| === patrick_ is now known as patrick | ||
| === patrick is now known as Guest900 | ||
| frederik_b | I have a systemd-resolved question. I want to add a specific server for a specific TLD. But if I add a [Resolve] section in a specific resolved.conf.d file, with a Domains=~test, it takes over my global settings. | 12:31 |
|---|---|---|
| tomreyn | your ubuntu (and thus systemd) version is? | 12:49 |
| tomreyn | can you share a redacted or anonymized configuration snippet? | 12:50 |
| tomreyn | (please indicate any edits) | 12:50 |
| frederik_b | tomreyn: systemd 255 (255.4-1ubuntu8.4), config here: https://gist.github.com/frederikbosch/b00701ed3bf3348c11e93d247b3a8feb | 12:54 |
| frederik_b | F5 for resolvectl status | 12:56 |
| frederik_b | I left out all my (docker) links in that resolvectl log | 12:57 |
| elfranne | when i add "session required pam_lastlog.so" to my /etc/pam.d/vsftpd I can no longer login, getting a 530 login incorrect on the the ftp client. | 13:13 |
| tomreyn | frederik_b: quoting resolved.conf(5): "This search path has an effect only when suitable per-link DNS servers are known. Such servers may be defined through the DNS= setting (see above) and dynamically at run time, for example from DHCP leases. If no per-link DNS servers are known, route-only domains have no effect." | 13:18 |
| tomreyn | i'm actually reading up on this for the first time, and may misunderstand things, but it seems to me that you have no per-link DNS servers configured, neither statically nor dynamically via DHCP | 13:19 |
| frederik_b | tomreyn: but if you look at my resolved.conf (not test.conf), I do have a DNS=1.1.1.1 | 13:20 |
| tomreyn | but there is no "network interface name or index separated with '%'" there | 13:21 |
| frederik_b | what do you mean by that? | 13:22 |
| tomreyn | this second / latest quote is from resolved.conf(5), in the "OPTIONS" section, describing the "DNS=" option. My understanding is that you need to indicate an interface name there to be able to use a "route-only domain" defined by the "Domains=" option | 13:26 |
| tomreyn | but i'm not sure i'm reading this correctly | 13:26 |
| tomreyn | i'd expect any configurations in resolved.conf.d/ to apply to global scope / settings (and potentially overwrite previously read configurations) if it is not indicated what subset they refer to | 13:28 |
| tomreyn | (the intended subset being a "route-only domain" here) | 13:29 |
| tomreyn | frederik_b: systemd-resolved.service(8) has more info on how route-only domains are handled by systemd-resolved, maybe this can clarify the matter (but I can't claim to fully understand it, nor have tested it) | 13:32 |
| frederik_b | tomreyn: even when I explicitly set a DNS server for my link (via normal Ubuntu configuration) and define a DNS=1.1.1.1 in /etc/systemd/resolved.conf my specific DNS server for ~test is not working | 13:38 |
| frederik_b | dig test.test -> NXDOMAIN | 13:39 |
| tomreyn | hmm, maybe we have a different understanding of what route-only domains are. i'm not sure that you can use a specific resolver for a specific TLD. i understand them as a way to assign a specific resolver (and search domain) for a certain network interface. | 13:46 |
| tomreyn | and that network interface would need to be indicated on the DNS= option | 13:47 |
| frederik_b | tomreyn: thanks, you did help me out there actually | 14:14 |
| frederik_b | with your suggestion I hit this page: https://discuss.hashicorp.com/t/systemd-resolved-with-consul-support-both-consul-and-external-domains/34600/5 | 14:14 |
| frederik_b | "The reason the configuration with multiple configuration files isn’t working, is because it’s based on a misunderstanding - even if you put multiple files in /etc/systemd/resolved.conf.d/, this is only a convenience to allow you to build up a single configuration from multiple pieces." | 14:15 |
| oerheks | !cookie | tomreyn | 14:15 |
| ubottu | tomreyn: Wow! You're such a great helper, you deserve a cookie! | 14:15 |
| frederik_b | "I did eventually get the desired behaviour working by creating a dummy network interface I could attach the configuration to:" which was exactly you were saying | 14:15 |
| frederik_b | !cookie | tomreyn | 14:16 |
| ubottu | tomreyn: Wow! You're such a great helper, you deserve a cookie! | 14:16 |
| frederik_b | haha, nice, totally right | 14:16 |
| tomreyn | so many cookies, i'll grow fat soon | 14:17 |
| tomreyn | glad i could help you find direction, though | 14:17 |
| tomreyn | and even an apparently working example | 14:17 |
| tomreyn | which i could not have made up | 14:17 |
| tomreyn | you could also consider setting up a split horizon resolver instead - whichever seems more suitable / useful for the task. | 14:19 |
| tuxick | split horizon is nice, just watch brains melt when explaining to colleagues/webguys | 15:39 |
| === JanC is now known as Guest9115 | ||
| === JanC is now known as Guest8966 | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!