Discussion:
dhclient and ipv6 DNS Servers
(too old to reply)
Rainer Dorsch
2020-01-14 09:20:01 UTC
Permalink
Hello,

the ipv6 DNS servers I get supplied from my ISP

nameserver fd38:81d3:9dac::1
nameserver fd22:c2e0:8eb2::1

have problems from time to time.

I tried to switch to other servers, e.g. Google, but this does not work, since

/etc/resolv.conf gets overwritten with a high frequency

/etc/dhcp/dhclient.conf does not accept ipv6 addresses like, since if I use
the instructions from

https://developers.google.com/speed/public-dns/docs/using

and add to /etc/dhcp/dhclient.conf

prepend domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;

dhclient becomes unhappy (during an ifup eth0.1)

/etc/dhcp/dhclient.conf line 26: semicolon expected.
prepend domain-name-servers 2001:
^
/etc/dhcp/dhclient.conf line 26: expecting a statement.
prepend domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
^
/etc/dhcp/dhclient.conf line 26: semicolon expected.

^

prepend domain-name-servers 8.8.8.8;
works, but still comes after the ipv6 nameservers

***@home:~# cat /etc/resolv.conf
domain bokomoko.de
search bokomoko.de
nameserver fd38:81d3:9dac::1
nameserver fd22:c2e0:8eb2::1
nameserver 8.8.8.8
nameserver 192.168.0.1
***@home:~#

and the slow servers get queried first :-/


Probably unrelated, but today even Murphy seems to be with me, even if I
switch on my ISP modem to alternate DNS servers, this gets ignored.

Any hint is welcome.

Thanks
Rainer
--
Rainer Dorsch
http://bokomoko.de/
Richard Hector
2020-01-14 11:50:01 UTC
Permalink
Post by Rainer Dorsch
/etc/dhcp/dhclient.conf does not accept ipv6 addresses like, since if I
use the instructions from
 
https://developers.google.com/speed/public-dns/docs/using
 
and add to /etc/dhcp/dhclient.conf
 
prependdomain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
dhclient becomes unhappy (during an ifup eth0.1)
 
/etc/dhcp/dhclient.conf line 26: semicolon expected.
^
/etc/dhcp/dhclient.conf line 26: expecting a statement.
prepend domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
^
/etc/dhcp/dhclient.conf line 26: semicolon expected.
Hi Rainer,

From dhcp-options(5), it looks like you need:

prepend dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;

instead. I haven't tried it myself.

Richard
Greg Wooledge
2020-01-14 13:30:01 UTC
Permalink
Post by Rainer Dorsch
I tried to switch to other servers, e.g. Google, but this does not work, since
/etc/resolv.conf gets overwritten with a high frequency
https://wiki.debian.org/resolv.conf
Curt
2020-01-14 15:30:01 UTC
Permalink
Post by Greg Wooledge
Post by Rainer Dorsch
I tried to switch to other servers, e.g. Google, but this does not work, since
/etc/resolv.conf gets overwritten with a high frequency
https://wiki.debian.org/resolv.conf
Actually, as I've said elsewhere (but I'm still dealing with a gmane
post-absorption issue so I'll repeat it here) I believe he needs the

prepend dhcp6.name-servers ...

option for ipv6 as described in the dhcp-options manpage. This
is why he's receiving the "semicolon expected" error.
--
"J'ai pour me guérir du jugement des autres toute la distance qui me sépare de
moi." Antonin Artaud
Greg Wooledge
2020-01-14 15:40:01 UTC
Permalink
Post by Curt
Post by Greg Wooledge
Post by Rainer Dorsch
I tried to switch to other servers, e.g. Google, but this does not work, since
/etc/resolv.conf gets overwritten with a high frequency
https://wiki.debian.org/resolv.conf
Actually, as I've said elsewhere (but I'm still dealing with a gmane
post-absorption issue so I'll repeat it here) I believe he needs the
prepend dhcp6.name-servers ...
option for ipv6 as described in the dhcp-options manpage. This
is why he's receiving the "semicolon expected" error.
None of my systems have IPv6, so I can't be the one to verify any
of that information to add to the wiki page. If you'd like to do it,
that's great.

Meanwhile, there are a few different ways to keep your resolv.conf
file untouched, rather than relying on isc-dhcp-client to continually
rewrite it in the form you want. The wiki page describes some of
those ways.

Personally, I do not understand the appeal of the "put lines in
configuration file X so that isc-dhcp-client will use them when it
rewrites configuration file Y" approach. I'd rather just edit file Y by
hand and tell isc-dhcp-client not to touch it at all. It's a shame that
it's so incredibly difficult to do that. But, that's why we have the
resolvconf package, and it's why we have the wiki page that describes
how to do it.
Bob Weber
2020-01-14 18:20:01 UTC
Permalink
Post by Greg Wooledge
Meanwhile, there are a few different ways to keep your resolv.conf
file untouched, rather than relying on isc-dhcp-client to continually
rewrite it in the form you want. The wiki page describes some of
those ways.
Personally, I do not understand the appeal of the "put lines in
configuration file X so that isc-dhcp-client will use them when it
rewrites configuration file Y" approach. I'd rather just edit file Y by
hand and tell isc-dhcp-client not to touch it at all. It's a shame that
it's so incredibly difficult to do that. But, that's why we have the
resolvconf package, and it's why we have the wiki page that describes
how to do it.
Just edit the file /etc/resolv.conf and make it immutable (chattr +i 
/etc/resolv.conf).  At least you will know what is in the file and that it can't
be changed (mistakes and all).  I use this to keep chrome from changing the
google-chrome-beta.list file every time it starts since I use the HTTPS///
option of  apt-cacher-ng to use https transfers outside my LAN.
--
*...Bob*
Greg Wooledge
2020-01-14 19:10:01 UTC
Permalink
Just edit the file /etc/resolv.conf and make it immutable (chattr +i 
/etc/resolv.conf).  At least you will know what is in the file and that it
can't be changed (mistakes and all).  I use this to keep chrome from
changing the google-chrome-beta.list file every time it starts since I use
the HTTPS/// option of  apt-cacher-ng to use https transfers outside my LAN.
That is one of the options given on the wiki page.

https://wiki.debian.org/resolv.conf

Be sure you work around bug #860928 if you use this approach.
Rainer Dorsch
2020-01-14 22:50:01 UTC
Permalink
Post by Greg Wooledge
Post by Bob Weber
Just edit the file /etc/resolv.conf and make it immutable (chattr +i
/etc/resolv.conf). At least you will know what is in the file and that it
can't be changed (mistakes and all). I use this to keep chrome from
changing the google-chrome-beta.list file every time it starts since I use
the HTTPS/// option of apt-cacher-ng to use https transfers outside my
LAN.
That is one of the options given on the wiki page.
https://wiki.debian.org/resolv.conf
Be sure you work around bug #860928 if you use this approach.
Thank you for all the good replies to this thread.

prepend dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;

avoids the error message, but has no visible effect I can see. The IPv6 DNS
servers still do not show in resolv.conf.

Unfortunately,

***@home:~# cat /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
make_resolv_conf() { :; }
***@home:~# ls -l /etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone
-rwxr-xr-x 1 root root 26 Jan 14 20:59 /etc/dhcp/dhclient-enter-hooks.d/
leave_my_resolv_conf_alone
***@home:~#

does not stop the system to overwrite /etc/resolv.conf constantly.

Do I need to restart a service that the change takes effect?

I did an ifdown/ifup eth0.1 ...

Thanks again
Rainer
--
Rainer Dorsch
http://bokomoko.de/
Rainer Dorsch
2020-01-15 00:20:01 UTC
Permalink
Post by Rainer Dorsch
Post by Greg Wooledge
Post by Bob Weber
Just edit the file /etc/resolv.conf and make it immutable (chattr +i
/etc/resolv.conf). At least you will know what is in the file and that it
can't be changed (mistakes and all). I use this to keep chrome from
changing the google-chrome-beta.list file every time it starts since I use
the HTTPS/// option of apt-cacher-ng to use https transfers outside my
LAN.
That is one of the options given on the wiki page.
https://wiki.debian.org/resolv.conf
Be sure you work around bug #860928 if you use this approach.
Thank you for all the good replies to this thread.
prepend dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
avoids the error message, but has no visible effect I can see. The IPv6 DNS
servers still do not show in resolv.conf.
Unfortunately,
make_resolv_conf() { :; }
/etc/dhcp/dhclient-enter-hooks.d/leave_my_resolv_conf_alone -rwxr-xr-x 1
root root 26 Jan 14 20:59 /etc/dhcp/dhclient-enter-hooks.d/
leave_my_resolv_conf_alone
does not stop the system to overwrite /etc/resolv.conf constantly.
Do I need to restart a service that the change takes effect?
I did an ifdown/ifup eth0.1 ...
Another interesting datapoint, if I enable debug data, I get with

prepend dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;

in dhclient.conf

as debug data in /tmp/dhclient-script.debug

--------------------------
Tue Jan 14 22:40:15 CET 2020: entering /etc/dhcp/dhclient-exit-hooks.d,
dumping variables.
reason='PREINIT'
interface='eth0.1'
--------------------------
Tue Jan 14 22:40:15 CET 2020: entering /etc/dhcp/dhclient-enter-hooks.d,
dumping variables.
reason='BOUND'
interface='eth0.1'
new_ip_address='192.168.0.30'
new_network_number='192.168.0.0'
new_subnet_mask='255.255.255.0'
new_broadcast_address='192.168.0.255'
new_routers='192.168.0.1'
new_domain_name='bokomoko.de'
new_domain_name_servers='192.168.0.1'
new_ntp_servers='192.168.0.1'
new_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844'
old_ip_address='192.168.0.30'
old_network_number='192.168.0.0'
old_subnet_mask='255.255.255.0'
old_broadcast_address='192.168.0.255'
old_routers='192.168.0.1'
old_domain_name='bokomoko.de'
old_domain_name_servers='192.168.0.1'
old_ntp_servers='192.168.0.1'
old_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844'
--------------------------
Tue Jan 14 22:40:15 CET 2020: entering /etc/dhcp/dhclient-exit-hooks.d,
dumping variables.
reason='BOUND'
interface='eth0.1'
new_ip_address='192.168.0.30'
new_network_number='192.168.0.0'
new_subnet_mask='255.255.255.0'
new_broadcast_address='192.168.0.255'
new_routers='192.168.0.1'
new_domain_name='bokomoko.de'
new_domain_name_servers='192.168.0.1'
new_ntp_servers='192.168.0.1'
new_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844'
old_ip_address='192.168.0.30'
old_network_number='192.168.0.0'
old_subnet_mask='255.255.255.0'
old_broadcast_address='192.168.0.255'
old_routers='192.168.0.1'
old_domain_name='bokomoko.de'
old_domain_name_servers='192.168.0.1'
old_ntp_servers='192.168.0.1'
old_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844'
--------------------------
Tue Jan 14 22:40:17 CET 2020: entering /etc/dhcp/dhclient-enter-hooks.d,
dumping variables.
reason='PREINIT6'
interface='eth0.1'
--------------------------
Tue Jan 14 22:40:17 CET 2020: entering /etc/dhcp/dhclient-exit-hooks.d,
dumping variables.
reason='PREINIT6'
interface='eth0.1'
--------------------------
Tue Jan 14 22:40:18 CET 2020: entering /etc/dhcp/dhclient-enter-hooks.d,
dumping variables.
reason='REBIND6'
interface='eth0.1'
new_domain_name='bokomoko.de'
new_ip6_prefix='2a02:8070:898f:e4fc::/62'
new_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844
fd00::e228:6dff:fe43:5776'
old_domain_name='bokomoko.de'
old_ip6_prefix='2a02:8070:898f:e4fc::/62'
old_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844
fd00::e228:6dff:fe43:5776'
--------------------------
Tue Jan 14 22:40:18 CET 2020: entering /etc/dhcp/dhclient-exit-hooks.d,
dumping variables.
reason='REBIND6'
interface='eth0.1'
new_domain_name='bokomoko.de'
new_ip6_prefix='2a02:8070:898f:e4fc::/62'
new_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844
fd00::e228:6dff:fe43:5776'
old_domain_name='bokomoko.de'
old_ip6_prefix='2a02:8070:898f:e4fc::/62'
old_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844
fd00::e228:6dff:fe43:5776'
--------------------------

But neither new_dhcp6_name_servers nor old_dhcp6_name_servers (which are
identical) matches the content of resolv.conf:

***@home:~# cat /etc/resolv.conf
domain bokomoko.de
search bokomoko.de
nameserver fd38:81d3:9dac::1
nameserver fda0:18e7:afcf::1
nameserver 8.8.8.8
***@home:~#


Does anybody know which tool sets these variables?

Thanks
Rainer
--
Rainer Dorsch
http://bokomoko.de/
Pascal Hambourg
2020-01-15 01:00:01 UTC
Permalink
Post by Richard Hector
prepend dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
avoids the error message, but has no visible effect I can see. The IPv6 DNS
servers still do not show in resolv.conf.
You may receive IPv6 DNS information from IPv6 Router Advertisements
(RA) with rdnssd, not DHCPv6.
Rainer Dorsch
2020-01-16 23:20:01 UTC
Permalink
Post by Pascal Hambourg
Post by Richard Hector
prepend dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
avoids the error message, but has no visible effect I can see. The IPv6 DNS
servers still do not show in resolv.conf.
You may receive IPv6 DNS information from IPv6 Router Advertisements
(RA) with rdnssd, not DHCPv6.
Many thanks, Pascal, that explains the obervations :-)

I have in /etc/network/interfaces

iface eth0.1 inet6 auto
dhcp 1
request_prefix 1

I could not find a way to overwrite the DNS server for rdnssd, does anybody
know if that is possible?


According to the interfaces man page, dhclient should be responsible with the
dhcp method

iface eth0.1 inet6 dhcp
request_prefix 1

ifup shows the nameservers in the log

Thu Jan 16 23:15:13 CET 2020: entering /etc/dhcp/dhclient-enter-hooks.d,
dumping variables.
reason='PREINIT'
interface='eth0.1'
--------------------------
Thu Jan 16 23:15:13 CET 2020: entering /etc/dhcp/dhclient-exit-hooks.d,
dumping variables.
reason='PREINIT'
interface='eth0.1'
--------------------------
Thu Jan 16 23:15:14 CET 2020: entering /etc/dhcp/dhclient-enter-hooks.d,
dumping variables.
reason='REBOOT'
interface='eth0.1'
new_ip_address='192.168.0.30'
new_network_number='192.168.0.0'
new_subnet_mask='255.255.255.0'
new_broadcast_address='192.168.0.255'
new_routers='192.168.0.1'
new_domain_name='bokomoko.de'
new_domain_name_servers='192.168.0.1'
new_ntp_servers='192.168.0.1'
new_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844'
--------------------------
Thu Jan 16 23:15:14 CET 2020: entering /etc/dhcp/dhclient-exit-hooks.d,
dumping variables.
reason='REBOOT'
interface='eth0.1'
new_ip_address='192.168.0.30'
new_network_number='192.168.0.0'
new_subnet_mask='255.255.255.0'
new_broadcast_address='192.168.0.255'
new_routers='192.168.0.1'
new_domain_name='bokomoko.de'
new_domain_name_servers='192.168.0.1'
new_ntp_servers='192.168.0.1'
new_dhcp6_name_servers='2001:4860:4860::8888 2001:4860:4860::8844'
--------------------------
Thu Jan 16 23:15:14 CET 2020: entering /etc/dhcp/dhclient-enter-hooks.d,
dumping variables.
reason='PREINIT6'
interface='eth0.1'
--------------------------
Thu Jan 16 23:15:14 CET 2020: entering /etc/dhcp/dhclient-exit-hooks.d,
dumping variables.
reason='PREINIT6'
interface='eth0.1'
--------------------------


but then I do not see an impact on resolv.conf:

nameserver fd38:81d3:9dac::1
nameserver fd22:c2e0:8eb2::1

ifup produces this output

XMT: Forming Solicit, 31050 ms elapsed.
XMT: X-- IA_NA b4:00:32:5c
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: X-- IA_PD b4:00:32:5c
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: | X-- Request prefix 2a02:8070:898f:e4fc::/62.
XMT: | | X-- Request preferred in +7200
XMT: | | X-- Request valid in +10800
XMT: Solicit on eth0.1, interval 33560ms.
RCV: Advertise message on eth0.1 from fe80::e228:6dff:fe43:5776.
RCV: X-- Server ID: 00:03:00:01:e0:28:6d:43:57:76
PRC: Lease failed to satisfy.

Any hint is still welcome :-)

Thanks
Rainer
--
Rainer Dorsch
http://bokomoko.de/
Curt
2020-01-17 10:40:01 UTC
Permalink
Post by Rainer Dorsch
Post by Pascal Hambourg
Post by Richard Hector
prepend dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
avoids the error message, but has no visible effect I can see. The IPv6 DNS
servers still do not show in resolv.conf.
You may receive IPv6 DNS information from IPv6 Router Advertisements
(RA) with rdnssd, not DHCPv6.
Many thanks, Pascal, that explains the obervations :-)
I have in /etc/network/interfaces
iface eth0.1 inet6 auto
dhcp 1
request_prefix 1
I could not find a way to overwrite the DNS server for rdnssd, does anybody
know if that is possible?
All above and way beyond me, but from a cursory online examination of
this affair it appears that beyond disabling rdnssd entirely, it's
necessary to modify or patch the /etc/rdnssd/merge-hook script to
prevent rdnssd from overwriting /etc/resolv.conf.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767071

/etc/resolv.conf is handled by a configurable /etc/rdnssd/merge-hook
script that users can modify to suit their needs. The stock version
upstream has been modified to do what you want for ages:

http://git.remlab.net/gitweb/?p=ndisc6.git;a=blob_plain;f=rdnssd/merge-hook.in;hb=f7bd3662d2292e248173721d4760c03df39df666

Good luck.
--
"J'ai pour me guérir du jugement des autres toute la distance qui me sépare de
moi." Antonin Artaud
Rainer Dorsch
2020-01-18 10:40:02 UTC
Permalink
Post by Curt
Post by Rainer Dorsch
Post by Pascal Hambourg
Post by Richard Hector
prepend dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
avoids the error message, but has no visible effect I can see. The IPv6 DNS
servers still do not show in resolv.conf.
You may receive IPv6 DNS information from IPv6 Router Advertisements
(RA) with rdnssd, not DHCPv6.
Many thanks, Pascal, that explains the obervations :-)
I have in /etc/network/interfaces
iface eth0.1 inet6 auto
dhcp 1
request_prefix 1
I could not find a way to overwrite the DNS server for rdnssd, does anybody
know if that is possible?
All above and way beyond me, but from a cursory online examination of
this affair it appears that beyond disabling rdnssd entirely, it's
necessary to modify or patch the /etc/rdnssd/merge-hook script to
prevent rdnssd from overwriting /etc/resolv.conf.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767071
/etc/resolv.conf is handled by a configurable /etc/rdnssd/merge-hook
script that users can modify to suit their needs. The stock version
http://git.remlab.net/gitweb/?p=ndisc6.git;a=blob_plain;f=rdnssd/merge-hook
.in;hb=f7bd3662d2292e248173721d4760c03df39df666
Many thanks for your response, Curt, that helped at least to hack an overwrite
to the ipv6 DNS server.

I do not understand what the upsteam does which Debian does not (also the bug
you are refering to is resolved!). Nevertheless, the merge-hook script is a
good place to look at.

As a quick fix I commented the line

#mv -f $resolvconf.tmp $resolvconf

This at least keeps rdnssd from overwriting the resolv.conf constantly.

I think a better solution would be to check if a e.g. DNS6 variable is defined
(e.g. in /etc/default/rdnssd) and if yes, ignore the content of

***@home:~# cat /var/run/rdnssd/resolv.conf
nameserver fe80::d263:b4ff:fe00:325c%eth0.7
nameserver fd38:81d3:9dac::1
nameserver fd22:c2e0:8eb2::1
***@home:~#

and use the content of the DNS6 variable instead.

Berni,

does that make sense or is there already another mechanism in place for
overwriting the (ipv6) DNS Server?

I think I could provide you a patch for the script, if that makes sense for
you to integrate in the Debian package.

Thanks
Rainer
--
Rainer Dorsch
http://bokomoko.de/
t***@tuxteam.de
2020-01-15 06:40:02 UTC
Permalink
Post by Greg Wooledge
Post by Bob Weber
Just edit the file /etc/resolv.conf and make it immutable (chattr +i 
[...]
Post by Greg Wooledge
That is one of the options given on the wiki page.
https://wiki.debian.org/resolv.conf
Be sure you work around bug #860928 if you use this approach.
This is a very instructive bug, thanks for linking it :-)

That's why I usually recommend doing the chattr +i for debugging
purposes only. The software "on the other side" won't expect it,
and it'll reveal strange bugs procedure) is... risky.

Cheers
-- tomás.
Curt
2020-01-14 15:10:01 UTC
Permalink
Post by Rainer Dorsch
https://developers.google.com/speed/public-dns/docs/using
and add to /etc/dhcp/dhclient.conf
prepend domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
dhclient becomes unhappy (during an ifup eth0.1)
/etc/dhcp/dhclient.conf line 26: semicolon expected.
^
/etc/dhcp/dhclient.conf line 26: expecting a statement.
prepend domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
^
/etc/dhcp/dhclient.conf line 26: semicolon expected.
Have you tried

prepend dhcp6.name-servers ...

as described in the dhcp-options manpage?
--
"J'ai pour me guérir du jugement des autres toute la distance qui me sépare de
moi." Antonin Artaud
Loading...