networking.networkmanager.ensureProfiles.profiles.<name>.ipv4.ignore-auto-dns option does not work about nixpkgs HOT 25 CLOSED

I'll be at dayjob for the next few hours but can take a look later.

from nixpkgs.

We basically had the same configuration but I will ask a second time.

When "method" is set to "auto" and this property to TRUE, automatically configured name servers and search domains are ignored and only name servers and search domains specified in the "dns" and "dns-search" properties, if any, are used.

Exactly. In the configuration method=auto and the property is set to true BUT the name servers domains are not ignored.

at least isn't one related to networking.networkmanager.ensureProfiles.profiles

Yes, maybe there is something happening beyond that. The first call to cat showed the nameserver but only the second call (after 1 or 2 seconds) would show the added domain x.y.z line.

from nixpkgs.

Honestly no idea what's wrong with it. I started writing VM-tests for Network-Manager yesterday and will try to finish them this weekend. Then checking for your problem will be a lot easier.

from nixpkgs.

Thank you so much!!

A workaround is to have a dispatchScript, like so:

networking.networkmanager.dispatcherScripts = [
    {
     source = pkgs.writeText "upHook" ''
              if [ "$2" != "up" ]; then
                logger "exit: event $2 != up"
                exit
              fi

              sleep 2s
              sed -i 's/domain x.y.z.*//' /etc/resolv.conf

              # coreutils and iproute are in PATH too
              logger "Device $DEVICE_IFACE coming up"
            '';
     type = "basic";
   }
  ];

from nixpkgs.

Feel free to take a look at #292472 it has some very basic NM vm-tests I'll add a test case for your problem this weekend or so.

from nixpkgs.

Rest of the file has also this:

# resolv.conf from wlp9s0.dhcp
# Generated by dhcpcd from wlp9s0.dhcp
domain fritz.box
search fritz.box
nameserver 192.168.178.1

Do you know how NetworkManager and dhcpcd interact ?

from nixpkgs.

Do you think this is something that could be documented? We could add "Note that a domain can still ends up in /etc/resolv.conf when using resolvconf and other dhcp client such as the dhcpd which is enabled by default." to the setting.

Sure, feel free to do a pr adding it to networking.useDHCP/networking.interfaces.<name>.useDHCP

from nixpkgs.

I think so. Sorry for the confusion and many thanks for the help.

from nixpkgs.

CC: @NixOS/freedesktop

from nixpkgs.

CC: @Janik-Haag @flokli @jtojnar @kevincox

from nixpkgs.

Can you share the content of /run/NetworkManager/system-connections/my-cool-wifi ?

from nixpkgs.

Thanks for the quick feedback!

Here:

[connection]
id=my-cool-wifi
interface=$INTERFACE
permissions=
type=wifi

[ipv4]
dns=$IP_OF_DNS
dns-search=
ignore-auto-dns=true
method=auto

[wifi]
mode=infrastructure
ssid=$SSID

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=$PASSWD

All the $VAR things are for anonymity/security of the concerned network.

One of my colleague tried with Debian on the same network and ignore-auto-dns=true DID work for them, no domain x.y.z was pushed in /etc/resolv.conf.

from nixpkgs.

Okay so I would say this isn't a NixOS bug, or at least isn't one related to networking.networkmanager.ensureProfiles.profiles since it gets rendered correctly. Did you try diffing you and your colleague's nmconnection file?

You can also try reading through the nm reference manual
Where it lists some conditions:

When "method" is set to "auto" and this property to TRUE, automatically configured name servers and search domains are ignored and only name servers and search domains specified in the "dns" and "dns-search" properties, if any, are used.

from nixpkgs.

Here the config from my colleague:

[connection]
id=my-cool-wifi
uuid=$SOMEUID
type=wifi
interface-name=$INTERFACE

[wifi]
mode=infrastructure
ssid=$SSID

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=$THE_SECRET_PASSWORD

[ipv4]
method=auto
ignore-auto-dns=true
dns=$DNS_IP

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

from nixpkgs.

Okay so as you can see with https://github.com/NixOS/nixpkgs/pull/292472/files#diff-3649918b52093521f5b02110302572d734ccc01a0778c65089b556e1db448ee3R94-R124 the issue you are describing is not network-manager related. You probably have something else installed trying to update /etc/resolv.conf based on dhcp packets, maybe networkd?

If you want to test locally I suggest you do something like:

nix run github:janik-haag/nixpkgs/networkmanager-tests#nixosTests.networking.networkmanager.dns.driverInteractive

or

env -i nix-shell -I nixpkgs=https://github.com/Janik-Haag/nixpkgs/archive/refs/heads/networkmanager-tests.tar.gz '<nixpkgs>' -p nixosTests.networki
ng.networkmanager.dns.driverInteractive --run nixos-test-driver         

and then just type:

# starts the vms
start_all()
# wait ~10-60 seconds depending on your hardware
static.shell_interact()
# or depending on which machine you want to look at
dynamic.shell_interact()

then you get a shell inside the vm and do things like: cat /etc/resolv.conf

So I think we can close this issue?

from nixpkgs.

Thanks for taking time to develop these tests. Does your test simulate the dhcp server pushing a domain for resolution?

I don't think I have networkd ?

sudo systemctl list-units | grep network
[sudo] password for user: 
  network-addresses-enp0s31f6.service                                                    loaded active exited    Address configuration of enp0s31f6
  network-addresses-wlp9s0.service                                                       loaded active exited    Address configuration of wlp9s0
  network-addresses-wwan0.service                                                        loaded active exited    Address configuration of wwan0
  network-local-commands.service                                                         loaded active exited    Extra networking commands.
  network-setup.service                                                                  loaded active exited    Networking Setup
  network-online.target                                                                  loaded active active    Network is Online
  network-pre.target                                                                     loaded active active    Preparation for Network
  network.target                                                                         loaded active active    Network

from nixpkgs.

Does your test simulate the dhcp server pushing a domain for resolution

nope only pushing a dns server.

from nixpkgs.

Is there a way to test that? To test that domain x.y.z gets written in /etc/resolv.con despite ignore-auto-dns.

Thank you again for the tests, it's really nice work!

from nixpkgs.

Here another manual test at home. I have

[ipv4]
dns-search=
method=auto
# debugging https://github.com/NixOS/nixpkgs/issues/291868
ignore-auto-dns=yes

in my private wifi configuration (this time directly edited in the file). I restart NetworkManager with systemctl restart NetworkManager.

Then:

resolvconf -l | head -3
# resolv.conf from NetworkManager
# Generated by NetworkManager
search fritz.box

Here I would expect search fritz.box to not be there. What do you think?

from nixpkgs.

Do you know how NetworkManager and dhcpcd interact ?

Looking at the documentation on resolvconf it seems not relevant since the NetworkManager section printed by resolvconf -l should already not have search. What does resolvconf -l shows on your system? and if you add ignore-auto-dns=yes to your config?

from nixpkgs.

Did you try setting https://search.nixos.org/options?channel=unstable&show=networking.interfaces.%3Cname%3E.useDHCP&from=0&size=200&sort=relevance&type=packages&query=useDhcp to false?

from nixpkgs.

It does not affect the output from resolvconf -l:

# resolv.conf from NetworkManager
# Generated by NetworkManager
nameserver $IP_OF_DNS

# resolv.conf from wlp9s0.dhcp
# Generated by dhcpcd from wlp9s0.dhcp
domain x.y.z
search x.y.z
nameserver $IP_OF_DNS

Maybe because the second entry is the one from the internal dhcp of NetworkManager.

from nixpkgs.

Ok it seems the right setting is networking.dhcpcd.enable = false;. It works on my work network, I will try at home also.

I'm not sure why dhcpd is activated by default in Nix since the default configuration encourages to use NetworkManager anyway and it works without dhcpd?!

Do you think this is something that could be documented? We could add "Note that a domain can still ends up in /etc/resolv.conf when using resolvconf and other dhcp client such as the dhcpd which is enabled by default." to the setting.

from nixpkgs.

More like in the documentation of networking.networkmanager.ensureProfiles.profiles.<name>.ipv4, right?

from nixpkgs.

More like in the documentation of networking.networkmanager.ensureProfiles.profiles..ipv4, right?

networking.networkmanager.ensureProfiles.profiles.<name>.ipv4 doesn't have any explicit documentation since it's not really defined, networking.networkmanager.ensureProfiles.profiles just expects a attr-set of ini.type.

But I think we can close this issue for now since your problem is resolved?

from nixpkgs.