=== patrick_ is now known as patrick
=== patrick is now known as Guest900
[12:31] <frederik_b> I have a systemd-resolved question. I want to add a specific server for a specific TLD. But if I add a [Resolve] section in a specific resolved.conf.d file, with a Domains=~test, it takes over my global settings.
[12:49] <tomreyn> your ubuntu (and thus systemd) version is?
[12:50] <tomreyn> can you share a redacted or anonymized configuration snippet?
[12:50] <tomreyn> (please indicate any edits)
[12:54] <frederik_b> tomreyn: systemd 255 (255.4-1ubuntu8.4), config here: https://gist.github.com/frederikbosch/b00701ed3bf3348c11e93d247b3a8feb
[12:56] <frederik_b> F5 for resolvectl status
[12:57] <frederik_b> I left out all my (docker) links in that resolvectl log
[13:13] <elfranne> when i add "session required pam_lastlog.so" to my /etc/pam.d/vsftpd I can no longer login, getting a 530 login incorrect on the the ftp client. 
[13:18] <tomreyn> frederik_b: quoting resolved.conf(5): "This search path has an effect only when suitable per-link DNS servers are known. Such servers may be defined through the DNS= setting (see above) and dynamically at run time, for example from DHCP leases. If no per-link DNS servers are known, route-only domains have no effect."
[13:19] <tomreyn> i'm actually reading up on this for the first time, and may misunderstand things, but it seems to me that you have no per-link DNS servers configured, neither statically nor dynamically via DHCP
[13:20] <frederik_b> tomreyn: but if you look at my resolved.conf  (not test.conf), I do have a DNS=1.1.1.1
[13:21] <tomreyn> but there is no "network interface name or index separated with '%'" there
[13:22] <frederik_b> what do you mean by that?
[13:26] <tomreyn> this second / latest quote is from resolved.conf(5), in the "OPTIONS" section, describing the "DNS=" option. My understanding is that you need to indicate an interface name there to be able to use a "route-only domain" defined by the "Domains=" option
[13:26] <tomreyn> but i'm not sure i'm reading this correctly
[13:28] <tomreyn> i'd expect any configurations in resolved.conf.d/ to apply to global scope / settings (and potentially overwrite previously read configurations) if it is not indicated what subset they refer to
[13:29] <tomreyn> (the intended subset being a "route-only domain" here)
[13:32] <tomreyn> frederik_b: systemd-resolved.service(8) has more info on how route-only domains are handled by systemd-resolved, maybe this can clarify the matter (but I can't claim to fully understand it, nor have tested it)
[13:38] <frederik_b> tomreyn: even when I explicitly set a DNS server for my link (via normal Ubuntu configuration) and define a DNS=1.1.1.1 in /etc/systemd/resolved.conf my specific DNS server for ~test is not working
[13:39] <frederik_b> dig test.test -> NXDOMAIN
[13:46] <tomreyn> hmm, maybe we have a different understanding of what route-only domains are. i'm not sure that you can use a specific resolver for a specific TLD. i understand them as a way to assign a specific resolver (and search domain) for a certain network interface.
[13:47] <tomreyn> and that network interface would need to be indicated on the DNS= option
[14:14] <frederik_b> tomreyn: thanks, you did help me out there actually
[14:14] <frederik_b> with your suggestion I hit this page: https://discuss.hashicorp.com/t/systemd-resolved-with-consul-support-both-consul-and-external-domains/34600/5
[14:15] <frederik_b> "The reason the configuration with multiple configuration files isn’t working, is because it’s based on a misunderstanding - even if you put multiple files in /etc/systemd/resolved.conf.d/, this is only a convenience to allow you to build up a single configuration from multiple pieces."
[14:15] <oerheks> !cookie | tomreyn 
[14:15] <ubottu> tomreyn: Wow! You're such a great helper, you deserve a cookie!
[14:15] <frederik_b> "I did eventually get the desired behaviour working by creating a dummy network interface I could attach the configuration to:" which was exactly you were saying
[14:16] <frederik_b> !cookie | tomreyn
[14:16] <ubottu> tomreyn: Wow! You're such a great helper, you deserve a cookie!
[14:16] <frederik_b> haha, nice, totally right
[14:17] <tomreyn> so many cookies, i'll grow fat soon
[14:17] <tomreyn> glad i could help you find direction, though
[14:17] <tomreyn> and even an apparently working example
[14:17] <tomreyn> which i could not have made up
[14:19] <tomreyn> you could also consider setting up a split horizon resolver instead - whichever seems more suitable / useful for the task.
[15:39] <tuxick> split horizon is nice, just watch brains melt when explaining to colleagues/webguys
=== JanC is now known as Guest9115
=== JanC is now known as Guest8966