Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check contents of /etc/resolv.conf #209

Open
yrro opened this issue May 18, 2021 · 5 comments
Open

Check contents of /etc/resolv.conf #209

yrro opened this issue May 18, 2021 · 5 comments

Comments

@yrro
Copy link
Contributor

yrro commented May 18, 2021
edited
Loading

I've got a machine where resolv.conf was changed from:

# auto-generated by IPA installer
search ipa.example.com
nameserver 127.0.0.1
nameserver ::1

to:

; generated by /usr/sbin/dhclient-script
nameserver 203.0.113.1
nameserver 203.0.113.2
nameserver 203.0.113.3

Maybe ipa-healthcheck could complain if ::1 and 127.0.0.1 are not the only configured nameservers, and if the search list doesn't include the IPA domain?

(In case someone else finds it useful--this particular server is using network-scripts to configure via DHCP; the fix was to add DNS1=127.0.0.1 and DNS2=::1 to /etc/sysconfig/network-scripts/ifcfg-eth0 and reboot).
@rcritten
Copy link
Collaborator

That's a great suggestion, thanks.

We'd need to be careful to only apply this when the DNS service is configured and to not assume which addresses are there.

The installer configures 127.0.0.1 if there are any IPv4 addresses and ::1 if any IPv6 in https://github.com/freeipa/freeipa/blob/master/ipaserver/install/bindinstance.py#L1127

@rcritten
Copy link
Collaborator

This is somewhat complicated by systemd-resolvd which now owns /etc/resolv.conf. I guess if the file is a symlink to /run/systemd/resolve/stub-resolv.conf then we can executed systemd-resolv --status and scrape for 127.0.0.1.

@yrro
Copy link
Contributor Author

yrro commented Jun 16, 2022
edited
Loading

Since (I think) I filed this issue, FreeIPA has been enhanced to tell NetworkManager to configure the system's DNS to use 127.0.0.1/::1 as its resolver. So probably the original reason I filed this issue is no longer reproducible.

Nonetheless it's probably still useful to have a health check for proper DNS configuration. If you want to check whether resolved 'owns' resolv.conf then the best way to find out is to ask it via D-Bus (check the manager's ResolvConfMode property which can be set to uplink, stub, static if managed, missing if resolv.conf has been deleted, and foreign if resolv.conf is not managed by resolved).

@rcritten
Copy link
Collaborator

Yes, D-Bus is a much nicer way to inquire on status, thanks for that!

@rcritten
Copy link
Collaborator

rcritten commented Apr 7, 2023

I may add this under meta as an informational value.

Simple code for getting this property:

import dbus

bus = dbus.SystemBus()
obj = bus.get_object('org.freedesktop.resolve1',
                     '/org/freedesktop/resolve1')
prop_if = dbus.Interface(obj, 'org.freedesktop.DBus.Properties')
mode = prop_if.Get('org.freedesktop.resolve1.Manager', 'ResolvConfMode')
print(mode)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yrro @rcritten