dns=dnsmasq does not work any more

thank you for your bug report, could you give some details on your configuration? do you have systemd-resolved installed? could be the same as bug #1647066

Can you please attach your /etc/NetworkManager/NetworkManager.conf ? NM is not supposed to create /etc/resolv.conf any more, so I suppose something else is going on. Can you please reproduce the failed state and then do

  cat /etc/resolv.conf

and copy&paste the output, and run

  journalctl -u NetworkManager.service -u systemd-resolved.service -b > /tmp/nm.log

and attach /tmp/nm.log?

Sebastien,
could you please give me instructions on how to install systemd-resolved?
I do have a fully working Gnome-shell DE with systemd as pid1 and no upstart packages installed.
The network is working fine if I use network-manager (1.4.2-2ubuntu3), but not anymore if I upgrade to the version 1.4.2-2ubuntu4.
So something did happen there.

Martin, here is the contents of /etc/NetworkManager/NetworkManager.conf (with the version 1.4.2-2ubuntu3) installed:

[main]
plugins=ifupdown,keyfile
dns=dnsmasq

[ifupdown]
managed=false

And here is the output of
  cat /etc/resolv.conf

# Generated by NetworkManager
search dhcp.inet.fi
nameserver 127.0.1.1

I do next the same with the version 1.4.2-2ubuntu4 (failed state).

Martin,
here is the failed state output of
   cat /etc/resolv.conf

# Generated by NetworkManager
search dhcp.inet.fi
nameserver 127.0.1.1

So, nothing changed. And NM still generates the file /etc/resolv.conf.

I also run
  journalctl -u NetworkManager.service -u systemd-resolved.service -b > /tmp/nm.log

The file nm.log is attached.

> dns=dnsmasq

Ah -- please remove that from /etc/NetworkManager/NetworkManager.conf, this is not currently working (this is known, this needs to be fixed in a better way).

Martin,

I removed the line "dns=dnsmasq"
from the conf file.
Then upgraded to NM 1.4.2-2ubuntu4
Rebooted and checked that dns=dnsmasq was absent from the conf file. It was.
However, the result was still the same = no network.

Downgraded back to NM 1.4.2-2ubuntu3, got the network back and fine.
Noticed, that NM had created the line "dns=dnsmasq" back.

OK, thanks. I'm afraid I need the NM log and /etc/resolv.conf with NM 1.4.2-2ubuntu4 without "dns=dnsmasq".

Martin,

OK, here goes:

cat /etc/resolv.conf

# Generated by NetworkManager
search dhcp.inet.fi
nameserver 127.0.1.1

cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

journalctl -u NetworkManager.service -u systemd-resolved.service -b > /tmp/nm.log

The tmp file (nm2.log) is attached.
There is one error in the log:
"Error: failed to open /run/network/ifstate"

> # Generated by NetworkManager
> nameserver 127.0.1.1

OK, that's definitively unexpected. It looks like NM is still using a different plugin for managing /etc/resolv.conf and that thinks it's using the dnsmasq plugin (127.0.1.1) while not actually starting dnsmasq. That part is understood and what I retitled the bug to.

What is not clear is why your NM uses that configuration despite not setting it in NetworkManager.conf.

joulu 06 19:05:04 Sabertooth NetworkManager[576]: <info> [1481043904.5853] dns-mgr[0x55f3c8285000]: init: dns=systemd-resolved, rc-manager=symlink, plugin=systemd-resolved

That actually looks expected. Maybe your /etc/resolv.conf is not a symlink to ../run/resolvconf/resolv.conf but a plain file? If so, please do

  sudo systemctl stop NetworkManager
  sudo rm /etc/resolv.conf
  sudo ln -s ../run/resolvconf/resolv.conf /etc/resolv.conf
  sudo systemctl start NetworkManager

This hopefully should fix things.

Martin,

The /etc/resolv.conf in my set up is really a link.
The target is (where folder "var/run" is a link to the folder "run"):
/var/run/NetworkManager/resolv.conf

However, I upgraded NM to the version 1.4.2-2ubuuntu4 and run the following 4 commands:
  sudo systemctl stop NetworkManager
  sudo rm /etc/resolv.conf
  sudo ln -s ../run/resolvconf/resolv.conf /etc/resolv.conf
  sudo systemctl start NetworkManager

That did not bring the network back, though. I had to downgrade again to NM 1.4.2-2ubuntu3.

But I noticed that I do not have a folder /run/resolvconf/ in my setup, at all.

I do have a fully updated setup, with systemd (232-7).

What does "systemctl status resolvconf" say? is it not running for you?

That is simply:

"Unit resolvconf.service could not be found"

I believe there is some package(s) that I do not have installed, but I should have?

NM 1.4.2-2ubuntu4 needs something to be installed, that NM 1.4.2-2ubuntu3 did not need.

Martin,

I installed the package resolvconf.
Now the command gives this:
"systemctl status resolvconf"

● resolvconf.service - Nameserver information manager
   Loaded: loaded (/lib/systemd/system/resolvconf.service; enabled; vendor preset: enabled)
   Active: active (exited) since Wed 2016-12-07 19:23:29 EET; 6min ago
     Docs: man:resolvconf(8)
 Main PID: 322 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/resolvconf.service

However, there is still something wrong with my network.
Certain web pages (mainly in Finland) do not work at all.

Now the link /etc/resolv.conf points to ../run/resolvconf/resolv.conf

And a little more info:

"/etc/NetworkManager/NetworkManager.conf"

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

"/etc/resolv.conf"

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.53

One possible issue is the contents of the /etc/resolv.conf (or actually /run/resolvconf/resolv.conf).

With NM 1.4.2-2ubuntu4 the /etc/resolv.conf is:

nameserver 127.0.0.53

But with NM 1.4.2-2ubuntu3 it is:

search dhcp.inet.fi
nameserver 127.0.1.1

So where did the line "search dhcp.inet.fi" go?
I think this needs to be there in order to a fully working network.

Ah, so you didn't have resolvconf installed (and therefore also not ubuntu-minimal), that's a good data point, thank you! This should be part of this bug -- NM should get along with this better.

Do you see the search domain in "systemd-resolve --status"?

On Wed, Dec 07, 2016 at 09:34:43PM -0000, Martin Pitt wrote:
> Ah, so you didn't have resolvconf installed (and therefore also not
> ubuntu-minimal), that's a good data point, thank you! This should be
> part of this bug -- NM should get along with this better.

Removing ubuntu-minimal is always unsupported.

First of all,
If NM 1.4.2-2ubuntu4 needs the package resolvconf in order to function properly, it should depend on it.

Secondly,
NM 1.4.2-2ubuntu3 works perfectly, like all earlier versions, without the package resolvconf.

Thirdly,
after installing resolvconf with NM 1.4.2-2ubuntu4, NM still does not work properly. It is not OK.

And here are some test results.

With NM 1.4.2-2ubuntu3: "systemd-resolve --status"
Global
         DNS Servers: 127.0.1.1
          DNS Domain: dhcp.inet.fi
          DNSSEC NTA: 10.in-addr.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test
Link 2 (eth0)
      Current Scopes: LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes

With NM 1.4.2-2ubuntu4: "systemd-resolve --status"
Global
          DNSSEC NTA: 10.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test
Link 2 (eth0)
      Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: allow-downgrade
    DNSSEC supported: yes
         DNS Servers: 193.210.18.18
                      193.210.19.19
          DNS Domain: dhcp.inet.fi

I can also confirm, though there is no need to, that the newest version of NM 1.4.2-3ubuntu1 does not work better either.
So this bug still remains unsolved.

This bug is now solved with the latest network-manager v. 1.4.2-3ubuntu2 in Zesty.
Here:
https://launchpad.net/ubuntu/+source/network-manager/1.4.2-3ubuntu2

This is not working in ubuntu gnome:
network-manager 1.4.4-1ubuntu3
network-manager-gnome 1.4.2-1ubuntu4

in /var/log/syslog
I get lots of Error Messages after nm-dispatcher: req:3 'up' [wlp4s0]: start running ordered scripts...
systemd-resolved[1104]: Switching to DNS server 192.168.55.5 for interface wlp4s0
systemd-resolved[1104]: DNSSEC validation failed for question . IN SOA: no-signature
systemd-resolved[1104]: DNSSEC validation failed for question com IN DS: no-signature
systemd-resolved[1104]: DNSSEC validation failed for question com IN SOA: no-signature
systemd-resolved[1104]: DNSSEC validation failed for question com IN DNSKEY: no-signature
systemd-resolved[1104]: DNSSEC validation failed for question ubuntu.com IN DS: no-signature
systemd-resolved[1104]: DNSSEC validation failed for question ubuntu.com IN SOA: no-signature
systemd-resolved[1104]: DNSSEC validation failed for question daisy.ubuntu.com IN DS: no-signature
systemd-resolved[1104]: DNSSEC validation failed for question daisy.ubuntu.com IN SOA: no-signature
systemd-resolved[1104]: DNSSEC validation failed for question ......

this basically fills up my syslog whenever I use anything with networking
it clearly is a problem with the DNS as I can reach my hosts, when I just use the IP Adresses such as http://46.4.95.2

however, when I check:
systemd-resolve --status
I get this:
Global172,in-addr.
              DNS DOmain: dhcp.inet.fi
              DNSSEC NTA: 10.in-add.arpa
                          16.172.in-addr.arpa
                          168.192.in-add.arpa
.
.
.
.

Link 3 (WLP4s0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
LLMNR setting: yes
MulticastDNS setting: no
DNSSEC setting: allow-downgrade
DNSSEC supported: yes
DNS Servers: 192.168.55.5
DNS Domain: Speedport_W_724......[some Number from my Router/Modemmodel]