Can't figure out how to configure DNS for my network interface

glsarch · 2022-05-19 15:35:46

Hello,

I have pi-hole running in a Docker on a RaspberryPi. I want all my devices at home to use pi-hole as the only DNS server (pi-hole is configured to have 1.1.1.1 as a backup DNS server).

The IP address of the raspberry pi is 10.7.1.67, my router is 10.7.1.1.
My router DNS server is configured to only have 10.7.1.67 as a DNS server.

On my archlinux desktop computer, I can see this when I execute "resolvectl status"

Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 10.7.1.67
DNS Servers: 10.7.1.67
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google
2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
Link 2 (enp6s0)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.7.1.1
DNS Servers: 10.7.1.1
Link 3 (docker0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 4 (br-b8e92bdcdefd)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

I have systemd NetworkManager and systemd-resolved service running and started at boot.

systemd-resolved created this symlink

lrwxrwxrwx 1 root root 37 May 19 17:15 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf

which contains

nameserver 127.0.0.53
options edns0 trust-ad
search .

How can I change my network interface enp6s0 to behave like Global (resolvectl status) and only have 10.7.1.67 as DNS and not my router 10.7.1.1.

This issue creates some problems like I can't access some of my IoT devices using their hostnames because they are not known by 10.7.1.1, only by 10.7.1.67 (pi-hole).

[17:29:17]-[]-[gillouche@arch]-[~] $ dig +short @10.7.1.1 chaos txt version.bind
"dnsmasq-2.78"
[17:32:37]-[]-[gillouche@arch]-[~] $ dig +short @10.7.1.67 chaos txt version.bind
"dnsmasq-pi-hole-2.87test8"
[17:32:47]-[]-[gillouche@arch]-[~] $ dig +short @127.0.0.53 chaos txt version.bind
[17:32:55]-[]-[gillouche@arch]-[~] $

[17:33:46]-[]-[gillouche@arch]-[~] $ dig @10.7.1.67 jetsonnano2g
; <<>> DiG 9.18.2 <<>> @10.7.1.67 jetsonnano2g
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9446
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jetsonnano2g. IN A
;; ANSWER SECTION:
jetsonnano2g. 0 IN A 10.7.1.67
;; Query time: 6 msec
;; SERVER: 10.7.1.67#53(10.7.1.67) (UDP)
;; WHEN: Thu May 19 17:33:54 CEST 2022
;; MSG SIZE rcvd: 57
[17:33:54]-[]-[gillouche@arch]-[~] $ dig jetsonnano2g
; <<>> DiG 9.18.2 <<>> jetsonnano2g
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51040
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;jetsonnano2g. IN A
;; Query time: 3850 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu May 19 17:34:06 CEST 2022
;; MSG SIZE rcvd: 41

Would you have any idea on how to fix my configuration issue?

Thanks!

progandy · 2022-05-19 15:52:23

The best solution would be some options in your router to replace the DNS server it publishes with DHCP.

You should be able to tell networkmanager to ignore using the automatic dns server and configure your own for the link. (Settings ipv4.ignore-auto-dns and ipv4.dns, I don't know if the GUI supports DHCP with custom dns)

To prefer the global dns server in systemd-resolved see this:
https://wiki.archlinux.org/title/System … d#Manually

Maniaxx · 2022-05-19 16:57:33

You explicitly set 'enp6s0' to 10.7.1.1. If you don't want it don't set it so the global can (10.7.1.67) kick in instead.

Link 2 (enp6s0)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.7.1.1
DNS Servers: 10.7.1.1

glsarch · 2022-05-20 16:21:18

progandy wrote:

The best solution would be some options in your router to replace the DNS server it publishes with DHCP.
You should be able to tell networkmanager to ignore using the automatic dns server and configure your own for the link. (Settings ipv4.ignore-auto-dns and ipv4.dns, I don't know if the GUI supports DHCP with custom dns)
To prefer the global dns server in systemd-resolved see this:
https://wiki.archlinux.org/title/System … d#Manually

Hello,

where should I put these properties ipv4.ignore-auto-dns and ipv4.dns ?

I updated /etc/systemd/resolved.conf.d/{dns_servers.conf,fallback_dns.conf} as per your link but I still have the same problem.
I restarted systemd-resolved and NetworkManager service. I'll try a reboot to be sure but I am not sure that will change.

Thanks.

progandy · 2022-05-20 16:25:30

systemd-resolved will not resolve domains with without a suffix over dns by default. It will only try LLMNR and similar methods.
https://wiki.archlinux.org/title/System … out_suffix

The ipv4. settings can be used with nmcli: https://serverfault.com/a/810639
In the GUI there may be a DNS field with an automatic toggle, but I am not sure. You might be able to disable that toggle and manually enter your dns server. (The overall "Method" must stay on automatic/DHCP or you'll have to manually set up a static ip as well)
Edit: Or maybe the setting is "Method: DHCP addresses only", then manually add the dns.

Last edited by progandy (2022-05-20 16:35:31)

glsarch · 2022-05-20 16:26:51

Maniaxx wrote:

You explicitly set 'enp6s0' to 10.7.1.1. If you don't want it don't set it so the global can (10.7.1.67) kick in instead.
Link 2 (enp6s0)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.7.1.1
DNS Servers: 10.7.1.1

Hello,

where would I explicitly set that for my interface? I don't have anything in /etc. I don't want my network interface to use the gateway as primary DNS.
I can find some things in /run but I never modified anything in this directory before. That seems to be related to systemd that populates this directory.

[18:22:50]-[10.7.1.53]-[gillouche@arch]-[/etc] $ sudo ag -i "10\.7\.1\.1" / 2>/dev/null
/run/NetworkManager/resolv.conf
2:nameserver 10.7.1.1
/run/NetworkManager/no-stub-resolv.conf
2:nameserver 10.7.1.1
/run/systemd/resolve/netif/2
5:SERVERS=10.7.1.1
/run/systemd/resolve/resolv.conf
18:nameserver 10.7.1.1

Thanks.

glsarch · 2022-05-20 16:35:25

So I configured my network interface to only get an address from the DHCP (Automatic (Only addresses)) and manually set my DNS to be 10.7.1.67 and then restarted NetworkManager service.

Now I have the following result which seems weird.

[18:31:36]-[10.7.1.53]-[gillouche@arch]-[/etc] $ sudo resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 10.7.1.67
DNS Servers: 10.7.1.67
DNS Domain: ~.
Link 2 (enp6s0)
Current Scopes: DNS LLMNR/IPv4
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 10.7.1.67
Link 3 (docker0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 4 (br-b8e92bdcdefd)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
[18:31:39]-[10.7.1.53]-[gillouche@arch]-[/etc] $ ping jetsonnano2g
ping: jetsonnano2g: Name or service not known
[18:31:49]-[10.7.1.53]-[gillouche@arch]-[/etc] $ nslookup jetsonnano2g
Server: 127.0.0.53
Address: 127.0.0.53#53
** server can't find jetsonnano2g: NXDOMAIN
[18:32:01]-[10.7.1.53]-[gillouche@arch]-[/etc] $ dig jetsonnano2g
; <<>> DiG 9.18.2 <<>> jetsonnano2g
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3845
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;jetsonnano2g. IN A
;; Query time: 3913 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri May 20 18:32:22 CEST 2022
;; MSG SIZE rcvd: 41
[18:32:22]-[10.7.1.53]-[gillouche@arch]-[/etc] $ dig @10.7.1.67 jetsonnano2g
; <<>> DiG 9.18.2 <<>> @10.7.1.67 jetsonnano2g
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1342
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;jetsonnano2g. IN A
;; ANSWER SECTION:
jetsonnano2g. 0 IN A 10.7.1.67
;; Query time: 6 msec
;; SERVER: 10.7.1.67#53(10.7.1.67) (UDP)
;; WHEN: Fri May 20 18:32:31 CEST 2022
;; MSG SIZE rcvd: 57

Shouldn't 127.0.0.53 queries 10.7.1.67?
I am not sure what I am doing wrong sorry, networking is really not my best knowledge.

progandy · 2022-05-20 16:38:16

See my first link in post #5. Resolved by default does not use DNS to look for domains without a suffix.

glsarch · 2022-05-20 16:50:10

progandy wrote:

See my first link in post #5. Resolved by default does not use DNS to look for domains without a suffix.

Okay thanks. I have a lot of reading to do about DNS and networking in general.

Arch Linux

#1 2022-05-19 15:35:46

Can't figure out how to configure DNS for my network interface

#2 2022-05-19 15:52:23

Re: Can't figure out how to configure DNS for my network interface

#3 2022-05-19 16:57:33

Re: Can't figure out how to configure DNS for my network interface

#4 2022-05-20 16:21:18

Re: Can't figure out how to configure DNS for my network interface

#5 2022-05-20 16:25:30

Re: Can't figure out how to configure DNS for my network interface

#6 2022-05-20 16:26:51

Re: Can't figure out how to configure DNS for my network interface

#7 2022-05-20 16:35:25

Re: Can't figure out how to configure DNS for my network interface

#8 2022-05-20 16:38:16

Re: Can't figure out how to configure DNS for my network interface

#9 2022-05-20 16:50:10

Re: Can't figure out how to configure DNS for my network interface

Board footer