes
from.

poc
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

OT: what is an NSC?

2024-01-28 Thread ToddAndMargo via users


Hi All,

Sorry for asking an off topic question here, but
I know you guys will know the answer off the
top of your heads.

What is an "NSC" used in this context?

   1.3.3 NSCs are installed between all wireless
   networks and the CDE, regardless of whether
   the wireless network is a CDE

CDE is Card Holder Environment.

Many thanks,
-T
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to disable DNS search received by DHCP

2024-01-28 Thread Barry Scott



> On 28 Jan 2024, at 10:32, Strahil Nikolov  wrote:
> 
> I haven't tested ignore-auto-dns but I will give it a try.
> With dhcp-client , the request to the server can be fully controlled (like 
> ask for IP/mask, gate and dns servers only) and I was hoping it will help.

If you go down the route of using ICS dhcp-client then you will have to take 
responsibility for a unique configuration.
That software is no longer maintained, so you will be also be responsible for 
security issues.
See https://www.isc.org/dhcp/ announcing the dropping of support.

Barry


> 
> Best Regards,
> Strahil Nikolov
> 
> On Sun, Jan 28, 2024 at 12:26, Barry Scott
>  wrote:
> --
> ___
> users mailing list -- users@lists.fedoraproject.org 
> 
> To unsubscribe send an email to users-le...@lists.fedoraproject.org 
> 
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue

--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to disable DNS search received by DHCP

2024-01-28 Thread Strahil Nikolov via users

I haven't tested ignore-auto-dns but I will give it a try.With dhcp-client , 
the request to the server can be fully controlled (like ask for IP/mask, gate 
and dns servers only) and I was hoping it will help.
Best Regards,Strahil Nikolov
 
 
  On Sun, Jan 28, 2024 at 12:26, Barry Scott wrote:   --
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue
  
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to disable DNS search received by DHCP

2024-01-28 Thread Barry Scott



> On 28 Jan 2024, at 10:08, Strahil Nikolov  wrote:
> 
> Hi Barrу,
> 
> Until yesterday /etc/resolv.conf was managed by systemd-resolved and I tried 
> the approach to ignore DNS settings from DHCP but no success.
> I tried setting ipv4.dns-search to empty via nmcli but /etc/resolv.conf still 
> had the search stanza.


What happens when you set ipv4.ignore-auto-dns yes?

> 
> Does anyone know if dhcp-client is renamed or something ?

From my reading of the docs and looking at the settings on my systems you do 
not need to go back to the old
dhcp-client.

Barry


> 
> Best Regards,
> Strahil Nikolov
> 
> On Sun, Jan 28, 2024 at 11:50, Barry Scott
>  wrote:
> 
> 
> > On 27 Jan 2024, at 14:19, Strahil Nikolov via users 
> > mailto:users@lists.fedoraproject.org>> 
> > wrote:
> > 
> > Hi all,
> > 
> > I am looking for some help to adjust systemd-resolved to still use DHCP 
> > (ip, gateway and dns servers) but to avoid using the dns search provided 
> > over DHCP.
> > 
> > The reason behind is that OKD4's coredns (Fedora CoreOS) appends the search 
> > stanza (first entry) that is taken from the host and then sends it to the 
> > upstream server.
> > Ex:
> > /etc/resolv.conf contains:
> > search my.domain my.other.domain
> > 
> > CoreDNS query becomes 'quay.io.my.domain' instead of 'quay.io'.
> > 
> > 
> > P.S.: I have an ugly workaround where I unlink and create /etc/resolve.conf 
> > but that can't be the only solution.
> 
> If you are using NetworkManager then I think you want to set the connection
> to "Automatic (addresses only)" then set DNS options manually.
> I think that is the nmcli property ipv4.ignore-auto-dns.
> 
> If you are using systemd-resolved then you can settings in your
> /etc/systemd/network/XXX.newtwork file to ignore settings from DHCP as well
> according to the man systemd.network page, See DNS= and Domains=.
> 
> Barry
> 
> 
> 
> > 
> > Best Regards,
> > Strahil Nikolov
> > 
> > 
> > --
> > ___
> > users mailing list -- users@lists.fedoraproject.org 
> > 
> > To unsubscribe send an email to users-le...@lists.fedoraproject.org 
> > 
> > Fedora Code of Conduct: 
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives: 
> > https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> > Do not reply to spam, report it: 
> > https://pagure.io/fedora-infrastructure/new_issue
> 
> --
> ___
> users mailing list -- users@lists.fedoraproject.org 
> 
> To unsubscribe send an email to users-le...@lists.fedoraproject.org 
> 
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue

--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to disable DNS search received by DHCP

2024-01-28 Thread Strahil Nikolov via users

Hi Barrу,
Until yesterday /etc/resolv.conf was managed by systemd-resolved and I tried 
the approach to ignore DNS settings from DHCP but no success.I tried setting 
ipv4.dns-search to empty via nmcli but /etc/resolv.conf still had the search 
stanza.
Does anyone know if dhcp-client is renamed or something ?
Best Regards,Strahil Nikolov
 
 
  On Sun, Jan 28, 2024 at 11:50, Barry Scott wrote:   

> On 27 Jan 2024, at 14:19, Strahil Nikolov via users 
>  wrote:
> 
> Hi all,
> 
> I am looking for some help to adjust systemd-resolved to still use DHCP (ip, 
> gateway and dns servers) but to avoid using the dns search provided over DHCP.
> 
> The reason behind is that OKD4's coredns (Fedora CoreOS) appends the search 
> stanza (first entry) that is taken from the host and then sends it to the 
> upstream server.
> Ex:
> /etc/resolv.conf contains:
> search my.domain my.other.domain
> 
> CoreDNS query becomes 'quay.io.my.domain' instead of 'quay.io'.
> 
> 
> P.S.: I have an ugly workaround where I unlink and create /etc/resolve.conf 
> but that can't be the only solution.

If you are using NetworkManager then I think you want to set the connection
to "Automatic (addresses only)" then set DNS options manually.
I think that is the nmcli property ipv4.ignore-auto-dns.

If you are using systemd-resolved then you can settings in your
/etc/systemd/network/XXX.newtwork file to ignore settings from DHCP as well
according to the man systemd.network page, See DNS= and Domains=.

Barry



> 
> Best Regards,
> Strahil Nikolov
> 
> 
> --
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue
  
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to disable DNS search received by DHCP

2024-01-28 Thread Barry Scott



> On 27 Jan 2024, at 14:19, Strahil Nikolov via users 
>  wrote:
> 
> Hi all,
> 
> I am looking for some help to adjust systemd-resolved to still use DHCP (ip, 
> gateway and dns servers) but to avoid using the dns search provided over DHCP.
> 
> The reason behind is that OKD4's coredns (Fedora CoreOS) appends the search 
> stanza (first entry) that is taken from the host and then sends it to the 
> upstream server.
> Ex:
> /etc/resolv.conf contains:
> search my.domain my.other.domain
> 
> CoreDNS query becomes 'quay.io.my.domain' instead of 'quay.io'.
> 
> 
> P.S.: I have an ugly workaround where I unlink and create /etc/resolve.conf 
> but that can't be the only solution.

If you are using NetworkManager then I think you want to set the connection
to "Automatic (addresses only)" then set DNS options manually.
I think that is the nmcli property ipv4.ignore-auto-dns.

If you are using systemd-resolved then you can settings in your
/etc/systemd/network/XXX.newtwork file to ignore settings from DHCP as well
according to the man systemd.network page, See DNS= and Domains=.

Barry



> 
> Best Regards,
> Strahil Nikolov
> 
> 
> --
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to disable DNS search received by DHCP

2024-01-28 Thread Strahil Nikolov via users

Hi Tim,
Yes the bug report is inevitable, maybe even 2 (NetworkManager is under 
suspicion too).
I do control the DHCP and the DNS servers in my network and I did manage to 
make the DHCP stop proposing 'domain-search' and yet NetworkManager (after OKD 
update and my interventions with /etc/resolv.conf systemd-resolved is no longer 
a factor) is still assigning a search stanza in the /etc/resolv.conf on the 
hosts.On the otherside , the CoreDNS (the stupid thing that appends the search 
stanza from /etc/resolv.conf) is not under my control but I can check.
Manual is possible but not elegant and most importantly less used (or I thought 
so until now).What bothers me most is the fact that the issue seems since 
OpenShift3 (I found a solution that gave me a clue about the search in 
/etc/resolv.conf) and I doubt it will be fixed soon.
Best Regards,Strahil Nikolov

  On Sun, Jan 28, 2024 at 10:02, Tim via users 
wrote:   On Sun, 2024-01-28 at 07:31 +, Strahil Nikolov via users wrote:
> That's true but right now I have no control over OpenShift/OKD
> behavior.

Bug report...  If it's a software fault, they may fix it.  If it's not,
they may point out where a configuration problem is.

> I even managed to make my DNS stop sending 'domain-search' (clearly
> visible in the NM connection) but NM still applies the domain as
> such.
> 
> On top of that I can't find dhcp-client in the repo ,which could be a
> possible solution to replace NM built-in DHCP client.

Do you have to use DHCP?  Can you manually configure the network
parameters?  You should be able to partially manually configure a
connection and let DHCP automatically do the rest.  But you could fully
manually set things.

I wonder if you're running afoul of the systemd-resolved service?

Is the DHCP server under your control?  You can specify what it sends
as the domain search parameters (which should end in a dot, as Jeffrey
has already said).

If you always get assigned the same IP, you could put entries in the
hosts file for its addresses, and that'd stop it searching further for
answers.

DNS shenanigans is why I run my own DNS server.  Firstly, I started
doing so because my ISP's server was utter crap (overloaded and slow,
and often didn't return results, even for its own services).  Then
because I started running a LAN where I needed local name resolution,
the LAN became too big and unwieldy for messing with the hosts file,
and you can only do that on computers.

-- 

uname -rsvp
Linux 3.10.0-1160.105.1.el7.x86_64 #1 SMP Thu Dec 7 15:39:45 UTC 2023 x86_64

Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.

--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to disable DNS search received by DHCP

2024-01-28 Thread Tim via users

On Sun, 2024-01-28 at 07:31 +, Strahil Nikolov via users wrote:
> That's true but right now I have no control over OpenShift/OKD
> behavior.

Bug report...  If it's a software fault, they may fix it.  If it's not,
they may point out where a configuration problem is.

> I even managed to make my DNS stop sending 'domain-search' (clearly
> visible in the NM connection) but NM still applies the domain as
> such.
> 
> On top of that I can't find dhcp-client in the repo ,which could be a
> possible solution to replace NM built-in DHCP client.

Do you have to use DHCP?  Can you manually configure the network
parameters?  You should be able to partially manually configure a
connection and let DHCP automatically do the rest.  But you could fully
manually set things.

I wonder if you're running afoul of the systemd-resolved service?

Is the DHCP server under your control?  You can specify what it sends
as the domain search parameters (which should end in a dot, as Jeffrey
has already said).

If you always get assigned the same IP, you could put entries in the
hosts file for its addresses, and that'd stop it searching further for
answers.

DNS shenanigans is why I run my own DNS server.  Firstly, I started
doing so because my ISP's server was utter crap (overloaded and slow,
and often didn't return results, even for its own services).  Then
because I started running a LAN where I needed local name resolution,
the LAN became too big and unwieldy for messing with the hosts file,
and you can only do that on computers.

-- 

uname -rsvp
Linux 3.10.0-1160.105.1.el7.x86_64 #1 SMP Thu Dec 7 15:39:45 UTC 2023 x86_64

Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.

--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Re: How to disable DNS search received by DHCP

Re: OT: what is an NSC?

Re: OT: what is an NSC?

Re: OT: what is an NSC?

Re: OT: what is an NSC?

Re: OT: what is an NSC?

Re: OT: what is an NSC?

Re: OT: what is an NSC?

OT: what is an NSC?

Re: How to disable DNS search received by DHCP

Re: How to disable DNS search received by DHCP

Re: How to disable DNS search received by DHCP

Re: How to disable DNS search received by DHCP

Re: How to disable DNS search received by DHCP

Re: How to disable DNS search received by DHCP

Re: How to disable DNS search received by DHCP

16 matches

Site Navigation

Mail list logo

Footer information