Fix Gate and Wild DNS.

Gate could not resolve private domain names.  The ISP link's DNS
servers were listed first in /etc/resolv.conf.  Punted link-local name
resolution and made Gate's legacy resolvers query Core first by making
it the system/default DNS.  Adjusted Core's =10-lan.network= to match.

The DHCP server on the wild Ethernet still had Core as the subnet DNS,
though the stud listener on Gate was recently configured to listen to
The Wild.  Set the DHCP server's DNS option to Gate.  And punted the
~EmitNTP~ and ~EmitSMTP~ settings (which were also unreachable).

diff --git a/README.org b/README.org
index 00918b472e1260b49382ca5833ca3691f0ac845a..b0c55ee87c0deb798325ecfb04e685729bf777aa 100644 (file)
--- a/README.org
+++ b/README.org
@@ -2637,8 +2637,6 @@ core_lan_mac:               08:00:27:b3:e5:5f
       [Network]
       Address={{ core_addr_cidr }}
       Gateway={{ gate_addr }}
-      DNS={{ core_addr }}
-      Domains={{ domain_priv }}
     dest: /etc/systemd/network/10-lan.network
   notify: Reload networkd.
 #+END_SRC
@@ -2824,7 +2822,6 @@ probably be used as forwarders rather than Google.
 #+BEGIN_SRC conf
 acl "trusted" {
        {{ private_net_cidr }};
-       {{ wild_net_cidr }};
        {{ public_wg_net_cidr }};
        {{ campus_wg_net_cidr }};
        localhost;
@@ -4990,8 +4987,6 @@ The campus Ethernet interface is named ~lan~ and configured by
 
       [Network]
       Address={{ gate_addr_cidr }}
-      DNS={{ core_addr }}
-      Domains={{ domain_priv }}
 
       [Route]
       Destination={{ public_wg_net_cidr }}
@@ -5072,11 +5067,8 @@ Address={{ gate_wild_addr_cidr }}
 DHCPServer=yes
 
 [DHCPServer]
+DNS={{ gate_wild_addr }}
 EmitDNS=yes
-EmitNTP=yes
-NTP={{ core_addr }}
-EmitSMTP=yes
-SMTP={{ core_addr }}
 {% for wild in wild_ones %}
 
 # {{ wild.name }}
@@ -5139,7 +5131,6 @@ UseMTU=true
 UseDNS=false
 #+END_SRC
 
-
 ** Configure Gate ResolveD
 
 Gate provides name service on the wild Ethernet by having its "stub
@@ -5156,12 +5147,12 @@ listener" listen there.  That stub should not read =/etc/hosts= lest
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
   loop:
+  - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" }
+  - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" }
   - regexp: '^ *DNSStubListenerExtra *='
     line: "DNSStubListenerExtra={{ gate_wild_addr }}"
-  - regexp: '^ *ReadEtcHosts *='
-    line: "ReadEtcHosts=no"
+  - { regexp: '^ *ReadEtcHosts *=', line: "ReadEtcHosts=no" }
   notify:
-  - Reload Systemd.
   - Restart Systemd resolved.
 #+END_SRC
 
@@ -7560,8 +7551,6 @@ MACAddress=08:00:27:f3:16:79
 
 [Network]
 Address=192.168.56.2/24
-DNS=192.168.56.1
-Domains=small.private
 EOD
 
 sudo systemctl --quiet enable systemd-networkd

diff --git a/private/test-gate-prep b/private/test-gate-prep
index 53ec37af5d3a28b22e3fc0333791731ff4afe0e4..1fcbae53597f253249f1e52f5e297383b9ded93c 100755 (executable)
--- a/private/test-gate-prep
+++ b/private/test-gate-prep
@@ -38,8 +38,6 @@ MACAddress=08:00:27:f3:16:79
 
 [Network]
 Address=192.168.56.2/24
-DNS=192.168.56.1
-Domains=small.private
 EOD
 
 sudo systemctl --quiet enable systemd-networkd

diff --git a/roles_t/core/tasks/main.yml b/roles_t/core/tasks/main.yml
index d283f34666624f9a51fe50ab309e3e9f190071e0..4debc9a53c0237621e6cda1b743168360d20110c 100644 (file)
--- a/roles_t/core/tasks/main.yml
+++ b/roles_t/core/tasks/main.yml
@@ -62,8 +62,6 @@
       [Network]
       Address={{ core_addr_cidr }}
       Gateway={{ gate_addr }}
-      DNS={{ core_addr }}
-      Domains={{ domain_priv }}
     dest: /etc/systemd/network/10-lan.network
   notify: Reload networkd.
 
@@ -109,7 +107,6 @@
     content: |
       acl "trusted" {
        {{ private_net_cidr }};
-       {{ wild_net_cidr }};
        {{ public_wg_net_cidr }};
        {{ campus_wg_net_cidr }};
        localhost;

diff --git a/roles_t/gate/tasks/main.yml b/roles_t/gate/tasks/main.yml
index 115e1c1d6b02ec8170c4dfa01f1ae1ca57347c30..b429b9f63c4d02345c76f31fea33e98a169846fd 100644 (file)
--- a/roles_t/gate/tasks/main.yml
+++ b/roles_t/gate/tasks/main.yml
@@ -26,8 +26,6 @@
 
       [Network]
       Address={{ gate_addr_cidr }}
-      DNS={{ core_addr }}
-      Domains={{ domain_priv }}
 
       [Route]
       Destination={{ public_wg_net_cidr }}
@@ -81,12 +79,12 @@
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
   loop:
+  - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" }
+  - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" }
   - regexp: '^ *DNSStubListenerExtra *='
     line: "DNSStubListenerExtra={{ gate_wild_addr }}"
-  - regexp: '^ *ReadEtcHosts *='
-    line: "ReadEtcHosts=no"
+  - { regexp: '^ *ReadEtcHosts *=', line: "ReadEtcHosts=no" }
   notify:
-  - Reload Systemd.
   - Restart Systemd resolved.
 
 - name: Install UFW.

diff --git a/roles_t/gate/templates/wild.network b/roles_t/gate/templates/wild.network
index 2930f27ce448e1a72ca5d1d5348f8aa0ee7f8cad..87b9151c7d190c61b3603d98fbe80831ec6446a0 100644 (file)
--- a/roles_t/gate/templates/wild.network
+++ b/roles_t/gate/templates/wild.network
@@ -6,11 +6,8 @@ Address={{ gate_wild_addr_cidr }}
 DHCPServer=yes
 
 [DHCPServer]
+DNS={{ gate_wild_addr }}
 EmitDNS=yes
-EmitNTP=yes
-NTP={{ core_addr }}
-EmitSMTP=yes
-SMTP={{ core_addr }}
 {% for wild in wild_ones %}
 
 # {{ wild.name }}