From 7c25f7c18723841d7b558543612cab18c93d3910 Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Wed, 18 Nov 2020 09:56:38 +0100 Subject: [PATCH] Fix DNS resolving (#1004) * Add resolved.conf to disable stub resolver and DNSSEC There are Add-Ons which try to bind port 53 on all interfaces including 127.0.0.53. Disable the stub resolver to make them continue working. We don't need the resolver currently anyway. Also disable DNSSEC to make sure the baords can access a NTP time server even when their time is incorrect (since DNSSEC validation may fail). This is a known chicken-egg problem with systemd-resolved/systemd-timesyncd and might be addressed in a future version, with what we can reenable DNSSEC: https://github.com/systemd/systemd/issues/5873 * Make sure resolve gets added only once to nsswitch.conf Only add resolve to nsswitch.conf if not already present. --- .../rootfs-overlay/etc/systemd/resolved.conf | 25 +++++++++++++++++++ buildroot-external/scripts/rootfs-layer.sh | 2 +- 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 buildroot-external/rootfs-overlay/etc/systemd/resolved.conf diff --git a/buildroot-external/rootfs-overlay/etc/systemd/resolved.conf b/buildroot-external/rootfs-overlay/etc/systemd/resolved.conf new file mode 100644 index 000000000..e0ac2f824 --- /dev/null +++ b/buildroot-external/rootfs-overlay/etc/systemd/resolved.conf @@ -0,0 +1,25 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See resolved.conf(5) for details + +[Resolve] +#DNS= +#FallbackDNS=1.1.1.1 8.8.8.8 1.0.0.1 8.8.4.4 2606:4700:4700::1111 2001:4860:4860::8888 2606:4700:4700::1001 2001:4860:4860::8844 +#Domains= +DNSSEC=no +#DNSOverTLS=opportunistic +#MulticastDNS=yes +#LLMNR=yes +#Cache=yes +DNSStubListener=no +#ReadEtcHosts=yes +#ResolveUnicastSingleLabel=no diff --git a/buildroot-external/scripts/rootfs-layer.sh b/buildroot-external/scripts/rootfs-layer.sh index 6bebb0399..f737a0150 100755 --- a/buildroot-external/scripts/rootfs-layer.sh +++ b/buildroot-external/scripts/rootfs-layer.sh @@ -29,7 +29,7 @@ function fix_rootfs() { sed -i "s/MACAddressPolicy=persistent/MACAddressPolicy=none/g" "${TARGET_DIR}/usr/lib/systemd/network/99-default.link" # Use systemd-resolved for Host OS resolve - sed -i '/^hosts:/ {s/dns/resolve [!UNAVAIL=return] dns/}' "${TARGET_DIR}/etc/nsswitch.conf" + sed -i '/^hosts:/ {/resolve/! s/files/resolve [!UNAVAIL=return] files/}' "${TARGET_DIR}/etc/nsswitch.conf" }