You are not logged in.
- Topics: Active | Unanswered
#1 2015-06-05 18:16:18
- ggg377
- Member
- Registered: 2015-02-20
- Posts: 43
[SOLVED] Can't set up pdnsd with NetworkManager
After setting up pdnsd with NetworkManager, DNS always drops in accordance to the global timeout setting in /etc/pdnsd.conf. I haven't seen any oddities in systemctl status or journalctl. If I raise the pdnsd.conf global timeout value to 60 seconds, that's how long my DNS is going to last. If I raise it to 600 or 6000 seconds, same thing. Restarting pdnsd.service will have DNS up again immediately. Raising pdnsd.conf server timeout doesn't seem to help. I also tried debugging pdnsd, but I didn't notice anything significant. I can provide logs if necessary.
Below are the configurations I use:
/etc/resolv.conf
--------
#
# /etc/resolv.conf
#
nameserver 127.0.0.1
# End of file/etc/pdnsd.conf
-------------
global {
perm_cache=16384;
cache_dir="/var/cache/pdnsd";
run_as="pdnsd";
server_ip = 127.0.0.1;
status_ctl = on;
query_method=udp_tcp;
min_ttl=6h; # Retain cached entries at least 15 minutes.
max_ttl=1w; # One week.
timeout=60; # Global timeout option (10 seconds).
neg_domain_pol=on;
udpbufsize=1024; # Upper limit on the size of UDP messages.
}
server {
label = "dnscrypt-proxy";
ip = 31.220.5.106;
port = 54;
timeout = 10;
uptest = query;
interval = 15m;
proxy_only=on;
}
source {
owner=localhost;
file="/etc/hosts";
}
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}/etc/NetworkManager/NetworkManager.conf
-----------------
[main]
plugins=keyfile
dhcp=dhclient
dns=noneLast edited by ggg377 (2015-06-07 00:17:25)
Offline
#2 2015-06-05 23:05:16
- WorMzy
- Administrator
- From: Scotland
- Registered: 2010-06-16
- Posts: 12,614
- Website
Re: [SOLVED] Can't set up pdnsd with NetworkManager
Thanks for your report, ggg377.
Moving to Networking, Server and Protection.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
#3 2015-06-06 14:34:01
- ggg377
- Member
- Registered: 2015-02-20
- Posts: 43
Re: [SOLVED] Can't set up pdnsd with NetworkManager
Update: As an experiment, I set up dnscrypt-proxy with an analogous 127.0.0.1 configuration and it works perfectly without any interruptions. Could this be a bug in pdnsd or is it simply a misconfiguration (despite the one in OP being the default one)?
Configuration:
/etc/resolv.conf
----------
#
# /etc/resolv.conf
#
nameserver 127.0.0.1
# End of file/etc/conf.d/dnscrypt-proxy
--------
DNSCRYPT_LOCALIP=127.0.0.1
DNSCRYPT_LOCALPORT=53
DNSCRYPT_USER=nobody
DNSCRYPT_PROVIDER_NAME=2.fvz-rec-se-ab-01.dnscrypt-cert.meo.ws
DNSCRYPT_PROVIDER_KEY=3FFA:D9E4:AE6F:B96D:C0FC:AB0D:66C5:F329:B40E:533F:4B19:D24B:A4B8:90EC:6CF1:EFE4
DNSCRYPT_RESOLVERIP=31.220.5.106
DNSCRYPT_RESOLVERPORT=54/etc/NetworkManager/NetworkManager.conf
--------
[main]
plugins=keyfile
dhcp=dhclient
dns=noneOffline
#4 2015-06-07 00:17:07
- ggg377
- Member
- Registered: 2015-02-20
- Posts: 43
Re: [SOLVED] Can't set up pdnsd with NetworkManager
The pdnsd.conf file from the wiki did turn out to be unsuitable for me or faulty. This one, which I already routed to dnscrypt worked (can't tell exactly how they're different for now):
/etc/pdnsd.conf
------------
// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
// Read the pdnsd.conf(5) manpage for an explanation of the options.
// Add or remove '#' in front of options you want to disable or enable, respectively.
// Remove '/*' and '*/' to enable complete sections.
global {
perm_cache=16384;
cache_dir="/var/cache/pdnsd";
# pid_file = /var/run/pdnsd.pid;
run_as="pdnsd";
server_ip = 127.0.0.1; # Use eth0 here if you want to allow other
# machines on your network to query pdnsd.
status_ctl = on;
# paranoid=on; # This option reduces the chance of cache poisoning
# but may make pdnsd less efficient, unfortunately.
query_method=udp_tcp;
min_ttl=6h; # Retain cached entries at least 15 minutes.
max_ttl=2w; # One week.
timeout=10; # Global timeout option (10 seconds).
neg_domain_pol=on;
udpbufsize=1024; # Upper limit on the size of UDP messages.
}
# The following section is most appropriate if you have a fixed connection to
# the Internet and an ISP which provides good DNS servers.
server {
label= "nic";
ip = 127.0.0.2;
port = 53;
timeout=4; # Server timeout; this may be much shorter
# that the global timeout option.
uptest=if; # Test if the network interface is active.
interface=wlp1s0; # The name of the interface to check.
interval=10m; # Check every 10 minutes.
purge_cache=off; # Keep stale cache entries in case the ISP's
# DNS servers go offline.
edns_query=yes; # Use EDNS for outgoing queries to allow UDP messages
# larger than 512 bytes. May cause trouble with some
# legacy systems.
# exclude=.thepiratebay.org, # If your ISP censors certain names, you may
# .thepiratebay.se, # want to exclude them here, and provide an
# .piratebay.org, # alternative server section below that will
# .piratebay.se; # successfully resolve the names.
}
/*
# The following section is more appropriate for dial-up connections.
# Read about how to use pdnsd-ctl for dynamic configuration in the documentation.
#server {
# label= "dialup";
# file = "/etc/ppp/resolv.conf"; # Preferably do not use /etc/resolv.conf
# proxy_only=on;
# timeout=4;
# uptest=if;
# interface = ppp0;
# interval=10; # Check the interface every 10 seconds.
# purge_cache=off;
# preset=off;
#}
#*/
#/*
# The servers provided by OpenDNS are fast, but they do not reply with
# NXDOMAIN for non-existant domains, instead they supply you with an
# address of one of their search engines. They also lie about the addresses of
# of the search engines of google, microsoft and yahoo.
# If you do not like this behaviour the "reject" option may be useful.
#server {
# label = "opendns";
# ip = 208.67.222.222, 208.67.220.220;
# reject = 208.69.32.0/24, # You may need to add additional address ranges
# 208.69.34.0/24, # here if the addresses of their search engines
# 208.67.219.0/24; # change.
# reject_policy = fail; # If you do not provide any alternative server
# # sections, like the following root-server
# # example, "negate" may be more appropriate here.
# timeout = 4;
# uptest = ping; # Test availability using ICMP echo requests.
# ping_timeout = 100; # ping test will time out after 10 seconds.
# interval = 15m; # Test every 15 minutes.
# preset = off;
#}
#*/
#/*
# This section is meant for resolving from root servers.
#server {
# label = "root-servers";
# root_server = discover; # Query the name servers listed below
# # to obtain a full list of root servers.
# randomize_servers = on; # Give every root server an equal chance
# # of being queried.
# ip = 198.41.0.4, # This list will be expanded to the full
# 192.228.79.201; # list on start up.
# timeout = 5;
# uptest = query; # Test availability using empty DNS queries.
# query_test_name = .; # To be used if remote servers ignore empty queries.
# interval = 30m; # Test every half hour.
# ping_timeout = 300; # Test should time out after 30 seconds.
# purge_cache = off;
# edns_query = yes; # Use EDNS for outgoing queries to allow UDP messages
# # larger than 512 bytes. May cause trouble with some
# # legacy systems.
# exclude = .localdomain;
# policy = included;
# preset = off;
#}
#*/
#source {
# owner=localhost;
# serve_aliases=on;
# file="/etc/hosts";
#}
/*
include {file="/etc/pdnsd.include";} # Read additional definitions from /etc/pdnsd.include.
*/
rr {
name=localhost;
reverse=on;
a=127.0.0.1;
owner=localhost;
soa=localhost,root.localhost,42,86400,900,86400,86400;
}
/*
neg {
name=doubleclick.net;
types=domain; # This will also block xxx.doubleclick.net, etc.
}
*/
/*
neg {
name=bad.server.com; # Badly behaved server you don't want to connect to.
types=A,AAAA;
}
*/Last edited by ggg377 (2015-06-07 00:23:45)
Offline