Netplan has no way to control DHCP client

Package in Ubuntu was renamed from nplan to netplan.io; but regardless this bug is relevant to the netplan project in general; just moving bugs around here.

Netplan is only appending DNS Search domains and IP's with dhcp4: set to yes. additionally, its ignoring the command "nmcli con modify ${deviceid} ipv4.ignore-auto-dns yes"

Ubuntu 18.04
effecting netplan/bionic 1.10.1-5build1 amd64

/etc/netplan/01-netcfg.yaml
...
   dhcp4: yes
   nameservers:
        search: [abc.domain.edu, def.domain.edu]
        addresses: [10.100.0.1, 10.100.0.2]

~# systemd-resolve --status
...
  DNS Servers: 10.100.10.30 <---- from dhcp
               10.100.10.20 <---- from dhcp
               10.100.0.1
               10.100.0.2

  DNS Domain: uncc.edu
                      it.domain.edu <---- from dhcp
                      abc.domain.edu
                      def.domain.edu

This bug appears to be related to https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1703882

I don't think the two bugs are related.

For this specific, bug, the problem is as follows in the code for src/netword.c

`
if (def->dhcp4 || def->dhcp6) {
        /* isc-dhcp dhclient compatible UseMTU, networkd default is to
         * not accept MTU, which breaks clouds */
        g_string_append_printf(s, "\n[DHCP]\nUseMTU=true\n");
        /* NetworkManager compatible route metrics */
        g_string_append_printf(s, "RouteMetric=%i\n", (def->type == ND_WIFI ? 600 : 100));
        if (g_strcmp0(def->dhcp_identifier, "duid") != 0)
            g_string_append_printf(s, "ClientIdentifier=%s\n", def->dhcp_identifier);
    }
`

It's literally hardcoded to write 2 or 3 dhcp options: UseMTU, RouteMetric and ClientIdentifier.

This bug appears to be pointing out that at least provide the option to add UseDNS=false, and more generally, allow the ability to configure all the DHCP options supported by systemd-networkd

This is affecting my organization and affects our ability to evaluate migrating from Ubuntu 14.04 to 18.04. Superseding AWS's advertised nameservers is a requirement for our applications.

My extremely hacky workaround is to edit /usr/sbin/netplan to append "UseDNS=false" to the end of /run/systemd/network/10-netplan-*.network, then execute systemctl restart systemd-networkd

Is there any timeframe for fixing this issue? There is no way to migrate to Ubuntu 18.04 when netplan can't be configured to use a static list of DNS servers with DHCP enabled. This is a very common configuration in large complex network environments. I fail to see how this bug made it past basic quality controls.
NetworkManager settings:
nmcli connection modify ${ID} ipv4.ignore-auto-dns yes
nmcli connection modify ${ID} ipv4.dns 'xx.xx.xx.10 xx.xx.xx.20'
nmcli connection modify ${ID} ipv4.dns-search 'abc01.domain.com. abc02.domain.com.'

The fix is trivial, any objections to putting it upstream?

The patch in #7 would fix some use cases while breaking others. For example, the current behavior is ALSO a legitimate way to configure a network, and would be broken by that patch.

The issue here is that using DHCP shouldn't be an all or nothing switch. I would propose the following behavior.

1. If "dhcp4: yes" or "dhcp4: no" is specified, use the current behavior.

2. Also accept dhcp4 as a dictionary. For example:

  dhcp4:
    use_dns: no
    use_ntp: yes
    use_routes: no
    listen_port: 1234

In this scenario the [DHCP] section of the systemd.network config will be populated with the specified values.

Of course all of the above should apply to dhcp6 as well.

In what legitimate use case one would want to add DHCP provided DNS server AFTER the list of manually configured ones? That’s just doesn’t make sense. Having anything configurable might seem useful, but it adds unneeded complexity in this case IMHO.

I also cannot think of a good use case for such a configuration, but that could just mean that I am not sufficiently creative or experienced. I also prefer configuration that is straightforward and doesn't have magic dependencies between settings (or at least as few as possible.

Also, UseDNS is only one of the many settings to consider, and it seems they should be handled in a uniform way.

I've attached a patch that adds a "dhcp-options" mapping that supports "use-dns" and "use-ntp". If this seems like an acceptable way to go I'm happy to extend it to include all of the networkd settings.

Hello,
The feature - to disable DHCP DNS, very useful for Google Cloud, as Google Cloud doesn't have any option to change DHCP DNS servers to a custom one, yet

If I understand patch #10 correctly, that looks acceptable. Any patch for netplan should be consistent with the purpose of netplan, that being, it correctly instructs the underlying configured network management engine. Netplan should NOT be creating new behaviors apart from what the underlying manager would and can do.

I have a merge proposal based on the patch in #10.
https://code.launchpad.net/~awj/netplan/+git/netplan/+merge/354158

I am just assuming that is the correct way to submit such a proposal. There also seems to be a github project for this repository.

[x-post from the merge request]

Hi Alan,

This looks like a very promising start! Netplan development is mostly done on GitHub - would you be able to propose this as a pull request there please? It looks like you will need to do some minor rebasing, but it should be pretty straight-forward.

Regards,
Daniel

Can we add support in the patch for setting 'UseDomains=false' or 'UseDomains=route'? This would allow ignoring the search domain provided by the dhcp server, which is useful when running in clouds that don't allow overriding this field. This use to be possible by setting the 'supersede domain-search' option in /etc/dhcp/dhclient.conf

Any chance you can also add the ability to send the other DHCP options, like option 77 user class (user-class dhclient, UserClass= in networkd)

The attachment "replace_dhcp_dns.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

Status changed to 'Confirmed' because the bug affects multiple users.

^^^ I accidentally did that, won't let me set it back to Fix Committed. Sorry!

This bug was fixed in the package netplan.io - 0.90

---------------
netplan.io (0.90) disco; urgency=medium

  * New upstream release:
    - build: fixes for building on RPM-based distros
    - build: code prettiness changes (make indentation consistent)
    - Fix device name-changes detection (LP: #1770082)
    - Add support for IPv6 Privacy Extensions (LP: #1750392)
    - Add dhcp{4,6}-overrides to control DNS, NTP, hostname updates via DHCP
      (LP: #1759014)
    - Clarify MAC and MTU setting requirements (LP: #1800668)
    - Various documentation fixes (LP: #1800669)
    - Improve error reporting to give clearer messages and context
      (LP: #1800670)
    - Skip non-physical/bond interfaces when applying renames (LP: #1802322)

 -- Mathieu Trudel-Lapierre <email address hidden> Wed, 21 Nov 2018 14:06:13 -0500

Are there any plans to bring this fix to what I consider to be a regression (lack of feature parity with what was possibly previously in dhclient) into the current LTS release (Bionic 18.04)?

This bug shows as confirmed for Bionic, and being the current LTS, is what my company is allowing us to run (LTS releases only). Also, given that this appears to only add additional configuration options to support the ability to override DHCP, one would have to add this to their configuration in order to take advantage of them; without the configuration options, netplan should continue to function as normal unless one manually decides to add dhcp override directives to their configuration.

In relation to the above comment, Canonical recently announced that Long Term Support for 18.04 is now extended to a 10 year period. It would be beneficial to have this fix backported to the long term Ubuntu release.

Please backport fix to 18.04

Just wanted to add another vote for backporting this fix to 18.04, would be really great and as other commenters have pointed out - it should not change behaviour for exiting configurations.

Thanks,
Anders

We also just ran into problems due to not being able to specify DHCP options in netplan. Please backport the fix to standard 18.04.

Thanks, Lars

This is a very important feature to have backported to 18.04 as being able to override default gateways for multi-homed hosts (configured to use dhcp for multiple interfaces) and being able to avoid using DNS servers provided by a DHCP server(s) are quite common requirements.

If the maintainers are willing to accept it, I have backported this to 18.04 here:

https://github.com/CanonicalLtd/netplan/pull/73

(Note: I am the author of the original fix for this bug.)

Another vote here, fighting this sadness with some VERY sad wrapper scripts. Netplan should never have been in any LTS if it can not support some of these basic options, honestly.

For those who needs the bionic package with just this feature backported, I've made one. Install it with `curl -s https://packagecloud.io/install/repositories/l21/netplan/script.deb.sh | sudo bash`.

Thank You Alexey for your feature backport. I tested with your script, and the updated version correctly handled the new options when using networkd as the renderer on "Ubuntu 18.04.2 LTS (GNU/Linux 4.18.0-16-generic x86_64)". (NetworkManager not currently supported)

dhcp4-overrides:
        use-dns: false

Hello Alan, or anyone else affected,

Accepted netplan.io into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Alan, or anyone else affected,

Accepted netplan.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hi Timo, this is good news. Just out of curiosity, how did you overcome systemd v239 dependency, which is needed by recent netplan versions, apparently to fix another bug?

There is no dependency on v239 for netplan backports. Bionic ships with v237 (and some patches); the dependency on systemd is for >= 235-3ubuntu3 in netplan.io. I do not believe a newer version than that is required.

Alexey, I really appreciate the work done to make such a backport available, but it's typically not a good thing to recommend or enable, since the reinforces a behavior (installing random stuff from the Internet, running commands that download scripts and run them as root) that is very unsafe.

It is better to enable and use the package straight from the Ubuntu archive from a more recent release (or even build it yourself); or wait for Ubuntu developers to make the backports available. For netplan, we do run a large number of tests when making backports to help ensure there are no regressions.

Mathieu, quick search reveals that this bug https://bugs.launchpad.net/netplan/+bug/1802004 might be related to systemd v237, and that v239 supposedly fixes it. I stumbled upon it after I tried to re-build the latest netplan on bionic, that's why I've just rebuilt current bionic version with PR#48 applied.

I agree that it's better to install all packages from official repos, I've just built it for myself and shared in case anyone needs it too.

Verification of https://bugs.launchpad.net/netplan/+bug/1776228 confirmed that systemd v237 has issues triggered by customizing DHCP config, which systemd v239 corrected.

Are there any plans to apply these systemd fixes in the Ubuntu LTS release?

This means we'll need to identify what patches need to be applied on top of v237 to make this work.

Is this crippling? Are we able to verify that dhcp customization work despite anything missing in systemd? I think it's the case; but I'd like a second opinion. To be clear: I think we can verify this SRU despite any additional issues existing in systemd that also might need to be fixed.

Status changed to 'Confirmed' because the bug affects multiple users.

Hi Mathieu, I don't think Cosmic or Disco systemd are affected. They are both >= v239, and Cosmic behaved fine when verifying https://bugs.launchpad.net/netplan/+bug/1776228.

It would just be a shame having the LTS release remain broken with DHCP configurations, that used to work before.

Hello Alan, or anyone else affected,

Accepted netplan.io into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Alan, or anyone else affected,

Accepted netplan.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Short installation instructions for the netplan.io 0.96 package on Ubuntu 18.04:

sudo echo "deb http://archive.ubuntu.com/ubuntu/ bionic-proposed restricted main multiverse universe" > /etc/apt/sources.list.d/proposed-updates.list
sudo apt update
sudo apt-get install -y netplan.io/bionic-proposed
sudo rm /etc/apt/sources.list.d/proposed-updates.list
sudo apt update

Verified using netplan.io 0.96-0ubuntu0.18.10.2 and systemd 239-7ubuntu10.10 with

network:
    version: 2
    ethernets:
        ens3:
            dhcp4: true
            dhcp4-overrides:
                use-dns: false
            nameservers:
                search: [lab, kitchen]
                addresses: [8.8.8.8]
            match:
                macaddress: fa:16:3e:34:e2:ff
            set-name: ens3
        ens4:
            dhcp4: true
            dhcp4-overrides:
                use-routes: false
                use-dns: false
                route-metric: 3333
            match:
                macaddress: fa:16:3e:cd:a4:90
            set-name: ens4

Resulting DNS and routes configured as expected.

Verified using netplan.io 0.96-0ubuntu0.18.04.2 and systemd 237-3ubuntu10.15 with

network:
    version: 2
    ethernets:
        ens3:
            dhcp4: true
            dhcp4-overrides:
                use-dns: false
            nameservers:
                search: [lab, kitchen]
                addresses: [8.8.8.8]
            match:
                macaddress: fa:16:3e:28:d1:28
            set-name: ens3
        ens4:
            dhcp4: true
            dhcp4-overrides:
                use-routes: false
                use-dns: false
                route-metric: 3333
            match:
                macaddress: fa:16:3e:d7:41:1b
            set-name: ens4

Resulting DNS and routes configured as expected, but interface ens4 remains in state 'configuring' due to known issue of systemd v237.

Applied

https://github.com/systemd/systemd/commit/223932c786ada7f758a7b7878a6ad2dae0d1e5fb

to systemd 237-3ubuntu10.15 on Bionic. It does indeed fix the issue in https://bugs.launchpad.net/netplan/+bug/1759014/comments/48 and https://bugs.launchpad.net/netplan/+bug/1776228/comments/14.

Should I log a separate request to get this included in Bionic systemd? Or will this be picked up from here?

Submitted https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1823730.

Hello Alan, or anyone else affected,

Accepted netplan.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

netplan.io 0.96-0ubuntu0.18.04.3 with systemd 237-3ubuntu10.19:

network:
    version: 2
    ethernets:
        ens3:
            dhcp4: true
            dhcp4-overrides:
                use-dns: false
            nameservers:
                search: [lab, kitchen]
                addresses: [8.8.8.8]
            match:
                macaddress: fa:16:3e:28:d1:28
            set-name: ens3
        ens4:
            dhcp4: true
            dhcp4-overrides:
                use-routes: false
                use-dns: false
                route-metric: 3333
            match:
                macaddress: fa:16:3e:d7:41:1b
            set-name: ens4

Works fine, except the known issue with systemd addressed with https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1823730.

This bug was fixed in the package netplan.io - 0.96-0ubuntu0.18.10.2

---------------
netplan.io (0.96-0ubuntu0.18.10.2) cosmic; urgency=medium

  * d/p/0001-Partially-revert-the-change-for-enabling-systemd-net.patch:
    Partially revert changes to networkd jobs ordering: leave systemd-networkd
    enabled in multi-user.target instead of network-online.target, as in some
    minimal setups there might be no job requiring network-online.target,
    whereas the natural target to reach for booting is multi-user.target.
    (LP: #1821867)

netplan.io (0.96-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Backport netplan.io 0.96 to 18.10.
  * debian/patches/glib_changes.patch: Patch tests to work again on older GLib.
  * debian/control: adjust Depends for cosmic / re-add nplan package.

netplan.io (0.96-0ubuntu1) disco; urgency=medium

  * New upstream release 0.96.
    - Moved netplan-wpa@ services to earlier at boot (LP: #1819014)
    - Restart services when unconfiguring (LP: #1811868)
    - Use the .nmconnection extension for NM keyfiles (LP: #1817655)
    - Fixed integration tests runner to correctly report failures
    - Enforce integrity for use-routes in networkd backend.
    - Ensure terminal state at end of test (LP: #1817660)
    - Various small test fixes.
    - Fix typos in documentation.
  * debian/control: Update Maintainer for ubuntu upload.

netplan.io (0.95-2) unstable; urgency=medium

  * Set Priority to optional (Closes: #920327).

netplan.io (0.95-1) unstable; urgency=medium

  * New upstream release.
  * Update autopkgtests from the upstream.
  * Add debian/watch following GitHub releases.
  * Add Homepage (Closes: #917233).

netplan.io (0.95) disco; urgency=medium

  * New upstream release:
    - Added support for WPA Enterprise / 802.1x authentication (LP: #1739578)
    - Added support for setting up IP tunnels; supporting the types: ipip,
      gretap, VTI, ISATAP (NetworkManager only), sit, gre, ipip6 and ip6ip6.
      + Fixes sit (ipv6) tunnels using Hurricane Electric (LP: #1799487)
    - Add support to override networkd UseMTU setting (LP: #1807273)
    - Generate output files in dependency order
    - Refactored unit and integration tests, along with various cleanups.
    - Add DHCP overrides to control route usage and default metric for DHCP
      routes. (LP: #1776228)
    - Mitigate against bad matching on devices behind bonds then they share
      the same MAC from a physical interface. (LP: #1804861)
    - Added snapcraft.yaml.

netplan.io (0.90.1) disco; urgency=medium

  * Do not assume /etc/network exists in postinst, as netbase 5.5 no longer
    creates it.
  * netplan/cli/commands/ip.py: fix a flake.

netplan.io (0.90) disco; urgency=medium

  * New upstream release:
    - build: fixes for building on RPM-based distros
    - build: code prettiness changes (make indentation consistent)
    - Fix device name-changes detection (LP: #1770082)
    - Add support for IPv6 Privacy Extensions (LP: #1750392)
    - Add dhcp{4,6}-overrides to control DNS, NTP, hostname updates via DHCP
      (LP: #1759014)
    - Clarify MAC and MTU setting requirements (LP: #1800668)
    - Various documentation fixes (LP: #1800669)
    -...

The verification of the Stable Release Update for netplan.io has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

A possible SRU regression has been reported against netplan.io 0.96-0ubuntu0.18.10.2 in LP: #1825206. This version has been rolled back to -proposed while the investigation is ongoing.

The systemd issue on Bionic has been resolved with systemd 237-3ubuntu10.21: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804478

Hello Alan, or anyone else affected,

Accepted netplan.io into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.10.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Alan, or anyone else affected,

Accepted netplan.io into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/netplan.io/0.96-0ubuntu0.18.04.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Is it possible to get this into 18.04.3 release? Not that fond of waiting until January 2020 for the .4 release.

Verified netplan.io 0.96-0ubuntu0.18.04.4 with the configuration from https://bugs.launchpad.net/netplan/+bug/1759014/comments/52. Routes are configured as expected, as is DNS.

Verified netplan.io 0.96-0ubuntu0.18.10.3 using

network:
    version: 2
    ethernets:
        ens3:
            dhcp4: true
            dhcp4-overrides:
                use-dns: false
            nameservers:
                search: [lab, kitchen]
                addresses: [8.8.8.8]
            match:
                macaddress: fa:16:3e:09:85:54
            set-name: ens3
        ens4:
            dhcp4: true
            dhcp4-overrides:
                use-routes: false
                use-dns: false
                route-metric: 3333
            match:
                macaddress: fa:16:3e:56:2f:d6
            set-name: ens4

Routes are configured as expected, so is DNS.

netplan.io 0.96
systemd 240

It seems that dhcp6-overrides don't work for ignoring DHCP provided DNS servers :

# cat /etc/netplan/10-enp3s0-init.yaml
network:
    version: 2
    renderer: networkd
    ethernets:
        enp3s0:
            critical: true
            dhcp4: true
            dhcp4-overrides:
                use-dns: false
            dhcp6: true
            dhcp6-overrides:
                use-dns: false
            ipv6-privacy: true
            nameservers:
                search: [home]
                addresses: [1.0.0.1, 1.1.1.1]

# resolvectl status enp3s0
Link 2 (enp3s0)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: opportunistic
      DNSSEC setting: yes
    DNSSEC supported: yes
  Current DNS Server: 1.0.0.1
         DNS Servers: 1.0.0.1
                      1.1.1.1
                      fd50:a94:67b3:0:26a7:dcff:fe27:a60 <--- Why this DHCP6 server ?
          DNS Domain: home

Is it possible to get this into 18.04.3 release? Not that fond of waiting until January 2020 for the .4 release.

@Tom Matthews: Are you sure that https://bugs.launchpad.net/netplan/+bug/1759014/comments/62 is netplan's fault? On my test box the systemd renderer DHCP settings end up in the same stanza for IPv4 and IPv6, like

[DHCP]
RouteMetric=3333
UseMTU=true
UseRoutes=false
UseDNS=false

netplan even complains in case of differences: "ERROR: ens4: networkd requires that use-dns has the same value in both dhcp4_overrides and dhcp6_overrides".

Looks like it's systemd not honoring that value for IPv6 as expected, doesn't it?

I needed :

[IPv6AcceptRA]
UseDNS=no

But no way for netplan to provide that it seemed, I reverted to purely using systemd.

This bug was fixed in the package netplan.io - 0.96-0ubuntu0.18.04.4

---------------
netplan.io (0.96-0ubuntu0.18.04.4) bionic; urgency=medium

  * debian/patches/git_revert_explicit_renderer_def_ebc212a.patch: revert
    commit ebc212a: make renderer values explicit at the end of each parsing
    pass; it breaks "default" renderer behavior when multiple files may set
    a global renderer and expect the last to take effect globally.
    (LP: #1825206)
  * debian/patches/git_reorg_netdef_validation_181b583.patch: correct the
    fallout from the above change: validate netdefs in a single pass at the
    very end of parsing, once we know which is the applicable renderer. This
    makes sure tunnels get validated correctly.

netplan.io (0.96-0ubuntu0.18.04.3) bionic; urgency=medium

  * debian/patches/disable-networkd-tunnels-ipip-gre.patch: disable IPIP and
    GRE tunnel tests; those appear to be broken because neither the kernel nor
    networkd bring up the device automatically as in other releases.

netplan.io (0.96-0ubuntu0.18.04.2) bionic; urgency=medium

  * d/p/0001-Partially-revert-the-change-for-enabling-systemd-net.patch:
    Partially revert changes to networkd jobs ordering: leave systemd-networkd
    enabled in multi-user.target instead of network-online.target, as in some
    minimal setups there might be no job requiring network-online.target,
    whereas the natural target to reach for booting is multi-user.target.
    (LP: #1821867)

netplan.io (0.96-0ubuntu0.18.04.1) bionic; urgency=medium

  * Backport netplan.io 0.96 to 18.04.
  * debian/patches/glib_changes.patch: Patch tests to work again on older GLib.
  * debian/control: adjust Depends for bionic / re-add nplan package.

netplan.io (0.96-0ubuntu1) disco; urgency=medium

  * New upstream release 0.96.
    - Moved netplan-wpa@ services to earlier at boot (LP: #1819014)
    - Restart services when unconfiguring (LP: #1811868)
    - Use the .nmconnection extension for NM keyfiles (LP: #1817655)
    - Fixed integration tests runner to correctly report failures
    - Enforce integrity for use-routes in networkd backend.
    - Ensure terminal state at end of test (LP: #1817660)
    - Various small test fixes.
    - Fix typos in documentation.
  * debian/control: Update Maintainer for ubuntu upload.

netplan.io (0.95-2) unstable; urgency=medium

  * Set Priority to optional (Closes: #920327).

netplan.io (0.95-1) unstable; urgency=medium

  * New upstream release.
  * Update autopkgtests from the upstream.
  * Add debian/watch following GitHub releases.
  * Add Homepage (Closes: #917233).

netplan.io (0.95) disco; urgency=medium

  * New upstream release:
    - Added support for WPA Enterprise / 802.1x authentication (LP: #1739578)
    - Added support for setting up IP tunnels; supporting the types: ipip,
      gretap, VTI, ISATAP (NetworkManager only), sit, gre, ipip6 and ip6ip6.
      + Fixes sit (ipv6) tunnels using Hurricane Electric (LP: #1799487)
    - Add support to override networkd UseMTU setting (LP: #1807273)
    - Generate output files in dependency order
    - Refactored unit and integration tests, along with various cleanups.
    - Add DHCP overrides to control ...

This bug was fixed in the package netplan.io - 0.96-0ubuntu0.18.10.3

---------------
netplan.io (0.96-0ubuntu0.18.10.3) cosmic; urgency=medium

  * debian/patches/git_revert_explicit_renderer_def_ebc212a.patch: revert
    commit ebc212a: make renderer values explicit at the end of each parsing
    pass; it breaks "default" renderer behavior when multiple files may set
    a global renderer and expect the last to take effect globally.
    (LP: #1825206)
  * debian/patches/git_reorg_netdef_validation_181b583.patch: correct the
    fallout from the above change: validate netdefs in a single pass at the
    very end of parsing, once we know which is the applicable renderer. This
    makes sure tunnels get validated correctly.

netplan.io (0.96-0ubuntu0.18.10.2) cosmic; urgency=medium

  * d/p/0001-Partially-revert-the-change-for-enabling-systemd-net.patch:
    Partially revert changes to networkd jobs ordering: leave systemd-networkd
    enabled in multi-user.target instead of network-online.target, as in some
    minimal setups there might be no job requiring network-online.target,
    whereas the natural target to reach for booting is multi-user.target.
    (LP: #1821867)

netplan.io (0.96-0ubuntu0.18.10.1) cosmic; urgency=medium

  * Backport netplan.io 0.96 to 18.10.
  * debian/patches/glib_changes.patch: Patch tests to work again on older GLib.
  * debian/control: adjust Depends for cosmic / re-add nplan package.

netplan.io (0.96-0ubuntu1) disco; urgency=medium

  * New upstream release 0.96.
    - Moved netplan-wpa@ services to earlier at boot (LP: #1819014)
    - Restart services when unconfiguring (LP: #1811868)
    - Use the .nmconnection extension for NM keyfiles (LP: #1817655)
    - Fixed integration tests runner to correctly report failures
    - Enforce integrity for use-routes in networkd backend.
    - Ensure terminal state at end of test (LP: #1817660)
    - Various small test fixes.
    - Fix typos in documentation.
  * debian/control: Update Maintainer for ubuntu upload.

netplan.io (0.95-2) unstable; urgency=medium

  * Set Priority to optional (Closes: #920327).

netplan.io (0.95-1) unstable; urgency=medium

  * New upstream release.
  * Update autopkgtests from the upstream.
  * Add debian/watch following GitHub releases.
  * Add Homepage (Closes: #917233).

netplan.io (0.95) disco; urgency=medium

  * New upstream release:
    - Added support for WPA Enterprise / 802.1x authentication (LP: #1739578)
    - Added support for setting up IP tunnels; supporting the types: ipip,
      gretap, VTI, ISATAP (NetworkManager only), sit, gre, ipip6 and ip6ip6.
      + Fixes sit (ipv6) tunnels using Hurricane Electric (LP: #1799487)
    - Add support to override networkd UseMTU setting (LP: #1807273)
    - Generate output files in dependency order
    - Refactored unit and integration tests, along with various cleanups.
    - Add DHCP overrides to control route usage and default metric for DHCP
      routes. (LP: #1776228)
    - Mitigate against bad matching on devices behind bonds then they share
      the same MAC from a physical interface. (LP: #1804861)
    - Added snapcraft.yaml.

netplan.io (0.90.1) disco; urgency=medium

  * Do ...

I just want to note here is that it seems not working still for me in ubuntu 18.04 running on aws ec2 ami.

root@adc1:~# dpkg -l|grep netplan
ii netplan.io 0.97-0ubuntu1~18.04.1 amd64 YAML network configuration abstraction for various backends
root@adc1:~#

Followed the guide https://aws.amazon.com/premiumsupport/knowledge-center/ec2-static-dns-ubuntu-debian/ and the version 0.97 should work but it does not work

From reading the comments, I believe the only systemd issue was fixed in bug 1804478, so I marked this as fix released for systemd. If that's incorrect and there is still a systemd problem, please feel free to reopen and comment, or open new bug.

I'm using the version 0.98-0ubuntu1~18.04.1, and the bug is NOT fixed using this:

network:
  version: 2
  renderer: NetworkManager
  ethernets:
    # =========== fibertel ===========
    enp1s0:
      dhcp4: yes
      dhcp4-overrides:
        use-dns: no
      dhcp6: no
      nameservers:
        addresses: [1.1.1.1,8.8.8.8,208.67.222.222,1.0.0.1,8.8.4.4,208.67.220.220]

Hi all, I'm using ubuntu 20.04 on a raspberry pi (64bit version). And the problem is still present. My netplan:

root@rbpi3-002:/etc/netplan# cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0
search sismonda.local cpe.telecentro.net.ar
root@rbpi3-002:/etc/netplan# cat 50-cloud-init.yaml
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    version: 2
    ethernets:
        eth0:
            dhcp4: true
            dhcp6: false
            dhcp4-overrides:
                use-dns: false
            nameservers:
                search: [sismonda.local]
                addresses: [10.0.0.31,10.0.0.10,10.0.0.62]

The output of "systemd-resolve --status"

root@rbpi3-002:/etc/netplan# systemd-resolve --status
Global
       LLMNR setting: no
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
          DNSSEC NTA: 10.in-addr.arpa
                      16.172.in-addr.arpa
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa
                      18.172.in-addr.arpa
                      19.172.in-addr.arpa
                      20.172.in-addr.arpa
                      21.172.in-addr.arpa
                      22.172.in-addr.arpa
                      23.172.in-addr.arpa
                      24.172.in-addr.arpa
                      25.172.in-addr.arpa
                      26.172.in-addr.arpa
                      27.172.in-addr.arpa
                      28.172.in-addr.arpa
                      29.172.in-addr.arpa
                      30.172.in-addr.arpa
                      31.172.in-addr.arpa
                      corp
                      d.f.ip6.arpa
                      home
                      internal
                      intranet
                      lan
                      local
                      private
                      test

Link 3 (wlan0)
      Current Scopes: none
DefaultRoute setting: no
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no

Link 2 (eth0)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
 ...

@francogpellegrini, @fernando-sismonda, I just tested with netplan yaml similar to yours, and i can't reproduce any problem; the dhcp dns server is correctly ignored on my test system. What versions of netplan, and systemd, do you have installed? Also, what's the content of your /run/systemd/network/* and/or /etc/systemd/networkd/* files?

@ddstreet I've been looking into a different issue, which is due to the Netplan renderer.
The renderer defaults to networkd on server/cloud and NetworkManager on Desktop. Some apps expect NetworkManager, and break on systems configured with networkd (e.g. UI network config, apt-daily, etc).

It's possible that the issue above needs to be tested against both renderers as it may behave differently in each case?

The fix for dns override for dhcp4 does not work with network manager.

Netplan Generated config:
[ipv4]
method=auto
dns=8.8.8.8;1.1.1.1

What is actually in /var/run/systemd/resolve/resolv.conf :
nameserver 192.168.1.254
nameserver 8.8.8.8
nameserver 1.1.1.1
search attlocal.net

Required fix for network manager:
The line "ignore-auto-dns=true" has to be added by netplan. I have verified that this generates the expected resolv.conf.

[ipv4]
method=auto
ignore-auto-dns=true
dns=8.8.8.8;1.1.1.1;

use-dns doesn't work with NetworkManager:

network:
  version: 2
  renderer: NetworkManager
  wifis:
    wlan0:
      optional: true
      dhcp4: true
      dhcp4-overrides:
        use-dns: no
        use-routes: false
      nameservers:
        addresses: [192.168.77.1]
      access-points:
        "s-mobile":
          password: "SecretPassword"
  ethernets:
    eth0:
      dhcp4: no
      dhcp6: no
    enx00e04c680695:
      optional: true
      dhcp4: no
      dhcp6: no
  bridges:
    br0:
      dhcp4: true
      dhcp6: false
      dhcp4-overrides:
        use-dns: no
      nameservers:
        addresses: [127.0.0.1]
      interfaces:
        - eth0

cat /etc/resolv.conf

# Generated by NetworkManager
search secret.edu
nameserver 172.16.0.32
nameserver 172.16.0.57
nameserver 127.0.0.1
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 192.168.77.1

I can confirm that on an up-to-date Ubuntu 22.04 use-dns doesn't work with the NetworkManager renderer. It does work with networkd.

network:
  ethernets:
    enp2s0:
      dhcp4: true
      dhcp4-overrides:
        use-dns: false
      nameservers:
        addresses: [9.9.9.9, 149.112.112.112]
        search: []
  renderer: NetworkManager
  version: 2

$ resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: uplink
     DNS Servers: 9.9.9.9

Link 2 (enp2s0)
Current Scopes: DNS
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 9.9.9.9 149.112.112.112 192.168.0.1
    DNS Domain: Home

(With option "use-dns: false" 192.168.0.1 shouldn't be added to the list of DNS servers.)

With "renderer: networkd" it looks alright:

$ resolvectl status
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: uplink
     DNS Servers: 9.9.9.9

Link 2 (enp2s0)
Current Scopes: DNS
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 9.9.9.9 149.112.112.112
    DNS Domain: Home