Hi all,
I have a local unbound running for caching purposes as well as ensuring
that my DNS traffic is encrypted, using DNS-over-TLS. This works just
fine, except for when I try to run the snapshot upgrade process.
The installer will copy my on-disk configuration and try to setup the
network, using the "supersede domain-name-servers 127.0.0.1;" in my
/etc/dhclient.conf. This gives me no errors, of course, since nothing
is wrong with the configuration. But since no nameserver is running on
localhost, we're unable to resolve hosts. The first indication of this
is "Unable to connect using https. Use http instead?" which is somewhat
unclear, as it led me to believe it's an issue with TLS.
Anyway, the patch below will basically try to ignore any local
nameservers when copying the on-disk configuration. My first approach
was to check if we could resolve a hostname instead, before givig the
https error, but seeing that host, dig or nslookup is unavailable, I
decided to go with this instead.
Jesper Wallin
Index: distrib/miniroot/install.sub
===================================================================
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1035
diff -u -p -r1.1035 install.sub
--- distrib/miniroot/install.sub 25 Aug 2017 18:21:30 -0000 1.1035
+++ distrib/miniroot/install.sub 8 Sep 2017 09:25:51 -0000
@@ -2258,6 +2258,13 @@ enable_network() {
fi
done
+ # Remove local nameservers since they are unavailable.
+ if [ -f "/etc/dhclient.conf" ]; then
+ cat /etc/dhclient.conf | sed -E \
+ '/supersede +domain-name-servers +.*(127.0.0.1|::1)/d' \
+ > /etc/dhclient.conf
+ fi
+
# Create a minimal hosts file.
echo "127.0.0.1\tlocalhost" >/tmp/i/hosts
echo "::1\t\tlocalhost" >>/tmp/i/hosts
