Bookworm: NetworkManager

[Pocket]

I want NetworkManager to not over write /etc/resolv.conf

According to the docs if dns=none is set it will not touch /etc/resolv.conf

This is what I need /etc/resolv.conf to be (I have bind on the machine)

domain example.org
nameserver 127.0.0.1
options edns0 trust-ad

First Go at this

This is conf.d/dns.conf

[main]
dns=none
rc-manager=unmanaged

[global-dns]
searches= example.org
options=edns0 trust-ad

Did not work, it still overwrote /etc/resolv.conf on booting

So I then edited NetworkManager.conf as follows after restoring
/etc/resolv.conf to what I need

[main]
plugins=ifupdown,keyfile
dns=none

[ifupdown]
managed=false

[device]
wifi.scan-rand-mac-address=no

And it still over writes /etc/resolv.conf on booting/rebooting

cat /etc/resolv.conf
# Generated by NetworkManager
search example.org search.charter.com columbus.rr.com
nameserver 192.168.1.6
nameserver 192.168.1.1

Is there something I am over looking?

--
It's not easy to be me

[Greg Wooledge]

On Sat, Oct 21, 2023 at 12:23:45PM -0400, Pocket wrote:
> I want NetworkManager to not over write /etc/resolv.conf

https://wiki.debian.org/resolv.conf

[Pocket]

openresolv or resolvconf is not installed

no dhcp client is running only networkmanager is installed/running

making /etc/resolv.conf immutable is not the answer

[Greg Wooledge]

If you're asking us to tell you how to *make NetWorkManager behave*
then you might be frustrated. Most of the people on this mailing list
don't use it. There are some who actively despise it, and go out of
their way to ensure it's never installed. (Those people are a small
minority, but they're definitely here.) So, in all likelihood, nobody
here might know that answer.

If you believe NM is not behaving according to its documentation, then
file a bug report.

If you want to *solve your problem* then I've offered you the only
answers I know.

So I guess you get to decide whether you'd prefer to solve your problem,
or battle the injustices of the world as you perceive them.

[Pocket]

On 10/21/23 13:24, Greg Wooledge wrote:
> On Sat, Oct 21, 2023 at 01:08:58PM -0400, Pocket wrote:
>> On 10/21/23 12:49, Greg Wooledge wrote:
>>> On Sat, Oct 21, 2023 at 12:23:45PM -0400, Pocket wrote:
>>>> I want NetworkManager to not over write /etc/resolv.conf
>>> https://wiki.debian.org/resolv.conf
>>>
>> openresolv or resolvconf is not installed
>>
>> no dhcp client is running only networkmanager is installed/running
>>
>> making /etc/resolv.conf immutable is not the answer
> If you're asking us to tell you how to *make NetWorkManager behave*
> then you might be frustrated. Most of the people on this mailing list
> don't use it. There are some who actively despise it, and go out of
> their way to ensure it's never installed. (Those people are a small
> minority, but they're definitely here.) So, in all likelihood, nobody
> here might know that answer.

Well the default install for bookworm does install it and use it.

That is why I am here.

>
> If you believe NM is not behaving according to its documentation, then
> file a bug report.

That may be what I do but I want to be sure that it is the fault of
networkmanager or there is a better fix before I file a bug report

>
> If you want to *solve your problem* then I've offered you the only
> answers I know.

It is my opinion is that information is old and not valid for bookworm

>
> So I guess you get to decide whether you'd prefer to solve your problem,
> or battle the injustices of the world as you perceive them.

I am not battling or in conflict with any one.

[Greg Wooledge]

On Sat, Oct 21, 2023 at 01:38:37PM -0400, Pocket wrote:
> Well the default install for bookworm does install it and use it.
>
> That is why I am here.

There's no single "default install". Sure, if you just hit the Enter
key straight through an install you end up with GNOME, and also with NM.
But if you *don't* install GNOME (or any desktop environment) then you
also don't get NM.

NM is not the default in a "Standard" install (Standard being the name
of a specific package set in the tasksel dialog). Only in desktop
installs. The regulars on this mailing list skew toward people who do
not use desktop environments. Therefore, we don't possess a lot of
knowledge about NM.

> > If you want to *solve your problem* then I've offered you the only
> > answers I know.
>
> It is my opinion is that information is old and not valid for bookworm

Feel free to correct whatever you believe needs correcting. That's what
a wiki is, after all. Do you have a specific example of an incorrect
statement on that page?

> I am not battling or in conflict with any one.

Then why do you reject *all* the answers?

sudo -s
apt-get install openresolv
echo resolvconf=NO >> /etc/resolvconf.conf
exit

[Felix Miata]

Pocket composed on 2023-10-21 12:23 (UTC-0400):

> I want NetworkManager to not over write /etc/resolv.conf

...

> Is there something I am over looking?

If you're not personally committed to NetworkMangler and only need static
networking, then remove it and ifupdown. Systemd provides simple static IP
network setup:

# inxi -S
System:
Host: gx780 Kernel: 6.1.0-11-amd64 arch: x86_64 bits: 64 Console: pty pts/0
Distro: Debian GNU/Linux 12 (bookworm)
# dpkg-query --showformat='${Package}\t${Version}\n' --show | egrep 'netw|solv|temd|ifupdown'
libpam-systemd 252.12-1~deb12u1
libqt5network5 5.15.8+dfsg-11
libsystemd-shared 252.12-1~deb12u1
libsystemd0 252.12-1~deb12u1
systemd 252.12-1~deb12u1
systemd-sysv 252.12-1~deb12u1
# ls -gG /etc/systemd/network
total 1
-rw-r--r-- 1 175 Apr 3 2023 eth0.network
# systemctl list-unit-files | egrep -i 'net|solv|anager'
ntpsec-systemd-netif.path enabled enabled
display-manager.service alias -
ntpsec-systemd-netif.service static -
systemd-network-generator.service disabled enabled
systemd-networkd-wait-online.service disabled disabled
systemd-networkd-wait-online@.service disabled enabled
systemd-networkd.service disabled enabled
systemd-networkd.socket enabled enabled
network-online.target static -
network-pre.target static -
network.target static -
# ping -c1 www.google.com
PING www.google.com (64.233.177.99) 56(84) bytes of data.
64 bytes from yx-in-f99.1e100.net (64.233.177.99): icmp_seq=1 ttl=58 time=155 ms

--- www.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 154.625/154.625/154.625/0.000 ms
#
Nothing writes to my /etc/resolv.conf except me. :)
--
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

[Pocket]

On 10/21/23 13:55, Greg Wooledge wrote:
> On Sat, Oct 21, 2023 at 01:38:37PM -0400, Pocket wrote:
>> Well the default install for bookworm does install it and use it.
>>
>> That is why I am here.
> There's no single "default install". Sure, if you just hit the Enter
> key straight through an install you end up with GNOME, and also with NM.
> But if you *don't* install GNOME (or any desktop environment) then you
> also don't get NM.

I did not install a GUI and I am working on a minimal install and nm was
installed along with isc-dhcp and wpa_supplicant

>
> NM is not the default in a "Standard" install (Standard being the name
> of a specific package set in the tasksel dialog). Only in desktop
> installs. The regulars on this mailing list skew toward people who do
> not use desktop environments. Therefore, we don't possess a lot of
> knowledge about NM.
>
>>> If you want to *solve your problem* then I've offered you the only
>>> answers I know.
>> It is my opinion is that information is old and not valid for bookworm
> Feel free to correct whatever you believe needs correcting. That's what
> a wiki is, after all. Do you have a specific example of an incorrect
> statement on that page?

Well it doesn't work or of little value if you don't have openresolv or
resolvconf installed

>
>> I am not battling or in conflict with any one.
> Then why do you reject *all* the answers?
>
> sudo -s
> apt-get install openresolv
> echo resolvconf=NO >> /etc/resolvconf.conf
> exit

I didn't, I am only trying to work with nm on a non desktop install.

[Pocket]

On 10/21/23 13:58, Felix Miata wrote:
> Pocket composed on 2023-10-21 12:23 (UTC-0400):
>
>> I want NetworkManager to not over write /etc/resolv.conf
> ...
>> Is there something I am over looking?
>
> If you're not personally committed to NetworkMangler and only need static
> networking, then remove it and ifupdown. Systemd provides simple static IP
> network setup:

I may well be at that point to use systemd networking.

That would require me to rip out all the no defunct packages which I
could do, but I would rather just get nm working correctly if I can.

ifupdown and dhcpcd has worked for me in bullseye and that may indeed be
where this resolved to.

My setup is that I was a dhcp server to give out IPs and DNS info.

That way I can control those things without having to do so on ever system.

I just make the change on the router and I am done.

[Greg Wooledge]

On Sat, Oct 21, 2023 at 02:10:23PM -0400, Pocket wrote:
> On 10/21/23 13:58, Felix Miata wrote:
> > If you're not personally committed to NetworkMangler and only need static
> > networking, then remove it and ifupdown. Systemd provides simple static IP
> > network setup:

Or... remove Network Manager, ignore systemd, and just use ifupdown.

> I may well be at that point to use systemd networking.
>
> That would require me to rip out all the no defunct packages which I could
> do, but I would rather just get nm working correctly if I can.
>
> ifupdown and dhcpcd has worked for me in bullseye and that may indeed be
> where this resolved to.

dhcpcd? OK, either you're not using Debian, or you're using an unusual
architecture where dhcpcd is used instead of isc-dhcp-client. Virtually
all of my Debian knowledge is on amd64 and i386.

"Not using Debian" might explain a lot of the issues here.

[Stefan Monnier]

>>> I want NetworkManager to not over write /etc/resolv.conf

[...]

> My setup is that I was a dhcp server to give out IPs and DNS info.

> That way I can control those things without having to do so on every system.

Populating `/etc/resolv.conf` from the DHCP-provided info is a useful
part of "control those things without having to do so on every system",
so I don't see why you "want NetworkManager to not over write
/etc/resolv.conf".


Stefan

[Pocket]

On 10/21/23 14:36, Greg Wooledge wrote:

> On Sat, Oct 21, 2023 at 02:10:23PM -0400, Pocket wrote:
>> On 10/21/23 13:58, Felix Miata wrote:
>>> If you're not personally committed to NetworkMangler and only need static
>>> networking, then remove it and ifupdown. Systemd provides simple static IP
>>> network setup:
> Or... remove Network Manager, ignore systemd, and just use ifupdown.

That well may be the end solution to this problem

>
>> I may well be at that point to use systemd networking.
>>
>> That would require me to rip out all the no defunct packages which I could
>> do, but I would rather just get nm working correctly if I can.
>>
>> ifupdown and dhcpcd has worked for me in bullseye and that may indeed be
>> where this resolved to.
> dhcpcd? OK, either you're not using Debian, or you're using an unusual
> architecture where dhcpcd is used instead of isc-dhcp-client. Virtually
> all of my Debian knowledge is on amd64 and i386.
>
> "Not using Debian" might explain a lot of the issues here.

cat /etc/os-release

PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"


That makes me believe it is debian 12 bookworm


BTW this install has isc-dhcp-client

[Pocket]

I agree about that on most machines, but the machine in question has
bind running so nameserver needs to be set to 127.0.0.1 and the domain
to example.org in the resolv.conf file.

This is my problem in a nutshell

[Christoph Brinkhaus]

I am not 100% sure if I fully understood your setup. My system gets its
network settings via DHCP. I also run a nameserver on 127.0.0.1. My
external interface is bond0. I have the following configuration:

#v+
ris@lenovo ~> cat /etc/dhcp/dhclient.conf|grep -v "^#"

option rfc3442-classless-static-routes code 121 = array of unsigned
integer 8;

send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn,
dhcp6.sntp-servers,
netbios-name-servers, netbios-scope,
interface-mtu,
rfc3442-classless-static-routes,
ntp-servers;

interface "bond0" {
supersede domain-name-servers 127.0.0.1;
}
#v-

The last block prevents my local resolv.conf to be overwritten.
I am not sure if that measure could help in your setup.

Kind regards,
Christoph
--
Ist die Katze gesund
schmeckt sie dem Hund.

[Stefan Monnier]

> I agree about that on most machines, but the machine in question has bind
> running so nameserver needs to be set to 127.0.0.1 and the domain to
> example.org in the resolv.conf file.

Beware: at this rate, you may end up giving us enough info about what
you're doing for us to actually help you.

I think you're still safe (e.g., you're still keeping us in the dark
about why you run bind on "this machine" yet you also want it to receive
"IPs and DNS info" from some other dhcp server, or otherwise keeping us
confused about which machine is which), but you're playing
a dangerous game.


Stefan

[Pocket]

Well the default minimal install that I do (or use, done,did,etc) has

networkmanager, isc-dhcp-client and wpa_supplicant, so that is the
parameters that I have to work under.  I would like not to change that
by removing or adding packages if I can.

As I understand this networkmanager has an internal dhcp client.

It can setup all the other parameters.

Which is ok and will for me if I can get it to leave /etc/resolv.conf alone.

This is what I am trying to accomplish.

Barring that I am gonna try to get it to put the following into
resolv.conf if it just has to write  that file

and call it a day,week or month whatever it takes

domain example.org
nameserver 127.0.0.1
options edns0 trust-ad

[Pocket]

I need to run a dns server on this network and I want to get the ip and
routing info from a dhcp server.

For this machine I don't need the dns info from the dhcp server.

Doing this lets me control the IP addresses on the entire network and I
can replace one server with another by simply changing the IP address
handed out by the dhcp server.  The dhcp server hands out the lease IP
by MAC address for some (server,  printers, "security machines/devices"
etc) machines that need a "static" IP address and dynamic for all the
others like tablets notebooks etc.

This has worked for more that 35 years for me.

On all other client machines I use all the dhcp information, just not
for this machine as it is an

email server, dns and web server.

I use to build my own custom "distro" (rpm package with all packages
built from scratch) for servers but I am getting too old to do that so I
am trying to use debian to replace that.


I don't get you context here as the problem is simply trying to get
networkmanager to quit writing /etc/resolv.conf.

Being that debian has config files in many places I could have missed that.

If I can do this then my issue is solved.

[Greg Wooledge]

On Sat, Oct 21, 2023 at 03:29:40PM -0400, Pocket wrote:
> I don't get you context here as the problem is simply trying to get
> networkmanager to quit writing /etc/resolv.conf.

The context -- what has certain people confused -- is that most people who
do what you're doing run the DNS and DHCP servers on the *same machine*.

They're wondering why you are running those on *different* machines.

Now, personally I don't care. I'm just watching the drama play out.

> If I can do this then my issue is solved.

Except you've also got some self-imposed restrictions:

1) You're using a non-vanilla Debian installation method that installs
Network Manager despite not choosing a desktop environment.

2) You refuse to remove Network Manager despite it being the apparent
source of your problems.

3) You refuse to install any package that you don't already have.

Points 1, 2 and 3 taken together seem to point toward some sort of
virtualization story ("I need to be able to replicate this setup
later") that's also being hidden from us, but who knows.

4) You refuse the chattr +i solution which would solve the problem in
one simple step. (This one doesn't surprise me. A lot of people
object to it on some sort of religious ground. I don't understand
the objection, but it's so common that it's no longer a surprise.)

[Pocket]

On 10/21/23 15:41, Greg Wooledge wrote:
> On Sat, Oct 21, 2023 at 03:29:40PM -0400, Pocket wrote:
>> I don't get you context here as the problem is simply trying to get
>> networkmanager to quit writing /etc/resolv.conf.
> The context -- what has certain people confused -- is that most people who
> do what you're doing run the DNS and DHCP servers on the *same machine*.
>
> They're wondering why you are running those on *different* machines.
>
> Now, personally I don't care. I'm just watching the drama play out.

the DHCP server is on a router

Running DNS service on a machine is done by many

>
>> If I can do this then my issue is solved.
> Except you've also got some self-imposed restrictions:
>
> 1) You're using a non-vanilla Debian installation method that installs
> Network Manager despite not choosing a desktop environment.
>
> 2) You refuse to remove Network Manager despite it being the apparent
> source of your problems.

I would like to get this working as is

>
> 3) You refuse to install any package that you don't already have.
>
> Points 1, 2 and 3 taken together seem to point toward some sort of
> virtualization story ("I need to be able to replicate this setup
> later") that's also being hidden from us, but who knows.

I would like not to install or remove any packages

>
> 4) You refuse the chattr +i solution which would solve the problem in
> one simple step. (This one doesn't surprise me. A lot of people
> object to it on some sort of religious ground. I don't understand
> the objection, but it's so common that it's no longer a surprise.)

That is a crutch, ie If you can configure something then use chatter +i

I prefer to do this correctly

[Pocket]

Ding ding ding we have a winner!!!!

cat /etc/resolv.conf
# Generated by NetworkManager
search example.org

nameserver 127.0.0.1
nameserver ::1
options edns0 trust-ad

This make this work

sudo cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

[device]
wifi.scan-rand-mac-address=no

[global-dns]
searches=example.org
options=edns0 trust-ad

cat /etc/NetworkManager/system-connections/Wired\ connection\ 1.nmconnection
[connection]
id=Wired connection 1
uuid=fe51b7a9-f0a9-32b9-ba1d-7a4dd08d0718
type=ethernet
autoconnect-priority=-999
interface-name=end0
timestamp=1697818643

[ethernet]

[ipv4]
dns=127.0.0.1;
dns-search=example.org;
ignore-auto-dns=true
method=auto

[ipv6]
addr-gen-mode=default
dns=::1;
dns-search=example.org;
ignore-auto-dns=true
method=auto
[proxy]

[.nmmeta]
nm-generated=true

[Andrew M.A. Cater]

On Sat, Oct 21, 2023 at 04:23:26PM -0400, Pocket wrote:
> Ding ding ding we have a winner!!!!
>

Hi Pocket

Glad you have a winner :)

For anyone else following along: a datum point.

I've just done a minimal text installation of Debian in a virtual machine.
No desktop environment installed: all options deselected apart from
Standard install.

At no point was Network Manager / nmcli / nmtui installed.

isc-dhcp-client is installed as is bind9 client

I'm guessing it is entirely possible that Network Manager was previously
installed by something else or a previous configuration for Pocket.

With every good wish, as ever,

Andy

Andy Cater

[Charles Curley]

On Sat, 21 Oct 2023 14:40:49 -0400
Pocket <poc...@columbus.rr.com> wrote:

> but the machine in question has
> bind running so nameserver needs to be set to 127.0.0.1 and the
> domain to example.org in the resolv.conf file.
>
> This is my problem in a nutshell

Oh, why didn't you say that! Actually, it doesn't have to use the
loopback address; you can use the address of the Ethernet interface.

Also, you should not be using example.org. That is a reserved domain
name. https://en.wikipedia.org/wiki/Example.com

I am going to guess (since you haven't
said so) that this is also not a laptop, and therefor it has a permanent
IP address.

If you insist on retaining NetworkManager, this page might be useful.
https://serverfault.com/questions/810636/how-to-manage-dns-in-networkmanager-via-console-nmcli
You can also add DNS servers in the GTK version of the NM GUI. I don't
know about the KDE version.

You can use isc-dhcp to tell the whole network where its DNS server is.
You can also make over-rides for individual hosts. In dhcpd.conf:

subnet blah {

option domain-name-servers blah, blah;
option domain-search etc.;

host dns-server
{

option domain-name-servers 192.168.100.30, 127.0.0.1;

}
}

You said in another email that you are using a dhcp server on a
"router". That doesn't tell me much. A router is simply a computer that
sits between two networks, and routes packets between them. My router
is a 16 year old computer designed for embedded applications that runs
Debian. I run ISC DHCPD on that an another machine with fail-over
between them.

From what I have seen most "routers" these days are cheap boxes
provided by ISPs that have buggy, insecure, and limited software which
may not be able to do this.

You can also set the ISC dhcp client to add name servers.

prepend domain-name-servers 127.0.0.1;

--
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

[Greg Wooledge]

On Sat, Oct 21, 2023 at 02:46:25PM -0600, Charles Curley wrote:
> Also, you should not be using example.org. That is a reserved domain
> name. https://en.wikipedia.org/wiki/Example.com

I just assumed this was a lie. An obfuscation of the actual domain name.

[Pocket]

On 10/21/23 16:46, Charles Curley wrote:

On Sat, 21 Oct 2023 14:40:49 -0400
Pocket <poc...@columbus.rr.com> wrote:

but the machine in question has 
bind running so nameserver needs to be set to 127.0.0.1 and the
domain to example.org in the resolv.conf file.

This is my problem in a nutshell

Oh, why didn't you say that! Actually, it doesn't have to use the
loopback address; you can use the address of the Ethernet interface.

Also, you should not be using example.org. That is a reserved domain
name. https://en.wikipedia.org/wiki/Example.com

rfc2606.html
3. Reserved Example Second Level Domain Names

   The Internet Assigned Numbers Authority (IANA) also currently has the
   following second level domain names reserved which can be used as
   examples.

        example.com
        example.net
        example.org


rfc6761.html
7.  DNS Registries/Registrars:

       How should DNS Registries/Registrars treat requests to register
       this reserved domain name?  Should such requests be denied?
       Should such requests be allowed, but only to a specially-
       designated entity?  (For example, the name "www.example.org" is
       reserved for documentation examples and is not available for
       registration; however, the name is in fact registered; and there
       is even a web site at that name, which states circularly that the
       name is reserved for use in documentation and cannot be
       registered!)


Which I take it that you can use them for any purpose as long as it is not on the internet.

Why would I register a domain name for an internal network?
Any name will do.  You could make the same argument if you just makeup a domain to use as it could already be registered or someone my register it in the future.
That is why I picked example.org as It will/can not be used, no collision with domain names that way.

Somebody is using http://example.org/ on the internet, try it in your browser
and it is https://www.iana.org/help/example-domains

IANA-managed Reserved Domains

Certain domains are set aside, and nominally registered to “IANA”, for specific policy or technical purposes.

Example domains

As described in RFC 2606 and RFC 6761, a number of domains such as example.com and example.org are maintained for documentation purposes. These domains may be used as illustrative examples in documents without prior coordination with us. They are not available for registration or transfer.

So I can not use or I am forbidden to use 192.168.1.0/24 network as it is reserved?

I am going to guess (since you haven't
said so) that this is also not a laptop, and therefor it has a permanent
IP address.

This is for a name server

If you insist on retaining NetworkManager, this page might be useful.
https://serverfault.com/questions/810636/how-to-manage-dns-in-networkmanager-via-console-nmcli
You can also add DNS servers in the GTK version of the NM GUI. I don't
know about the KDE version.

I am just using what was installed by my scripted debian installation

You can use isc-dhcp to tell the whole network where its DNS server is.
You can also make over-rides for individual hosts. In dhcpd.conf:

Yes but if the currently installed and enabled NetwokManager will work then there is little need to change it. why change it?

You said in another email that you are using a dhcp server on a
"router". That doesn't tell me much. A router is simply a computer that
sits between two networks, and routes packets between them. My router
is a 16 year old computer designed for embedded applications that runs
Debian. I run ISC DHCPD on that an another machine with fail-over
between them.

It is a "home office router" by linksys

I could have built my own "router" with my own custom scratch built OS as I did starting 35 years ago, but why should I if I can get something off the shelf?

>From what I have seen most "routers" these days are cheap boxes
provided by ISPs that have buggy, insecure, and limited software which
may not be able to do this.

You can also set the ISC dhcp client to add name servers.

prepend domain-name-servers 127.0.0.1;

Then all clients get the localhost address for DNS resolution, which will not come close to working.

Anyway I have solved this issue by modifying the keyfile for device end0

see my previous post

I will find a way........

[Pocket]

Nope I use it on an internal network and have done so for 40 years.

[Stefan Monnier]

> the DHCP server is on a router
> Running DNS service on a machine is done by many

FWIW, I run `dnsmasq` as local DNS server on many of my machines, and
this is already automatically setup to "DTRT" somehow (the DNS
info obtained via DHCP are provided to `dnsmasq` and `/etc/resolv.conf`
only points to 127.0.0.1).

You might want to look at how they do it.


Stefan

[Pocket]

On 10/21/23 17:26, Michael Biebl wrote:
> Is /etc/resolv.conf a real file or a symlink?
> If the latter, where does it point to?
>
> Michael


Not a symlink

[to...@tuxteam.de]

On Sat, Oct 21, 2023 at 01:08:58PM -0400, Pocket wrote:
>

Sigh. Since I have been one of those proposing this for some
time, i feel somewhat responsible for that meme having escaped
the lab. So let me state this:

I never proposed making resolv.conf immutable as a
"solution". I always knew and said that this is going
to bite the sysadmin in the rear two years down the
street.

What I have proposed it for is as a debugging tool:
make it immutable and watch the logs to see who complains.
If found, configure the culprit to your taste. If not,
look for another debugging approach.

Cheers
--
t

[to...@tuxteam.de]

On Sat, Oct 21, 2023 at 03:29:40PM -0400, Pocket wrote:
>

> On 10/21/23 15:02, Stefan Monnier wrote:
> > > I agree about that on most machines, but the machine in question has bind
> > > running so nameserver needs to be set to 127.0.0.1 and the domain to
> > > example.org in the resolv.conf file.
> > Beware: at this rate, you may end up giving us enough info about what
> > you're doing for us to actually help you.
> >
> > I think you're still safe (e.g., you're still keeping us in the dark
> > about why you run bind on "this machine" yet you also want it to receive
> > "IPs and DNS info" from some other dhcp server, or otherwise keeping us
> > confused about which machine is which), but you're playing
> > a dangerous game.
> >
> >
> > Stefan
> >
> I need to run a dns server on this network and I want to get the ip and
> routing info from a dhcp server.
>
> For this machine I don't need the dns info from the dhcp server.

OK. And the server is sending the DNS info unrequested? Or is your
DHCP client (whoever that is) asking for it?

Furthermore: if your DHCP client is dhclient, there are hooks for
you to configure things in /etc/dhcp/dhclient-{enter,exit}-hooks.d

Cheers
--
t

[Max Nikulin]

On 22/10/2023 00:24, Greg Wooledge wrote:
> If you're asking us to tell you how to *make NetWorkManager behave* then
> you might be frustrated. Most of the people on this mailing list don't
> use it. There are some who actively despise it, and go out of their way
> to ensure it's never installed.

I just have tried with

/etc/NetworkManager/conf.d/90-disable-resovl.conf

[main]
dns=none

in a VM and it just works. I edited /etc/resolv.conf and NetworkManager
does not override it. I have no idea what is wrong in Pocket's case,
perhaps a typo or another config file with higher priority. I would check

NetworkManager --print-config

This particular instance was installed as bullseye in minimal
configuration. NetworkManager was added later and enp0s2 originally was
managed by ifupdown. I edited /etc/network/interfaces to allow
NetworkManager to take control of it. Later it was upgraded to bookworm.

Overriding DNS servers for each connection is another viable approach.

I admit that NetworkManager has issues and limitations, its GUI applets
have even more bugs and expose quite limited set of preferences, but
this tool still works in simple cases and convenient in the case of laptops.

P.S. I do not see any reason to insist on NetworkManager in the case of
a box which role is a DNS server for a local network. ifupdown should be
sufficient. There is no need to detect cable plug/unplug events, to
switch between connection configurations depending on current location
or other circumstances.

[Michael Kjörling]

On 21 Oct 2023 17:13 -0400, from poc...@columbus.rr.com (Pocket):

> Why would I register a domain name for an internal network?
> Any name will do. You could make the same argument if you just
> makeup a domain to use as it could already be registered or someone
> my register it in the future.
> That is why I picked example.org as It will/can not be used, no
> collision with domain names that way.

It's fairly recent (RFC 8375, May 2018) but this type of usage is
pretty much exactly what home.arpa is meant for.

https://www.rfc-editor.org/info/rfc8375

--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

[Pocket]

On 10/22/23 07:13, Michael Kjörling wrote:
> On 21 Oct 2023 17:13 -0400, from poc...@columbus.rr.com (Pocket):
>> Why would I register a domain name for an internal network?
>> Any name will do. You could make the same argument if you just
>> makeup a domain to use as it could already be registered or someone
>> my register it in the future.
>> That is why I picked example.org as It will/can not be used, no
>> collision with domain names that way.
> It's fairly recent (RFC 8375, May 2018) but this type of usage is
> pretty much exactly what home.arpa is meant for.
>
> https://www.rfc-editor.org/info/rfc8375
>

I am researching this as I am aware that things have changed from 20 years ago and with ipv6 adoption

[Pocket]

On 10/22/23 04:02, Max Nikulin wrote:
> On 22/10/2023 00:24, Greg Wooledge wrote:
>> If you're asking us to tell you how to *make NetWorkManager behave*
>> then you might be frustrated. Most of the people on this mailing list
>> don't use it. There are some who actively despise it, and go out of
>> their way to ensure it's never installed.
>
> I just have tried with
>
> /etc/NetworkManager/conf.d/90-disable-resovl.conf
>
> [main]
> dns=none
>
> in a VM and it just works. I edited /etc/resolv.conf and
> NetworkManager does not override it. I have no idea what is wrong in
> Pocket's case, perhaps a typo or another config file with higher
> priority. I would check

What version of NetworkManager is installed with bullseye?

Maybe a newer version is broken?


>
>     NetworkManager --print-config


Didn't show me anything unexpected.

>
> This particular instance was installed as bullseye in minimal
> configuration. NetworkManager was added later and enp0s2 originally
> was managed by ifupdown. I edited /etc/network/interfaces to allow
> NetworkManager to take control of it. Later it was upgraded to bookworm.
>
> Overriding DNS servers for each connection is another viable approach.
>
> I admit that NetworkManager has issues and limitations, its GUI
> applets have even more bugs and expose quite limited set of
> preferences, but this tool still works in simple cases and convenient
> in the case of laptops.
>
> P.S. I do not see any reason to insist on NetworkManager in the case
> of a box which role is a DNS server for a local network. ifupdown
> should be sufficient. There is no need to detect cable plug/unplug
> events, to switch between connection configurations depending on
> current location or other circumstances.

I would normally not use NetworkManager on a server system either, but
in this case NetworkManager is installed on all the bookworm
installation so in this case I choose to work with it instead of
removing it.

[Pocket]

The dhcp client is NetworkManager.

It is request a new lease as it should

Oct 22 03:59:35 gremlin NetworkManager[664]: <info> [1697961575.2993]
dhcp4 (end0): state changed new lease, address=192.168.1.3

[Pocket]

On 10/22/23 08:36, mick.crane wrote:
> On 2023-10-22 13:22, Pocket wrote:
> <snipped>

>> I would normally not use NetworkManager on a server system either, but
>> in this case NetworkManager is installed on all the bookworm
>> installation so in this case I choose to work with it instead of
>> removing it.
>

> It maybe comes with the desktop thing.
> With Bookworm I selected xfce only and network-manager was installed.
> Out of interest I put static address in /etc/network/interfaces
> and purged network-manager and network-manager-gnome.
> and seemed happy.
>
> mick
>

In my case no desktop is installed on this particular system that I want
to use as a server.

I have no idea what pulled NetworkManager in and really don't want to
find out.  All I know is that the script I use to install debian causes
it to be pulled in, so in this case I chose to use what was installed
rather than to rip it out and put something else in it's place.

I used the same script for bullseye and it has ifupdown and dhcpcd.  Go
figure?

[Dan Ritter]

Pocket wrote:
> The Internet Assigned Numbers Authority (IANA) also currently has the
> following second level domain names reserved which can be used as
> examples.
>
> example.com
> example.net
> example.org
>

> Which I take it that you can use them for any purpose as long as it is not on the internet

No, they are for examples. In documentation. Any system
encountering one of those names in real life can and probably
should assume that it is unconfigured or in a lab where terrible
things could happen without affecting anyone.

> Why would I register a domain name for an internal network?

You shouldn't. home.arpa is already a special-use domain for
that purpose.

If you happen to have a domain name for any other purpose, you
could establish a subdomain for your internal use, just by
configuring it. Or you could use split DNS to show different
views to the inside and outside.

> So I can not use or I am forbidden to use 192.168.1.0/24 network as it is reserved?

On the contrary, it is reserved so that you (and everyone else)
can use it for this particular purpose. But it is also your
responsibility to remember not to let that subnet leak outside
of your internal network, and to accept that other people are
using it in a similar manner.

> I am just using what was installed by my scripted debian installation

Who provided the script?

> I could have built my own "router" with my own custom scratch built OS as I
> did starting 35 years ago, but why should I if I can get something off the
> shelf?

You can get a computer pre-configured with Windows or Mac OS off
the shelf. Why did you decide to install Linux?


The answers to the two questions are likely similar, if not
identical.


-dsr-

--
https://randomstring.org/~dsr/eula.html is hereby incorporated by reference.
there is no justice, there is just us.

[Pocket]

On 10/22/23 08:32, Dan Ritter wrote:
> Pocket wrote:
>> The Internet Assigned Numbers Authority (IANA) also currently has the
>> following second level domain names reserved which can be used as
>> examples.
>>
>> example.com
>> example.net
>> example.org
>>
>> Which I take it that you can use them for any purpose as long as it is not on the internet
> No, they are for examples. In documentation. Any system
> encountering one of those names in real life can and probably
> should assume that it is unconfigured or in a lab where terrible
> things could happen without affecting anyone.
>
>
>

I get that, I have used example.org for more than 20 years and at the
time I began using it things were different.

>> Why would I register a domain name for an internal network?
> You shouldn't. home.arpa is already a special-use domain for
> that purpose.
>
> If you happen to have a domain name for any other purpose, you
> could establish a subdomain for your internal use, just by
> configuring it. Or you could use split DNS to show different
> views to the inside and outside.
>

Yes, I am researching that, but for now I need to get the bookworm
installs "stable" in my environment, which btw I am almost there

>
>> So I can not use or I am forbidden to use 192.168.1.0/24 network as it is reserved?
> On the contrary, it is reserved so that you (and everyone else)
> can use it for this particular purpose. But it is also your
> responsibility to remember not to let that subnet leak outside
> of your internal network, and to accept that other people are
> using it in a similar manner.

I understand that, what I posted was a dig.

>
>
>> I am just using what was installed by my scripted debian installation
> Who provided the script?
>
>
>> I could have built my own "router" with my own custom scratch built OS as I
>> did starting 35 years ago, but why should I if I can get something off the
>> shelf?
> You can get a computer pre-configured with Windows or Mac OS off
> the shelf. Why did you decide to install Linux?

Because I no longer want to spend the time and resource to roll my own
and I don't do windows.

>
>
> The answers to the two questions are likely similar, if not
> identical.
>
>
> -dsr-




--

[Michael Kjörling]

On 22 Oct 2023 08:22 -0400, from poc...@columbus.rr.com (Pocket):

> What version of NetworkManager is installed with bullseye?

https://packages.debian.org/bullseye/network-manager

https://tracker.debian.org/network-manager

[Michael Kjörling]

On 22 Oct 2023 08:42 -0400, from poc...@columbus.rr.com (Pocket):

> I get that, I have used example.org for more than 20 years and at the time I
> began using it things were different.

It has been reserved for its current purpose at least since June 1999
(that's the publication date of RFC 2606), and per whois the current
registration dates back to August 1995.

[Dan Ritter]

Pocket wrote:
>
> On 10/22/23 08:32, Dan Ritter wrote:
> > Pocket wrote:
> > > I am just using what was installed by my scripted debian installation
> > Who provided the script?

You skipped the most important question.

-dsr-

[Henning Follmann]

On Sat, Oct 21, 2023 at 01:24:21PM -0400, Greg Wooledge wrote:
> On Sat, Oct 21, 2023 at 01:08:58PM -0400, Pocket wrote:
> >
> > On 10/21/23 12:49, Greg Wooledge wrote:
> > > On Sat, Oct 21, 2023 at 12:23:45PM -0400, Pocket wrote:
> > > > I want NetworkManager to not over write /etc/resolv.conf
> > > https://wiki.debian.org/resolv.conf
> > >
> > openresolv or resolvconf is not installed
> >
> > no dhcp client is running only networkmanager is installed/running
> >

Well, NM is a dhcp client, technically.

> > making /etc/resolv.conf immutable is not the answer
>

> If you're asking us to tell you how to *make NetWorkManager behave*
> then you might be frustrated. Most of the people on this mailing list
> don't use it. There are some who actively despise it, and go out of

> their way to ensure it's never installed. (Those people are a small
> minority, but they're definitely here.) So, in all likelihood, nobody
> here might know that answer.

Well, that is not true. I think for a desktop NM is the right tool for most
users.
Some of these statements are based of past issues which mostly are
resolved these days.

>
> If you believe NM is not behaving according to its documentation, then
> file a bug report.

Yes true,

But I would assume that the initial question points to the real problem
here.

I assume you have some special requirments for your DNS resolver and you
just put specific dns resolver in your /etc/resolcv.conf

There might be better ways with NM to manually specify your dns server.


Each network connection stanza can be individually configured based on your
location requirements. I would look into the documentation to solve the
issue the "NM way" and not come up with some hack and then fight the NM.

-H

--
Henning Follmann | hfol...@itcfollmann.com

[Jeffrey Walton]

On Sun, Oct 22, 2023 at 7:13 AM Michael Kjörling <2695bd...@ewoof.net> wrote:
>
> On 21 Oct 2023 17:13 -0400, from poc...@columbus.rr.com (Pocket):
> > Why would I register a domain name for an internal network?
> > Any name will do. You could make the same argument if you just
> > makeup a domain to use as it could already be registered or someone
> > my register it in the future.
> > That is why I picked example.org as It will/can not be used, no
> > collision with domain names that way.
>
> It's fairly recent (RFC 8375, May 2018) but this type of usage is
> pretty much exactly what home.arpa is meant for.
>
> https://www.rfc-editor.org/info/rfc8375

Thanks for that. I was not aware the domain was reserved.

Jeff

[Lee]

On Sat, Oct 21, 2023 at 4:24 PM Pocket wrote:
>
> Ding ding ding we have a winner!!!!

Just out of curiosity, why didn't you use the example from
https://wiki.debian.org/resolv.conf and do

echo 'make_resolv_conf() { :; }' >
/etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone

Are you using NTP? If yes, how are you keeping dhcp from over-writing
your ntp.conf?
I had to comment out the "ntp_servers_setup" line in
/etc/dhcp/dhclient-exit-hooks.d/ntp to keep dhcp from messing up my
list of ntp servers.

Regards,
Lee

[to...@tuxteam.de]

On Sun, Oct 22, 2023 at 11:22:06AM -0400, Lee wrote:
> On Sat, Oct 21, 2023 at 4:24 PM Pocket wrote:
> >
> > Ding ding ding we have a winner!!!!
>
> Just out of curiosity, why didn't you use the example from
> https://wiki.debian.org/resolv.conf and do
>
> echo 'make_resolv_conf() { :; }' >
> /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
> chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone

Does NetworkManager honour this? Or is that "just" a
dhclient thing?

Cheers
--
t

[Lee]

I don't know.

my /etc/network/interfaces has
iface enp1s0 inet6 dhcp

and my /etc/NetworkManager/system-connections/Wired\ connection\ 1 has
[ipv6]
addr-gen-mode=eui64
dns-search=
ip6-privacy=0
method=dhcp

but /etc/network/interfaces over-rides /etc/NetworkManager - correct?
So maybe I'm just using dhclient and have no idea if this works for
NetworkManager or not. .

Lee

[Tixy]

On Sat, 2023-10-21 at 17:13 -0400, Pocket wrote:
> I am just using what was installed by my scripted debian installation

A day ago when people pointed out that Network Manager only gets
installed if you select desktop install configuration, you denied that
was true by saying "Well the default install for bookworm does install
it and use it."

Now you admit you're using some kind of script to install Debian, I
think it's very misleading to call that 'a default install'. If, you
have a script you wrote or got from somewhere that installs software
that you don't want why don't you change the script, or just uninstall
Network Manager?

--
tixy

[gene heskett]

On 10/22/23 11:02, Henning Follmann wrote:
> On Sat, Oct 21, 2023 at 01:24:21PM -0400, Greg Wooledge wrote:
>> On Sat, Oct 21, 2023 at 01:08:58PM -0400, Pocket wrote:
>>>
>>> On 10/21/23 12:49, Greg Wooledge wrote:
>>>> On Sat, Oct 21, 2023 at 12:23:45PM -0400, Pocket wrote:
>>>>> I want NetworkManager to not over write /etc/resolv.conf
>>>> https://wiki.debian.org/resolv.conf
>>>>
>>> openresolv or resolvconf is not installed
>>>
>>> no dhcp client is running only networkmanager is installed/running
>>>
>
> Well, NM is a dhcp client, technically.
>
>>> making /etc/resolv.conf immutable is not the answer
>>
>> If you're asking us to tell you how to *make NetWorkManager behave*
>> then you might be frustrated. Most of the people on this mailing list
>> don't use it. There are some who actively despise it, and go out of
>> their way to ensure it's never installed. (Those people are a small
>> minority, but they're definitely here.) So, in all likelihood, nobody
>> here might know that answer.
>
> Well, that is not true. I think for a desktop NM is the right tool for most
> users.
> Some of these statements are based of past issues which mostly are
> resolved these days.
>
>>
>> If you believe NM is not behaving according to its documentation, then
>> file a bug report.

I did that decades ago, and was ignored. I don't even have the bugzilla
number cuz of seagates crappy 2T drives failing in a month taking first
my backups, then then a couple days later the main drive in this
machine, forcing a bookworm install that took 22 damned installs to get
rid of orca and brltty cuz the installer found a serial-usb adaptor and
assumed I was blind. They are used for a lot of ups's and for X10 stuff
that have nothing to do with hearing loss.

>
> Yes true,
>
> But I would assume that the initial question points to the real problem
> here.
>
> I assume you have some special requirments for your DNS resolver and you
> just put specific dns resolver in your /etc/resolcv.conf
>

You all have given me a hard time over this, but I have a nearly 35 year
history with hosts files which work for such as my home network at an
address block 192.168.nnn.nnn that is not relayed thru a router.

So that means my whole network is not net accessible without NAT in the
router which has been running dd-wrt forever. My whole home net has no
dhcp server, host files do it all.

NM, and avahi, seems to want to assign a default route in the 169 block
if it cannot find a dns server, but until recently that default route
has been the biggest PITA ever foisted of on us linux users. You cannot
get out of your T-shirt pocket for any reason, and getting rid of it
seems to be a big secret, no one has yet answered. So we put a
nameserver address pointing to the routers local address in resolv.conf
and quickly make it immutable before NM has a chance to screw it up.
Then a suitable entry in /e/n/interfaces usually results in a ping -c1
yahoo.com that just works.

NM's purpose seems to be is to jump thru dhcp hoops a host file user
does not need, so I put the router as a default nameserver in
/etc/resolv.conf and make it immutable, which router I think is running
dnsmasq, so if the name isn't cached there, dnsmasq forwards the request
to my isp's server which is supposedly up to date. I can ping any named
& registered site on this ball of rock and water, usually in less than
30 milliseconds unless its to Ulan Bator. IF I can prevent NM and avahi
from assigning a totally bogus 169. route, it just works. Until that
stops, neither is welcome for the initial install on my premises.

Once I have networking working, then cups might need avahi. but _NOT_
before the rest of my network is up and running. And every machine on my
local net can browse the world with FF.

So please tell me again what NM is supposed to do for /me/?

Thank you.

> There might be better ways with NM to manually specify your dns server.
>
>
> Each network connection stanza can be individually configured based on your
> location requirements. I would look into the documentation to solve the
> issue the "NM way" and not come up with some hack and then fight the NM.
>
> -H
>

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis

[Max Nikulin]

On 22/10/2023 19:22, Pocket wrote:
> What version of NetworkManager is installed with bullseye?
>
> Maybe a newer version is broken?

I upgraded this VM to bookworm months ago.

apt policy network-manager

network-manager:
Installed: 1.42.4-1
Candidate: 1.42.4-1
Version table:
*** 1.42.4-1 500
500 http://deb.debian.org/debian bookworm/main amd64 Packages
100 /var/lib/dpkg/status

My point was that it required some efforts to get an ethernet card be
controlled by NetworkManager. Due to deprecation of isc-dhcp-client
things may change in bookworm, but I do not see anything suspicious in
output of "apt-cache showpkg network-manager".

I am curious which package pulled network-manager in your case

aptitude why network-manager

or

apt list '?narrow(~i,
~DRecommends:~n^network-manager$|~D~n^network-manager$)'

In my case it is recommended by plasma-desktop.

[gene heskett]

Chuckle. Looks like a solution looking for a problem. You can use
whatever domainname that tickles your fancy when your net is in an
un-routeable address block. just for S&G, and because a half G.S., half
Coyote mix was the smartest "dog" I ever met, my home network domainname
has been the "coyote.den" for 25 years now. "Lady" understood English
and could do simple math, barking the number of times the answer was.

> Thanks for that. I was not aware the domain was reserved.
>
> Jeff
>

[Greg Wooledge]

On Sun, Oct 22, 2023 at 11:22:06AM -0400, Lee wrote:

> Just out of curiosity, why didn't you use the example from
> https://wiki.debian.org/resolv.conf and do
>
> echo 'make_resolv_conf() { :; }' >
> /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
> chmod 755 /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone

Because that only affects isc-dhcp-client, and does nothing for other
DHCP clients, such as Network Manager.

[Pocket]

Sent from my iPad

> On Oct 22, 2023, at 11:25 AM, to...@tuxteam.de wrote:

Which is exactly what I ended up with. Which turned out to be a better solution

[Andy Smith]

Hello,

That's a reasonable choice but it is a choice you've made.
NetworkManager isn't any sort of default on Debian; it's a
dependency pulled in by something in your install script, so it's
just another choice you've made even if not explicitly.

There is no compelling reason why you should stick with
NetworkManager unless you want to or it's a hard dependency of
something else. If not then it would be fine to remove it and
achieve the same configuration in a simpler way with ifupdown,
netplan or systemd-networkd directly. A lot of people would consider
that a simpler and therefore more desirable setup if NetworkManager
was not otherwise required.

I realise that all this has been pointed out already in this thread,
but again here you've stated that NetworkManager is some sort of
default for Debian and that the implication as such is that it
should be worked with rather than removed. One is by no means
straying from the "main sequence" of Debian by removing
NetworkManager where no dependency exists.

I'm glad you have worked with it though, in order to find a solution
for the problem you were having, and communicated that with us.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

[Pocket]

Sent from my iPad

> On Oct 22, 2023, at 1:18 PM, Greg Wooledge <gr...@wooledge.org> wrote:

I don’t know what pulled it in and I am not really at a point in time to slay that beast as I have a dns server to setup as well as an email server, never mine the NGINX server that needs to be setup asap

[Pocket]

Because the script does what the Debian installer does and runs without intervention

Sent from my iPad

> On Oct 22, 2023, at 12:41 PM, Max Nikulin <mani...@gmail.com> wrote:

[Pocket]

Sent from my iPad

> On Oct 22, 2023, at 12:12 PM, Tixy <ti...@yxit.co.uk> wrote:

Because I am working with what was installed, and I am using the internal network manager dhcp client. Nothing else needs to be installed or configured.

[Pocket]

Sent from my iPad

> On Oct 22, 2023, at 1:35 PM, Andy Smith <an...@strugglers.net> wrote:
>
> Hello,

>
>> On Sun, Oct 22, 2023 at 08:22:24AM -0400, Pocket wrote:
>>> On 10/22/23 04:02, Max Nikulin wrote:
>>> P.S. I do not see any reason to insist on NetworkManager in the case of
>>> a box which role is a DNS server for a local network. ifupdown should be
>>> sufficient. There is no need to detect cable plug/unplug events, to
>>> switch between connection configurations depending on current location
>>> or other circumstances.
>>
>> I would normally not use NetworkManager on a server system either, but in
>> this case NetworkManager is installed on all the bookworm installation so in
>> this case I choose to work with it instead of removing it.
>
> That's a reasonable choice but it is a choice you've made.
> NetworkManager isn't any sort of default on Debian; it's a
> dependency pulled in by something in your install script, so it's
> just another choice you've made even if not explicitly.
>
> There is no compelling reason why you should stick with
> NetworkManager unless you want to or it's a hard dependency of
> something else. If not then it would be fine to remove it and
> achieve the same configuration in a simpler way with ifupdown,
> netplan or systemd-networkd directly. A lot of people would consider
> that a simpler and therefore more desirable setup if NetworkManager
> was not otherwise required.
>

The reason is that with my default installation I can create a server or desktop from the same base. I have scripts that after a basic install make me a new server or desktop. NetworkManager is installed somehow in that base install and then it becomes common so rather than having two different ways of bringing up the network I just have one and it just happened to be NetworkManager. I would have ok if Systemd networking would have been the common way as well. I have used the ifupdown with dhcpcd and Systemd networking in the past. The is my first go with NetworkManger

[John Hasler]

Gene writes:
> Chuckle. Looks like a solution looking for a problem. You can use
> whatever domainname that tickles your fancy when your net is in an
> un-routeable address block.

It's for people who haven't a clue as to what a domainname or address
block is.

https://datatracker.ietf.org/doc/html/rfc7788
--
John Hasler
jo...@sugarbit.com
Elmwood, WI USA

[Michael Kjörling]

On 22 Oct 2023 13:13 -0500, from jo...@sugarbit.com (John Hasler):

> It's for people who haven't a clue as to what a domainname or address
> block is.
>
> https://datatracker.ietf.org/doc/html/rfc7788

RFC 8375 section 1:

"Although this document makes specific reference to [RFC7788], it is
not intended that the use of 'home.arpa.' be restricted solely to
networks where HNCP is deployed. Rather, 'home.arpa.' is intended to
be the correct domain for uses like the one described for '.home' in
[RFC7788]: local name service in residential homenets."

[Dan Ritter]

gene heskett wrote:
> On 10/22/23 11:19, Jeffrey Walton wrote:
> > On Sun, Oct 22, 2023 at 7:13 AM Michael Kjörling <2695bd...@ewoof.net> wrote:
>
> > > https://www.rfc-editor.org/info/rfc8375
> >
> Chuckle. Looks like a solution looking for a problem. You can use whatever
> domainname that tickles your fancy when your net is in an un-routeable
> address block.

Sure. Right up until the day that someone registers it on the
Net at large.

As of March 2021, the IANA root database includes 1589 TLDs.
"den" is not currently one of them, but that could change at any
point, and then there would be a high likelihood of "coyote.den"
being registered by someone else.

You might not have a specific problem with that, depending on
how you do local DNS, and depending on what you want. But it's
safer to either use a recognized internal domain (home.arpa, for
instance) or a domain that you own, either with split views or
unpublished internal subdomains (internal.randomstring.org, for
example).

-dsr-

[Dan Ritter]

gene heskett wrote:
>
> So please tell me again what NM is supposed to do for /me/?

Nothing, You do not have a good use case for NM.

NM is for laptops that connect to many different networks,
primarily, and secondarily for corporate networks where many
people will need IT handholding.

In my personal opinion, of course.

-dsr-

[Jeffrey Walton]

+1.

I've been using home.pvt and home.dmz since the late 1990s. I've been
waiting for it to break since vanity domains/brand tlds are a thing
now. <https://icannwiki.org/Brand_TLD>.

Jeff

[gene heskett]

As I keep repeating Dan, there is not a local dns, its all a 15 entry
hosts file atm. So that cannot bite /me/.

Now If I should make a typu, fat fingering & miss-spelling an alias, I
suppose that might resolve to someplace in the neighorhood of a yurt
near Ulan Bator and they might not appreciate my trying to login in
English. Until then I'm not inclined to lose much sleep over it. If it
ever happens, its adjustable in any event. It will all die when this
stuff gets turned off by the cleanup crew after I miss roll call.

There's about 6 years left in the pacemaker battery and the average life
of a TAVR heart valve is another 8 or so years. By then I will be 95 and
might be napping in my morning cereal. Higher Powers have missed several
chances to claim me, but they'd look ar the book and send me down, I'd
fix the stoker, rewind the generators and open an air conditioned bar
and neither of them could tolerate that. In the meantime ;o)>

>
> -dsr-
> .

[gene heskett]

On 10/22/23 14:19, John Hasler wrote:
> Gene writes:
>> Chuckle. Looks like a solution looking for a problem. You can use
>> whatever domainname that tickles your fancy when your net is in an
>> un-routeable address block.
>
> It's for people who haven't a clue as to what a domainname or address
> block is.

If that is an insult, so be it.
>
> https://datatracker.ietf.org/doc/html/rfc7788

Many Thanks for the link John, but having spent 20 minutes scanning thru
that, my probably invalid comment would be that all the links are there
but not even a Philadelphia lawyer could grasp it in 5 years time.
Assuming each link is 20,000 words or more, at 400 wpm I don't have
enough time left to read it all.

[Lee]

I can sort of understand that an all volunteer project is going to
have some rough edges and inconsistencies, but this is a bit much. My
understanding is that ISC no longer supports their dhcp client
software so the isc-dhcp-client package will go away someday?
correct? & I suspect whatever works today will break when the new
software comes out, so I'd rather get a head-start on how to work with
the replacement.

How can I find out who is working on what replacement?

Thanks
Lee

[John Hasler]

I wrote:
> It's for people who haven't a clue as to what a domainname or address
> block is.

Gene writes:
> If that is an insult, so be it.

I just meant to explain that though it is not a solution to your problem,
it is a solution to a problem some other people have.

[Pocket]

https://www.isc.org/kea/


--
It's not easy to be me

[ghe2001]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

How about a /29 or so, named "here.<your initials>", hosts named 2 or 3 letter abbreviations of what you call the computers, with unroutable IPs, DNS'ed in /etc/hosts (with shortcuts).

Works here...

--
Glenn English

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAnBYJlNbcbCZCf14YxgqyMMhYhBCyicw9CUnAlY0ANl5/XhjGC
rIwyAAC+WwgAuYZg79YPdVcffLcsYAKN5NVK4rl+q0NB1Bnmk8IyvuQ2AHo2
+zzA2C1wRb0266xJKVvBt+T/e4VxE6NVJbPb22UjYkVoFFoK8qDi73V0uhdm
m7W+kNDSFsLMFmuzRqVipPQAHqSDml28DhwIAEzPI+9OWVGfQSzmayEl4XGK
lca9+j3Dj/7Lu4vLCvuG8Aowhw4M5Xq7qtbj7JXe30fQ3I25c9DTu9Zd5FT4
VbfLMJHhCeeRakGzRcxRFEq8+BQAc9l/3Jip9rteYwzb03atoqSXHIcG6YQJ
VqZofzElWCFZ//ahPa4vR8A51wmdf2mFVYyc13101u1BkSGCWEWFSQ==
=VonO
-----END PGP SIGNATURE-----

[gene heskett]

On 10/22/23 18:45, John Hasler wrote:
> I wrote:
>> It's for people who haven't a clue as to what a domainname or address
>> block is.
>
> Gene writes:
>> If that is an insult, so be it.
>
> I just meant to explain that though it is not a solution to your problem,
> it is a solution to a problem some other people have.

Six of one, half a dozen of the other John.

What really bugs me is when the maintainers forget there are hosts file
users, and do something that totally screws us up, getting help to
restore a broken system can't be done, cuz you can't ask anything with
it broken, and when by brute force, you finally get it sorta working,
95% of the help you need to really make it right is replaced by
instructions on how to setup just one facet of dhcp, so it often has to
be a snippet there, and another from someplace else, repeat till it all
works, gleaned from the 5% who do understand but are often drowned out
by the why the hell don't you run dhcp crowd representing the other 95%.

Not your fault of course, that is just how it is as viewed from this
chair, by the same guy whose been online since before Delphi, with a
trs-80 Color computer since we were blessed with a server at Princeton
in the 80's. A remodel got it walled in and forgotten about till
another remodel tore out the wall exposing it a decade later, still
running. 30+ years later I can't even remember its name. Perhaps you do.

Take care & stay well John.

[Greg Wooledge]

On Sun, Oct 22, 2023 at 08:36:53PM -0400, gene heskett wrote:
> What really bugs me is when the maintainers forget there are hosts file
> users, and do something that totally screws us up,

Gene, you're being irrational again. "Hosts file only" systems have been
supported since before Debian existed, without surcease. There has never
been a time when they weren't supported. There never will be.

Any issues you've encountered have been the result of misconfiguration.
You have repeatedly shown errors in your config files, and once those
have been corrected, everything has worked as expected.

[gene heskett]

This is generally true, Greg, and I get that, but every new version,
which should just continue what works, doesn't cuz somebody moved a
config file and last years fix doesn't work this year. And you can't
ask for help when its not working. So YOU have to fix it based of what
YOU know works. Makes one wonder about the motives.

[John Hasler]

Gene writes:
> This is generally true, Greg, and I get that, but every new version,
> which should just continue what works, doesn't cuz somebody moved a
> config file and last years fix doesn't work this year. And you can't
> ask for help when its not working. So YOU have to fix it based of what
> YOU know works. Makes one wonder about the motives.

I use host files and I don't have that problem.

[Max Nikulin]

On 23/10/2023 04:43, gene heskett wrote:
>
> As I keep repeating Dan, there is not a local dns, its all a 15 entry
> hosts file atm. So that cannot bite /me/.

It can. Some day .den TLD may be registered and chosen by a 3d printer
manufacturer. It might happen that you would not be able to access docs
for your shiny new device and you would claim something like

> Google seems to have high jacked port 80

https://lists.debian.org/msgid-search/0a8b96aa-8630-ee5c...@shentel.net

[Stefan Monnier]

>> This is generally true, Greg, and I get that, but every new version,
>> which should just continue what works, doesn't cuz somebody moved a
>> config file and last years fix doesn't work this year. And you can't
>> ask for help when its not working. So YOU have to fix it based of what
>> YOU know works. Makes one wonder about the motives.
> I use host files and I don't have that problem.

Same here: the last time I had problems with `/etc/hosts` files was
back when `/etc/nsswitch.conf` was introduced :-)
That was before I started using Debian.

I can relate to Gene's feelings since there's been indeed some churn
over the years, but `/etc/hosts` seems like an odd example because this
one is among the most stable part of Unix/Linux.


Stefan

[Jeffrey Walton]

On Mon, Oct 23, 2023 at 1:24 AM ghe2001 <ghe...@protonmail.com> wrote:
>
> How about a /29 or so, named "here.<your initials>", hosts named 2 or 3 letter abbreviations of what you call the computers, with unroutable IPs, DNS'ed in /etc/hosts (with shortcuts).

Whatever you come up with for <your initials>, ICANN can add to the
gTLD namespace; see <https://icannwiki.org/Brand_TLD>.

The DNS queries for fii.xy (a typo) will escape your homenet when you
meant to type foo.xy (the target).

Jeff

[Max Nikulin]

On 23/10/2023 09:59, Stefan Monnier wrote:
> I can relate to Gene's feelings since there's been indeed some churn
> over the years, but `/etc/hosts` seems like an odd example because this
> one is among the most stable part of Unix/Linux.

Gene's issue was with resolv.conf and he was refusing Greg's suggestions
to fix it for a long time.

By the way, is there a way to validate correctness of the resolv.conf
file, e.g. to force libc to spit warnings in response to unrecognized
entries?

[Christian Groessler]

On 10/23/23 07:29, Jeffrey Walton wrote:
> On Mon, Oct 23, 2023 at 1:24 AM ghe2001 <ghe...@protonmail.com> wrote:
>>
>> How about a /29 or so, named "here.<your initials>", hosts named 2 or 3 letter abbreviations of what you call the computers, with unroutable IPs, DNS'ed in /etc/hosts (with shortcuts).
>
> Whatever you come up with for <your initials>, ICANN can add to the
> gTLD namespace; see <https://icannwiki.org/Brand_TLD>.

Just register a daomain and use that.

regards,
chris

[gene heskett]

The squawk includes /etc/hosts because that method is the root cause of
all the troubles. For a while you could hide what used to be in
/etc/network/interfaces in the last stanza of /etc/dhcpdc(sp?).conf, but
that like /e/n/interfaces was too easy, anybody could do it so that went
away. There it was the last ditch src if a dhcp could not be found.
That actually made sense but wasn't ever published that I know of. The
churn seems more like change just for the hell of it as no real reason
for the changes ever seemed to make it into the docs that get installed
in a bare metal install. Not even a hint in any of the usual suspects
conf files. It was pure serendipity that I found that with a global grep
of the whole /etc tree for any mention of dhcp. That fell out, so I read
it, finding this cute little fill in the blanks thing clear at the
bottom of a 5k file. So I "filled in the blanks" and it worked, For two
major releases. But again that was way too easy so it went away, I guess
in favor of nsswitch. But not one grep able word about it made it into
the bare metal installed docs. And that is where this old (89 now) Iowa
farm kid who tested in the 7th grade at an IQ of 147, blows his cool.
Which unfortunately gets me way more than my std 15 minutes of fame here.

Anyway Stefan, take care and stay well. And unvaxed. A small selenium
and a couple d3's a day is much better insurance.

[ghe2001]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

------- Original Message -------

On Sunday, October 22nd, 2023 at 11:29 PM, Jeffrey Walton <nolo...@gmail.com> wrote:



> Whatever you come up with for <your initials>, ICANN can add to the
>
> gTLD namespace; see https://icannwiki.org/Brand_TLD.
>
>
> The DNS queries for fii.xy (a typo) will escape your homenet when you
> meant to type foo.xy (the target).

Hadn't thought of that, but a shortcut name in the hosts file fixes it all.

For example: One of my computers is called gobook3 (makes sense to me). In hosts, it's shortcut is 'gb'. 'ping gb' does what's expected. 'ping gv' says 'ping: gv: Name or service not known'. And I've had no reason to rattle ICANN's cage(s) -- it's all local.

/etc/hosts has worked just fine for me since I became aware of IP and put up a little Internet domain (I disabled it a few years ago when my brain hit 75 years old and the ISP raised their rates).

--
Glenn English

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAnBYJlNpbgCZCf14YxgqyMMhYhBCyicw9CUnAlY0ANl5/XhjGC
rIwyAABxJgf/TiRVNvnU6+/TWEslmJQdit8GwdWRVDt2Qt4COngONjquR1jW
4Z+N55do+UwwPsHPkmZDaSE2yWkVwhfi1Yvr+ET2P8bUHgishQ6WevV2rOhB
2guatFVXb7B/DbYIfAU+/YAJPOwoNCLB95kH/Z0yh0gXjpZHl0eMeXWg+T9M
VoGlJQlc1YoWHBVUPqx+eowTAnuW0FhWP3aO9t1lj+AkuJiQpvv2Othhwkok
vzX2oSIUUGxSegaeHQ+l2OzB4Sv8FKtn1JWOQvYW8Vzm33N6XiBjS8IAWdfx
UJUBjZH6UZiJoNosKxdlwfrSqoR0DwCgBb1Eilboy7XSzp8r/m47dA==
=Ly3y
-----END PGP SIGNATURE-----

[gene heskett]

On 10/22/23 22:37, John Hasler wrote:
> Gene writes:
>> This is generally true, Greg, and I get that, but every new version,
>> which should just continue what works, doesn't cuz somebody moved a
>> config file and last years fix doesn't work this year. And you can't
>> ask for help when its not working. So YOU have to fix it based of what
>> YOU know works. Makes one wonder about the motives.
>
> I use host files and I don't have that problem.

And where, if you don't have a network, did you find the info to fix
it?, when two junk 2T seagates around 6 weeks old die in the same week,
making one start from square one with a new bookworm install? And
install that pulled in and enabled orca and brltty and which could not
be rebooted once they were disabled. You could only reinstall to reboot,
which I did 22 times before someone suggested unplugging any
usb<->serial adapters, the installer was assuming I was blind and NEVER
ASKED ME if I wanted them.

Have you, I assume with decent hearing, ever tried to use a computer
that is locked up and spending about a second for every key press by
announcing in a barely understandable but loud voice, every key's
identity as they are being pressed? Distraction is a wholly inadequate
description. I rest my case on that one.

Take care & stay well John.

[gene heskett]

They have, chromium, the google browser, absolutely cannot be sent to
http://localhost:80 on any arm system here at the Heskett Ranchette. FF
can, but not chromium, its doing a failed advertising lookup on google
instead. Still works normally on wintel hdwe, but not on arm's. And I
use bananapi-m5's to run klipper and friends on a couple tables full of
3d printers here. And except for an rpi4b doing a different job, they
ALL run on debian bookworm/arm64 or ubuntu jammy/arm64 repos.

[Lee]

Yes, that's the ISC replacement. But I get the impression Debian is
leaning towards using dhcpcd
https://lists.debian.org/debian-boot/2023/06/msg00121.html
https://lists.debian.org/debian-devel/2023/07/msg00277.html

There's a very good chance I'm missing something, which is why I'm
asking what will be the new default dhcp client software? (for
debian)

Thanks
Lee

[Greg Wooledge]

On Mon, Oct 23, 2023 at 12:12:50PM -0400, gene heskett wrote:
> > > Google seems to have high jacked port 80
> >
> > https://lists.debian.org/msgid-search/0a8b96aa-8630-ee5c...@shentel.net
> >
> They have, chromium, the google browser, absolutely cannot be sent to
> http://localhost:80 on any arm system here at the Heskett Ranchette. FF can,
> but not chromium, its doing a failed advertising lookup on google instead.

I don't have Chromium, but I do have Google Chrome installed.

ii google-chrome-stable 118.0.5993.88-1 amd64 The web browser from Google

Whatever issue you're seeing, I'm not able to reproduce it. If I run
a service on localhost port 80, and then paste http://localhost:80 into
the URL bar in Chrome (copied directly from your email), it connects
to the localhost service.

unicorn:~$ sudo tcpserver -v 0 80 /usr/bin/printf 'hello world\r\n'
tcpserver: status: 0/40
tcpserver: status: 1/40
tcpserver: pid 473439 from 127.0.0.1
tcpserver: ok 473439 localhost:127.0.0.1:80 localhost:127.0.0.1::45292
tcpserver: end 473439 status 0
tcpserver: status: 0/40

unicorn:~$ grep localhost /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback

unicorn:~$ grep hosts /etc/nsswitch.conf
hosts: files mdns4_minimal [NOTFOUND=return] dns

There's no conspiracy here. There's no "every few years Debian changes
something and I have to scramble to fix it". This stuff just works, Gene.
For everybody except you.

[Andrew M.A. Cater]

On Mon, Oct 23, 2023 at 02:09:31PM -0400, Greg Wooledge wrote:
> On Mon, Oct 23, 2023 at 12:12:50PM -0400, gene heskett wrote:
> > > > Google seems to have high jacked port 80
> > >
> > > https://lists.debian.org/msgid-search/0a8b96aa-8630-ee5c...@shentel.net
> > >
> > They have, chromium, the google browser, absolutely cannot be sent to
> > http://localhost:80 on any arm system here at the Heskett Ranchette. FF can,
> > but not chromium, its doing a failed advertising lookup on google instead.
>

Gene,

Admittedly on amd64 virtual machine but as a datum point. With Gnome, nginx
and Chromium installed - thus a working web server on the same machine

Chromium works perfectly to serve http://localhost:80 and serves the
nginx page perfectly

Cannot reproduce,

Andy

[Andy Smith]

Hi,

On Sun, Oct 22, 2023 at 06:36:28PM -0400, Lee wrote:
> My understanding is that ISC no longer supports their dhcp client
> software so the isc-dhcp-client package will go away someday?
> correct? & I suspect whatever works today will break when the new
> software comes out, so I'd rather get a head-start on how to work
> with the replacement.
>
> How can I find out who is working on what replacement?

There was a fairly recent conversation on debian-devel over what to
replace isc-dhcp-client with for the trixie release onwards:

https://lists.debian.org/debian-devel/2023/06/msg00184.html

My understanding is that ultimately the choice will be made by the
ifupdown maintainer, assuming that remains the default way to
configure networking on trixie absent other dependencies.

Unfortunately there does not seem to be a public response by the
ifupdown maintainer jo...@debian.org in that thread.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

[Andy Smith]

Hello,

On Sun, Oct 22, 2023 at 10:33:47PM -0400, gene heskett wrote:
> On 10/22/23 20:48, Greg Wooledge wrote:
> > Any issues you've encountered have been the result of misconfiguration.
> > You have repeatedly shown errors in your config files, and once those
> > have been corrected, everything has worked as expected.
>
> This is generally true, Greg, and I get that, but every new version, which
> should just continue what works, doesn't cuz somebody moved a config file

I'm afraid that *you* are the person who has moved or broken your
config files with relation to name resolution in every case you've
ever described here. All of it has been user error. You've never yet
shown an example of any change designed to make hosts files work
less well (or not at all). That is just a belief you have and
continue to state as if it's fact, but at no time has it stood up to
scrutiny.

Those reading this later need to believe Greg's statements and not
Gene's.

[gene heskett]

On 10/23/23 14:09, Greg Wooledge wrote:
> On Mon, Oct 23, 2023 at 12:12:50PM -0400, gene heskett wrote:
>>>> Google seems to have high jacked port 80
>>>
>>> https://lists.debian.org/msgid-search/0a8b96aa-8630-ee5c...@shentel.net
>>>
>> They have, chromium, the google browser, absolutely cannot be sent to
>> http://localhost:80 on any arm system here at the Heskett Ranchette. FF can,
>> but not chromium, its doing a failed advertising lookup on google instead.
>

My mistake, I'm not a huge chrome fan, its google, spit.

But on armbian jammy its the default browser and you can't change that
either. Amazingly it seems to work normally to localhost6, but there's
nothing there, its all on port 80. So we are forced to use FF which Just
Works for ipv4 addresses.

> I don't have Chromium, but I do have Google Chrome installed.
>
> ii google-chrome-stable 118.0.5993.88-1 amd64 The web browser from Google
>
> Whatever issue you're seeing, I'm not able to reproduce it. If I run
> a service on localhost port 80, and then paste http://localhost:80 into
> the URL bar in Chrome (copied directly from your email), it connects
> to the localhost service.
>

Which it should Just Do, but on armbian jammy, no.

> unicorn:~$ sudo tcpserver -v 0 80 /usr/bin/printf 'hello world\r\n'
> tcpserver: status: 0/40
> tcpserver: status: 1/40
> tcpserver: pid 473439 from 127.0.0.1
> tcpserver: ok 473439 localhost:127.0.0.1:80 localhost:127.0.0.1::45292
> tcpserver: end 473439 status 0
> tcpserver: status: 0/40
>
> unicorn:~$ grep localhost /etc/hosts
> 127.0.0.1 localhost
> ::1 localhost ip6-localhost ip6-loopback
>

And I'm 150 miles from the nearest ipv6 access point.

> unicorn:~$ grep hosts /etc/nsswitch.conf
> hosts: files mdns4_minimal [NOTFOUND=return] dns
>
> There's no conspiracy here. There's no "every few years Debian changes
> something and I have to scramble to fix it". This stuff just works, Gene.
> For everybody except you.
>

gene@bpi55:~$ grep localhost /etc/hosts
127.0.0.1 localhost
::1 localhost bananapim5 ip6-localhost ip6-loopback
gene@bpi55:~$ grep hosts /etc/nsswitch.conf
hosts: files mymachines dns myhostname

Take care & stay well, Greg.

[gene heskett]

On 10/23/23 16:35, Andy Smith wrote:
> Hello,
>
> On Sun, Oct 22, 2023 at 10:33:47PM -0400, gene heskett wrote:
>> On 10/22/23 20:48, Greg Wooledge wrote:
>>> Any issues you've encountered have been the result of misconfiguration.
>>> You have repeatedly shown errors in your config files, and once those
>>> have been corrected, everything has worked as expected.
>>
>> This is generally true, Greg, and I get that, but every new version, which
>> should just continue what works, doesn't cuz somebody moved a config file
>
> I'm afraid that *you* are the person who has moved or broken your
> config files with relation to name resolution in every case you've
> ever described here. All of it has been user error. You've never yet
> shown an example of any change designed to make hosts files work
> less well (or not at all). That is just a belief you have and
> continue to state as if it's fact, but at no time has it stood up to
> scrutiny.
>

Then perhaps you can explain to me, why Ican fillout the data tonget
online with a netinstall installer, download and instal 6 or 8 Gn of
stuff, and when it is time to reboot the new snstall, it comes back up
with a default route in the 169 block, locking me out of net access
until I rm by brute root force any and everything to do with avahi for
starters? At that point I'm locked out of net access even to the other
still working machines on my home net. Explain to me how I've just
pulled close to 8 GB in from the net, but the totally bogus avahi 169
address is the default route when its been thru the first reboot.

Go ahead, But I'm listening for factual info, not the above innuendo and
false accusations I did something wrong. I'm not doing anything the
installer didn't ask me to do. 22 times before someone told me to
unplug my weeping willow tree of usb stuff in order to get an install
w/o orca and brltty which it installed and activated w/o asking me if I
wanted it just because it was finding 2 usb-serial adapter's and assumed
I was blind. Once that stuff is enabled and you rm it to get some peace
and quiet, it won't reboot as it waits forever to bring them back up. So
when I needed to reboot the only way to reboot was to reinstall. And
I'm been catching hell ever since just because I wanted a working
system, which even now I don't have.

My /home is a raid10, but anything that wants to write to it, has to
wait anywhere from 30 seconds to 5 minutes before the file requestor
asking where to put this incoming file opens. Its /my/ raid, I own it
all, why and what is getting in the way? A question I have asked
several times without even the courtesy of a reply.

A recent kernel update seemed to speed that up some, the wait is now a
much more consistent 30 seconds but it is still there for the first
access and now instant after that initial wait.

Am I the only one on the planet using a quad of 1T Samsung 870 SSD's for
a raid10 /home?

> Those reading this later need to believe Greg's statements and not
> Gene's.

Thanks for the no confidence vote Andy but I'l stand by what I wrote. It
has all happened to /me/.

> Thanks,
> Andy

[Max Nikulin]

On 22/10/2023 23:29, gene heskett wrote:
> My whole home net has no
> dhcp server, host files do it all.
>
> NM, and avahi, seems to want to assign a default route in the 169 block
> if it cannot find a dns server,
[...]
> IF I can prevent NM and avahi
> from assigning a totally bogus 169. route, it just works.

NetworkManager supports static network configuration and it has been
working for years.

Of course, by default it tries to get configuration from a DHCP server.
A connection with a static address may be created even from GUI.

There was a thread several months ago with discussion of link local
169.254.x.y addresses. They may coexist with dynamic or static IP
addresses. avahi-autoipd (avahi is another daemon) just tries to make at
least some network resources available for you. It is not a fault of
avahi-autoipd or NetworkManager that your configuration expects DHCP
response on a network where static addresses are used.

[Pocket]

Where may I find that thread?

I would like to read it

Thanks

[Andrew M.A. Cater]

On Tue, Oct 24, 2023 at 01:21:04PM -0400, Pocket wrote:
>
<snips>

> >
> > Of course, by default it tries to get configuration from a DHCP server.
> > A connection with a static address may be created even from GUI.
> >
> > There was a thread several months ago with discussion of link local
> > 169.254.x.y addresses. They may coexist with dynamic or static IP
> > addresses. avahi-autoipd (avahi is another daemon) just tries to make at
> > least some network resources available for you. It is not a fault of
> > avahi-autoipd or NetworkManager that your configuration expects DHCP
> > response on a network where static addresses are used.
> >
> Where may I find that thread?
>

There are threads from Gene and others in (at least) February and March
2023 archives for this list on addresses, nameservers and so on..

In general, go to the url of the form https://lists.debian.org/debian-user/2023/04/ and change the last digits for the appropriate month.

Reading the archives of this list is often instructive

[Andy Smith]

Hi Max,

On Tue, Oct 24, 2023 at 11:48:35PM +0700, Max Nikulin wrote:
> There was a thread several months ago with discussion of link local
> 169.254.x.y addresses.

$ notmuch count 'from:ghes...@shentel.net (body:"169.254" or body:"avahi")'
110

i.e. in the last 4 years I have 110 emails from Gene that feature
the string "169.254" or "avahi". They are all from this mailing
list.

Avahi is one of Gene's bogeymen. It has been explained to Gene many
times why he ends up with these link-local addresses, and what (if
anything) to do about it. It is chiefly to do with Gene's use of
Armbian (which isn't Debian, so is off-topic here) and it being
configured to use DHCP by default.

There is unlikely to be anything you can say to Gene about IPv4
link-local addresses that has not already been said to him multiple
times.

This conversation will likely happen again next time Gene feels we
are due a rant about Avahi, and as here, it will probably start to
hijack someone else's thread.

[gene heskett]

So would I.
>
> Thanks

[David Wright]

You go to https://lists.debian.org/debian-user/ and search for
gheskett 169.254
(his sign-off and the address in question). That'll drop you into the
middle of a 2022-01 thread that might be relevant. All words, BTW.

There may be others; in fact I'm almost certain there are.

Cheers,
David.

[David Wright]

That costs money, and I can't see the point when there are TLDs
that are perfectly safe already available, like .home.arpa, and
before that, .{corp,home,mail}.

Cheers,
David.

[ghe2001]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


------- Original Message -------

On Tuesday, October 24th, 2023 at 7:47 PM, David Wright <deb...@lionunicorn.co.uk> wrote:


> On Mon 23 Oct 2023 at 12:06:05 (+0200), Christian Groessler wrote:
>
> > On 10/23/23 07:29, Jeffrey Walton wrote:
> >

> > Just register a daomain and use that.
>
>
> That costs money,

It's probably slower than the Ethernet cable (or modern WiFi) to the next room, too.

> and I can't see the point when there are TLDs
> that are perfectly safe already available, like .home.arpa, and
> before that, .{corp,home,mail}.

TLD '.lan' works. As best I can tell on the web, it doesn't exist.

--
Glenn English
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAnBYJlOI4jCZCf14YxgqyMMhYhBCyicw9CUnAlY0ANl5/XhjGC
rIwyAAA4aQgAg3ynKpks+IHyX+b6F6NVclPhRTQp6Pudv5Z88EyhnKtphx54
Mcp7uYIQE+ibwLo00qKKfGkrvhfUk16ClRLfB9yN1iGzhBEgL1FS5bsKYaaU
9klf/51ks+sECp5blLvBFERhfUrVg0yOKANr4t0nep6aRWYsqikk79SfQRMP
6walXOtoG+FOdSfLzV1SIlZzULCXk1BmH1ouoABRv7KkLRjYK4Yi5fsjhRdz
r4tTTXAP4MvF3bJs5odxf99uk9o94uUO5P3fKDSDGsjPZN3RULmieRkqAX4o
2VR/dICquHTWjaSVwOtq0rgNkppBzC9SgFPb3AaTPpwMvb1suEA0Rw==
=xpps
-----END PGP SIGNATURE-----

[Marco M.]

Am 25.10.2023 um 03:40:46 Uhr schrieb ghe2001:

> TLD '.lan' works. As best I can tell on the web, it doesn't exist.

Is it intended for that?
No?
Then don't use it. It can be used in the future for public domains.

[Michael Kjörling]

On 25 Oct 2023 07:32 +0200, from m...@dorfdsl.de (Marco M.):

>> TLD '.lan' works. As best I can tell on the web, it doesn't exist.
>
> Is it intended for that?
> No?
> Then don't use it. It can be used in the future for public domains.

Exactly.

I see lots of people in this sub-thread arguing for cobbled-together,
"it works for me for now and if it breaks I'll just fix it later"
style solutions.

"home.arpa" is _reserved specifically_ for almost exactly the purpose
we're talking about: local (for example residential) use where one
does not want to pay for a domain name and/or does not need globally
unique names.

If you have anyway, or are willing to pay for, a domain name that you
can use for the purpose, great; all that power to you.

But most home users aren't in that situation. For those people,
"home.arpa" is _the official_ answer. It's not something I've made up.
There's an RFC, there's a corresponding domain name reservation, it's
specifically set up so that it won't break for example DNSSEC, and
that RFC is a _PROPOSED STANDARD_ which is pretty much as officially
sanctioned as things get on the public Internet. (I think IPv4 has the
status of STANDARD.)

Just like you shouldn't pick some IP address range at random for your
LAN if you want hosts on that LAN to be able to communicate unimpeded
with hosts on the Internet, you shouldn't randomly pick a domain name.
Using a domain name (or IP address range) which is reserved for
examples and documentation likely won't break anything important, but
it _will_ cause confusion (as evidenced earlier in this thread).

If you go with the domain name home.arpa and an IPv4 subnet sliced out
of one of 192.168.0.0/16, 172.12.0.0/12 or 10.0.0.0/8, you can be
_almost certain_ that nothing will break because of those choices, now
_or_ in the future.

None of the other alternatives I've seen proposed in this thread can
offer anything like such guarantees.

--
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

[Joe]

On Wed, 25 Oct 2023 09:01:18 +0000
Michael Kjörling <2695bd...@ewoof.net> wrote:


>
> I see lots of people in this sub-thread arguing for cobbled-together,
> "it works for me for now and if it breaks I'll just fix it later"
> style solutions.
>
>

Not arguing about anything else, but this situation you describe is how
IT works, and will continue to work until it stabilises, maybe a
century from now.

I have web pages on my home intranet written anything up to twenty
years ago. The versions of HTML, PHP, Perl etc that I used in many of
them are long obsolete. To do things right, I ought to go over that code
line by line every year or two, checking current documentation to see
what's deprecated, find out how to workaround it and fix it.

Life's too short. So when I use a page I haven't used for years,
there's a good chance it won't work, and I'll have to fix it then. So
be it.

Scale that up, and it's how the whole of IT works. Inevitably, things
will break, hardware and software won't work on new operating systems,
and so on. We have to live with it. Yes, it's nice to do things exactly
correctly, but they are only exactly correct today. Tomorrow, they may
be deprecated, and eventually removed.

The exact situation you address may be set in stone for all time. Or it
may not: it can be changed on a whim. All we can do is make the best
choice at the time, and even then we have to guess at how much time we
need to spend researching it in order to have a better choice than we
can see now, and whether it's worth doing that when we don't even know
that there is a better choice possible.

--
Joe

[gene heskett]

This thread is the first I've heard of home.arpa as a domainname for
internal lan's. It s/b easy enough to switch my local lan to that since
only the domainname changes. The alias shouldn't need changed.

Is there an RFC number for this already?

> None of the other alternatives I've seen proposed in this thread can
> offer anything like such guarantees.

Thank you for this clarificaion.

[Marco M.]

Am 25.10.2023 um 07:25:45 Uhr schrieb gene heskett:

> Is there an RFC number for this already?

ftp://ftp.rfc-editor.org/in-notes/rfc8375.html