brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: use manually configured dns servers in systemd-resolved

Browse Source
This commit is contained in:
Michele Cereda
2023-05-20 11:53:34 +02:00
parent 0090506c5b
commit cf20f4462a
2 changed files with 58 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
knowledge base/systemd.md
View File

@@ -110,6 +110,9 @@ journalctl --disk-usage
sudo journalctl --vacuum-size='1G' sudo journalctl --vacuum-size='1G'
sudo journalctl --vacuum-time='1years' sudo journalctl --vacuum-time='1years'
# Show the current time settings.
timedatectl
# List available timezones. # List available timezones.
timedatectl list-timezones timedatectl list-timezones
@@ -134,7 +137,7 @@ sudo timedatectl set-ntp false
# Check the time and timezones state. # Check the time and timezones state.
timedatectl status timedatectl status
# Show the current hostname state. # Show the current hostname settings.
hostnamectl hostnamectl
hostnamectl --pretty status hostnamectl --pretty status
hostnamectl --static status hostnamectl --static status
@@ -142,6 +145,20 @@ hostnamectl --static status
# Set hostnames. # Set hostnames.
hostnamectl set-hostname 'static_hostname' --static hostnamectl set-hostname 'static_hostname' --static
hostnamectl set-hostname 'pretty_hostname' --pretty hostnamectl set-hostname 'pretty_hostname' --pretty
# Show the current DNS resolution settings.
resolvectl status
resolvectl status 'eth0'
# Get an address-ip resolution and viceversa.
resolvectl query 'www.0pointer.net'
resolvectl query '85.214.157.71'
# Retrieve PGP keys.
resolvectl openpgp 'zbyszek@fedoraproject.org'
# Restart the DNS resolver.
sudo systemctl restart 'systemd-resolved.service'
``` ```
## User services ## User services
@@ -208,6 +225,29 @@ Storage=persistent
sudo service 'network-manager' restart sudo service 'network-manager' restart
``` ```
### Ignore the DNS servers list given by the DHCP server
Set the following lines in any network-specific file for which you want to ignore DNS servers from DHCP (like `/etc/systemd/network/eth0.network`), or in the global settings (`/etc/systemd/resolved.conf` or any file in `/etc/systemd/resolved.conf.d/`):
```ini
[DHCP]
UseDNS=false
```
Restarting the `systemd-resolved` service seems to not be enough. Restarting the host changed the settings.
### Manually set DNS servers
Set the following lines in the global settings (`/etc/systemd/resolved.conf` or any file in `/etc/systemd/resolved.conf.d/`), or in any network-specific file you want to set DNS servers for (like `/etc/systemd/network/eth0.network`):
```ini
[Resolve]
DNS=192.168.1.1 # Local router
FallbackDNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 # Cloudflare
```
Restart the `systemd-resolved` service to apply the new settings.
## Sources ## Sources
- [How to disable systemd-resolved in Ubuntu] - [How to disable systemd-resolved in Ubuntu]

19
knowledge base/turris os.md
View File

@@ -329,7 +329,7 @@ Install and configure Pi-hole in the container:
hostnamectl set-hostname 'pi-hole' hostnamectl set-hostname 'pi-hole'
# Install pi-hole. # Install pi-hole.
DEBIAN_FRONTEND='noninteractive' apt-get install --assume-yes 'ca-certificates' 'curl' DEBIAN_FRONTEND='noninteractive' apt-get install --assume-yes 'ca-certificates' 'curl' 'unattended-upgrades'
curl -sSL 'https://install.pi-hole.net' | bash curl -sSL 'https://install.pi-hole.net' | bash
# Follow the guided procedure. # Follow the guided procedure.
@@ -339,6 +339,20 @@ curl -sSL 'https://install.pi-hole.net' | bash
# Update pi-hole as a whole, if needed. # Update pi-hole as a whole, if needed.
/etc/.pihole/pihole -up /etc/.pihole/pihole -up
# Set the router as the primary DNS server.
sed -E -i.bak 's|^#?\s*DNS\s*=\s*.*$|DNS=192.168.1.1|' '/etc/systemd/resolved.conf'
# Set Cloudflare as the fallback DNS server.
# Optional.
sed -E -i.bak 's|^#?\s*FallbackDNS\s*=\s*.*$|FallbackDNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001 # Cloudflare|' '/etc/systemd/resolved.conf'
# Set the interface to ignore DNS lists given by the DHCP server.
cp '/etc/systemd/network/eth0.network' '/etc/systemd/network/eth0.network.bak'
cat >> '/etc/systemd/network/eth0.network' <<EOF
[DHCP]
UseDNS=false
EOF
``` ```
Finish setting up the container as explained above.<br/> Finish setting up the container as explained above.<br/>
@@ -349,7 +363,7 @@ Then, in Turris OS:
# Keep the router as secondary. # Keep the router as secondary.
uci set dhcp.lan.dhcp_option='6,192.168.111.2,192.168.111.1' uci set dhcp.lan.dhcp_option='6,192.168.111.2,192.168.111.1'
# The dns server address in the IPv6 RA should be the container's ULA address # The DNS server address in the IPv6 RA should be the container's ULA address
# since the global routable IPv6 address tend to change daily. # since the global routable IPv6 address tend to change daily.
uci add_list dhcp.lan.dns="$(lxc-info --name pi-hole | grep -E 'IP.* f[cd]' | sed 's/IP: *//')" uci add_list dhcp.lan.dns="$(lxc-info --name pi-hole | grep -E 'IP.* f[cd]' | sed 's/IP: *//')"
@@ -366,6 +380,7 @@ Suggestions:
- [SSH]: - [SSH]:
- Change the SSH port from the default `22` value. - Change the SSH port from the default `22` value.
- Restrict login to specific IP addresses. - Restrict login to specific IP addresses.
- Restrict authentication options to keys.
## The SFP+ caged module ## The SFP+ caged module