From caa82f5502fd6f75c0d879b682a08c1a40586815 Mon Sep 17 00:00:00 2001 From: Matt Birkholz Date: Sun, 11 Jan 2026 14:24:52 -0700 Subject: [PATCH] Fix Gate and Wild DNS. Gate could not resolve private domain names. The ISP link's DNS servers were listed first in /etc/resolv.conf. Punted link-local name resolution and made Gate's legacy resolvers query Core first by making it the system/default DNS. Adjusted Core's =10-lan.network= to match. The DHCP server on the wild Ethernet still had Core as the subnet DNS, though the stud listener on Gate was recently configured to listen to The Wild. Set the DHCP server's DNS option to Gate. And punted the ~EmitNTP~ and ~EmitSMTP~ settings (which were also unreachable). --- README.org | 19 ++++--------------- private/test-gate-prep | 2 -- roles_t/core/tasks/main.yml | 3 --- roles_t/gate/tasks/main.yml | 8 +++----- roles_t/gate/templates/wild.network | 5 +---- 5 files changed, 8 insertions(+), 29 deletions(-) diff --git a/README.org b/README.org index 00918b4..b0c55ee 100644 --- a/README.org +++ b/README.org @@ -2637,8 +2637,6 @@ core_lan_mac: 08:00:27:b3:e5:5f [Network] Address={{ core_addr_cidr }} Gateway={{ gate_addr }} - DNS={{ core_addr }} - Domains={{ domain_priv }} dest: /etc/systemd/network/10-lan.network notify: Reload networkd. #+END_SRC @@ -2824,7 +2822,6 @@ probably be used as forwarders rather than Google. #+BEGIN_SRC conf acl "trusted" { {{ private_net_cidr }}; - {{ wild_net_cidr }}; {{ public_wg_net_cidr }}; {{ campus_wg_net_cidr }}; localhost; @@ -4990,8 +4987,6 @@ The campus Ethernet interface is named ~lan~ and configured by [Network] Address={{ gate_addr_cidr }} - DNS={{ core_addr }} - Domains={{ domain_priv }} [Route] Destination={{ public_wg_net_cidr }} @@ -5072,11 +5067,8 @@ Address={{ gate_wild_addr_cidr }} DHCPServer=yes [DHCPServer] +DNS={{ gate_wild_addr }} EmitDNS=yes -EmitNTP=yes -NTP={{ core_addr }} -EmitSMTP=yes -SMTP={{ core_addr }} {% for wild in wild_ones %} # {{ wild.name }} @@ -5139,7 +5131,6 @@ UseMTU=true UseDNS=false #+END_SRC - ** Configure Gate ResolveD Gate provides name service on the wild Ethernet by having its "stub @@ -5156,12 +5147,12 @@ listener" listen there. That stub should not read =/etc/hosts= lest regexp: "{{ item.regexp }}" line: "{{ item.line }}" loop: + - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" } + - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" } - regexp: '^ *DNSStubListenerExtra *=' line: "DNSStubListenerExtra={{ gate_wild_addr }}" - - regexp: '^ *ReadEtcHosts *=' - line: "ReadEtcHosts=no" + - { regexp: '^ *ReadEtcHosts *=', line: "ReadEtcHosts=no" } notify: - - Reload Systemd. - Restart Systemd resolved. #+END_SRC @@ -7560,8 +7551,6 @@ MACAddress=08:00:27:f3:16:79 [Network] Address=192.168.56.2/24 -DNS=192.168.56.1 -Domains=small.private EOD sudo systemctl --quiet enable systemd-networkd diff --git a/private/test-gate-prep b/private/test-gate-prep index 53ec37a..1fcbae5 100755 --- a/private/test-gate-prep +++ b/private/test-gate-prep @@ -38,8 +38,6 @@ MACAddress=08:00:27:f3:16:79 [Network] Address=192.168.56.2/24 -DNS=192.168.56.1 -Domains=small.private EOD sudo systemctl --quiet enable systemd-networkd diff --git a/roles_t/core/tasks/main.yml b/roles_t/core/tasks/main.yml index d283f34..4debc9a 100644 --- a/roles_t/core/tasks/main.yml +++ b/roles_t/core/tasks/main.yml @@ -62,8 +62,6 @@ [Network] Address={{ core_addr_cidr }} Gateway={{ gate_addr }} - DNS={{ core_addr }} - Domains={{ domain_priv }} dest: /etc/systemd/network/10-lan.network notify: Reload networkd. @@ -109,7 +107,6 @@ content: | acl "trusted" { {{ private_net_cidr }}; - {{ wild_net_cidr }}; {{ public_wg_net_cidr }}; {{ campus_wg_net_cidr }}; localhost; diff --git a/roles_t/gate/tasks/main.yml b/roles_t/gate/tasks/main.yml index 115e1c1..b429b9f 100644 --- a/roles_t/gate/tasks/main.yml +++ b/roles_t/gate/tasks/main.yml @@ -26,8 +26,6 @@ [Network] Address={{ gate_addr_cidr }} - DNS={{ core_addr }} - Domains={{ domain_priv }} [Route] Destination={{ public_wg_net_cidr }} @@ -81,12 +79,12 @@ regexp: "{{ item.regexp }}" line: "{{ item.line }}" loop: + - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" } + - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" } - regexp: '^ *DNSStubListenerExtra *=' line: "DNSStubListenerExtra={{ gate_wild_addr }}" - - regexp: '^ *ReadEtcHosts *=' - line: "ReadEtcHosts=no" + - { regexp: '^ *ReadEtcHosts *=', line: "ReadEtcHosts=no" } notify: - - Reload Systemd. - Restart Systemd resolved. - name: Install UFW. diff --git a/roles_t/gate/templates/wild.network b/roles_t/gate/templates/wild.network index 2930f27..87b9151 100644 --- a/roles_t/gate/templates/wild.network +++ b/roles_t/gate/templates/wild.network @@ -6,11 +6,8 @@ Address={{ gate_wild_addr_cidr }} DHCPServer=yes [DHCPServer] +DNS={{ gate_wild_addr }} EmitDNS=yes -EmitNTP=yes -NTP={{ core_addr }} -EmitSMTP=yes -SMTP={{ core_addr }} {% for wild in wild_ones %} # {{ wild.name }} -- 2.47.3