networkmanager: add opensresolv #1828

Closed
wants to merge 4 commits into
from

Conversation

Projects
None yet
3 participants
Owner

domenkozar commented Feb 24, 2014

No description provided.

Member

ttuegel commented Feb 25, 2014

This doesn't work for me. My /etc/resolv.conf is still managed by NetworkManager. openresolv never gets involved and nscd isn't restarted. Of course, NetworkManager has zilch for documentation, but from the source code (http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/dns-manager/nm-dns-manager.c) it looks like you also need to set dns=dnsmasq in /etc/NetworkManager/NetworkManager.conf.

Owner

domenkozar commented Feb 25, 2014

@ttuegel could you trying adding that line into networkingmanager nixos module and test?

Member

ttuegel commented Feb 25, 2014

@iElectric Yeah, I'll give it a try and report back.

Member

ttuegel commented Feb 25, 2014

No luck. NetworkManager is still ignoring resolvconf. Taking another look at the source.

@ttuegel ttuegel commented on an outdated diff Feb 25, 2014

pkgs/tools/networking/network-manager/default.nix
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
"--with-dhcpcd=no"
"--with-iptables=${iptables}/sbin/iptables"
"--with-udev-dir=\${out}/lib/udev"
- "--without-resolvconf"
+ "--with-resolvconf=${openresolv}/sbin/openresolv"
@ttuegel

ttuegel Feb 25, 2014

Member

This should be ${openresolv}/sbin/resolvconf, which is the name of the executable.

Member

ttuegel commented Feb 25, 2014

With the correct executable name, I can see that NetworkManager is calling openresolv because resolvconf -l lists a section generated by NetworkManager. However, NetworkManager isn't actually sending any DNS settings, so the resolv.conf generated by resolvconf is empty! I turned NetworkManager's log level up to DEBUG, but it indicated the DNS was set correctly.

Member

ttuegel commented Feb 25, 2014

Forgot to add: I looked at the code, and we don't need dns=dnsmasq here, just the correct executable name.

Member

ttuegel commented Feb 26, 2014

Sorry for the wall of text. I spent some time trying to debug this today, and reading the NetworkManager mailing list.

NetworkManager persists in sending an (apparently) empty resolv.conf to openresolv. What I do know is that resolvconf -l reports an empty DNS configuration from NetworkManager--not even a # Generated by NetworkManager line. By turning up the log level, I have been able to confirm that NetworkManager thinks it's sending something to openresolv, I'm just not sure what. NetworkManager doesn't seem to have a debugging output for its resolv.conf information when you're piping it through openresolv.

I have also tried copying the working resolv.conf NetworkManager produces without openresolv into resolvconf while NetworkManager is running with openresolv enabled. If I do this, openresolv sets my /etc/resolv.conf correctly, so I am left to conclude that if openresolv is enabled, NetworkManager generates a bad resolv.conf.

From reading the mailing list, I have also come to the conclusion that we shouldn't even be trying to go through openresolv: it's just going to be more of a maintenance burden for us. First, some background: In 2005, there was an attempt to patch NetworkManager for Debian compatibility by adding resolvconf support. It looks like this went nowhere because, at the time, developers were vehemently opposed to NetworkManager being compatible with anything. The thinking was that NetworkManager should be the only technology for networking on GNU/Linux. By 2008, they had relaxed that stance somewhat to support SuSE's native networking tools. In 2008, a patch by openresolv's author adding openresolv/resolvconf support was accepted, in part because it was necessary for compatibility with Debian and Ubuntu.

Today, Ubuntu has dropped resolvconf in favor of NetworkManager+dnsmasq. Debian uses resolvconf, but according to their wiki, if you use NetworkManager, it overrides your configuration in favor of... NetworkManager+dnsmasq! If you come forward with any DNS problem, the party line seems to be "have you tried NetworkManager+dnsmasq?" I can't find evidence of any distro that uses NetworkManager+openresolv by default. So, I suspect that even if NetworkManager+openresolv is "supported" right now, it won't be for long. That will shift the maintenance burden to NixOS when it eventually breaks (again).

TL;DR We should seriously consider making NetworkManager+dnsmasq the default NetworkManager configuration on NixOS because it gets more upstream testing.

Having said all that: NetworkManager may be an inscrutable mess, but I'm happy to continue trying to debug if you have any suggestions. I've exhausted my own ingenuity, though. I will probably move forward on my own with a configuration that drops openresolv and nscd in favor of NetworkManager and dnsmasq.

Owner

domenkozar commented Feb 27, 2014

Another thing to try would be to use resolvconf implementation http://packages.qa.debian.org/r/resolvconf.html

Owner

domenkozar commented Feb 27, 2014

Actually I just noticed, even without this patch I have following (correct) contents

$ cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 192.168.0.10
Owner

edolstra commented Feb 27, 2014

I'm confused. What does dnsmasq have to do with anything? It's a DNS / DHCP server, right?

Member

ttuegel commented Feb 27, 2014

@iElectric I'll take a look at Debian's resolvconf. As for the contents of /etc/resolv.conf, the problem was never having incorrect DNS settings there. The problem is that when those settings change, the nscd cache needs to be invalidated, which isn't happening. If NetworkManager would go through openresolv like the other components of NixOS, then the nscd cache would automatically be invalidated. Your /etc/resolv.conf isn't generated through openresolv, or the first line would be # resolv.conf from NetworkManager.

@edolstra The major desktop distros use NetworkManager for networking and dnsmasq for DNS caching (rather than nscd). NetworkManager has the capability to manage a dnsmasq server.

Owner

edolstra commented Feb 27, 2014

Note that NixOS absolutely requires nscd to provide NSS modules to the rest of the system. Without it, every program would need to have the NSS modules in their LD_LIBRARY_PATH.

Member

ttuegel commented Feb 27, 2014

@edolstra I hadn't thought of that! I wasn't really suggesting that we eliminate nscd entirely. I was thinking that networking.networkmanager.enable = true should imply disabling the hosts cache in nscd in favor of dnsmasq. But, if I can get Debian's resolvconf to work, that's obviously better.

Owner

edolstra commented Feb 27, 2014

Why would Debian's resolvconf work any better than openresolv? AFAIK, they have pretty much the same interface. All NetworkManager has to do is actually call it.

Member

ttuegel commented Feb 28, 2014

@edolstra Debian's resolvconf and openresolv are supposed to be the same, but I think we're hoping that openresolv is somehow broken. It's possible; I'm not aware that any other distro has ever relied on NetworkManager+openresolv. Debian and Ubuntu certainly used Debian resolvconf only.

The other possibility is that NetworkManager's resolvconf integration is broken. Right now, this looks like the likelier scenario, unfortunately. I want to rule it out because I don't have high hopes for fixing NetworkManager. It seems like resolvconf support is abandoned upstream.

Also, please ignore what I was saying yesterday about using dnsmasq in place of nscd's hosts cache. That's obviously wrong. I don't know what I was thinking :)

Member

ttuegel commented Feb 28, 2014

At least part of the problem with NetworkManager+openresolv is that NetworkManager resets the environment before running resolvconf. The resolvconf script should be wrapped anyway, for purity (it uses coreutils). I'm testing a patch now.

Owner

domenkozar commented Feb 28, 2014

@ttuegel how do I confirm it fixes the problem?

Member

ttuegel commented Feb 28, 2014

Your /etc/resolv.conf will indicate that it was created by resolvconf, not NetworkManager. For example, right now mine is:

# Generated by resolvconf
nameserver 192.168.0.1

Before, it would have been # Generated by NetworkManager. And of course, you should make sure your DNS still works!

Owner

domenkozar commented Feb 28, 2014

$ cat /etc/resolv.conf 
# Generated by resolvconf
nameserver 192.168.0.10

Pushed, thanks!

domenkozar closed this Feb 28, 2014

domenkozar deleted the networkmanager-openresolv branch Feb 28, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment