All of lore.kernel.org
 help / color / mirror / Atom feed
* openresolv dependency
@ 2017-05-21 23:13 Bert Vermeulen
  2017-05-21 23:23 ` Bzzzz
                   ` (2 more replies)
  0 siblings, 3 replies; 11+ messages in thread
From: Bert Vermeulen @ 2017-05-21 23:13 UTC (permalink / raw)
  To: WireGuard mailing list

Hi,

Happy WireGuard user here. I use the PPA package on ubuntu, and I see
it's grown a dependency on openresolv. That's the convoluted horror also
known as resolvconf, and I really can't have it on my system. It likes
to overwrite my resolv.conf, randomly spawn thousands of zombies, and so on.

It's particularly disturbing that this means your tunnel endpoint's
server end now also gets resolvconf installed. You might almost make an
argument that it has uses on say a laptop, but not on anything with
static network configuration.

Can this dependency please be removed?


-- 
Bert Vermeulen
bert@biot.com

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-21 23:13 openresolv dependency Bert Vermeulen
@ 2017-05-21 23:23 ` Bzzzz
  2017-05-22  0:41 ` Jason A. Donenfeld
  2017-05-22 11:02 ` Jason A. Donenfeld
  2 siblings, 0 replies; 11+ messages in thread
From: Bzzzz @ 2017-05-21 23:23 UTC (permalink / raw)
  To: WireGuard mailing list

On Mon, 22 May 2017 01:13:38 +0200
Bert Vermeulen <bert@biot.com> wrote:

>  That's the convoluted horror
> also known as resolvconf, and I really can't have it on my system.

+10

=E2=80=A6
> Can this dependency please be removed?

I solved that (temporarily, I hope) with 1 line into /etc/resolvconf:
resolvconf=3DNO

Jean-Yves

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-21 23:13 openresolv dependency Bert Vermeulen
  2017-05-21 23:23 ` Bzzzz
@ 2017-05-22  0:41 ` Jason A. Donenfeld
  2017-05-22  1:02   ` Bzzzz
  2017-05-22 11:02 ` Jason A. Donenfeld
  2 siblings, 1 reply; 11+ messages in thread
From: Jason A. Donenfeld @ 2017-05-22  0:41 UTC (permalink / raw)
  To: Bert Vermeulen; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 53 bytes --]

https://github.com/EggieCode/wireguard-ppa/issues/19

[-- Attachment #2: Type: text/html, Size: 177 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-22  0:41 ` Jason A. Donenfeld
@ 2017-05-22  1:02   ` Bzzzz
  2017-05-22  1:08     ` Jason A. Donenfeld
  0 siblings, 1 reply; 11+ messages in thread
From: Bzzzz @ 2017-05-22  1:02 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

On Mon, 22 May 2017 02:41:13 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

> https://github.com/EggieCode/wireguard-ppa/issues/19

Following your comment, you could flip the resolvconf dependency from 
a mandatory one to a a recommand or even a suggest, with a few comment
lines into the /usr/share/doc/README.Debian file.

Jean-Yves

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-22  1:02   ` Bzzzz
@ 2017-05-22  1:08     ` Jason A. Donenfeld
  2017-05-22  1:34       ` Bzzzz
  2017-05-30 21:18       ` Jörg Thalheim
  0 siblings, 2 replies; 11+ messages in thread
From: Jason A. Donenfeld @ 2017-05-22  1:08 UTC (permalink / raw)
  To: Bzzzz; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 827 bytes --]

On Mon, May 22, 2017 at 3:02 AM, Bzzzz <lazyvirus@gmx.com> wrote:

> On Mon, 22 May 2017 02:41:13 +0200
> "Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
>
> > https://github.com/EggieCode/wireguard-ppa/issues/19
>
> Following your comment, you could flip the resolvconf dependency from
> a mandatory one to a a recommand or even a suggest, with a few comment
> lines into the /usr/share/doc/README.Debian file.
>

The problem is that I would like to be able to use the -x and -m switches
of resolvconf, which only openresolv has. However, it appears that
openresolv does not work very well out of the box on Ubuntu.

So, I'm not quite sure what I can recommend to Ubuntu users as a reliable
way of setting a per-interface DNS override. Or even what command I could
put in wg-quick to encapsulate that kind of logic.

Any ideas?

[-- Attachment #2: Type: text/html, Size: 1382 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-22  1:08     ` Jason A. Donenfeld
@ 2017-05-22  1:34       ` Bzzzz
  2017-05-22  1:40         ` Jason A. Donenfeld
  2017-05-30 21:18       ` Jörg Thalheim
  1 sibling, 1 reply; 11+ messages in thread
From: Bzzzz @ 2017-05-22  1:34 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

On Mon, 22 May 2017 03:08:03 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

> On Mon, May 22, 2017 at 3:02 AM, Bzzzz <lazyvirus@gmx.com> wrote:
> 
> > On Mon, 22 May 2017 02:41:13 +0200
> > "Jason A. Donenfeld" <Jason@zx2c4.com> wrote:
> >
> > > https://github.com/EggieCode/wireguard-ppa/issues/19
> >
> > Following your comment, you could flip the resolvconf dependency from
> > a mandatory one to a a recommand or even a suggest, with a few
> > comment lines into the /usr/share/doc/README.Debian file.
> >
> 
> The problem is that I would like to be able to use the -x and -m
> switches of resolvconf, which only openresolv has.

I see, but most of LANs _should_ have a DNS properly configured, and
roadwarriors at least a dnsmasq; as a matter of fact, everything started
to work correctly for me when I forced resolvconf to stop.
[reminder: The head of my LAN, that is my WG entry point, is also the
main DNS server and my laptop is the secondary one.]

If what you mean is avoiding DNS leaking, my suggestion is to have the
LAN DNS into the /etc/resolv.conf of the roadwarrior(s).
This is what's happen when I connect: it is the LAN entry point that
resolves.
Of course, if people do not tunnel their whole traffic through the VPN,
this behavior will be a problem (but only if the client's DNS server/masq
is rendered inoperant by the VPN connection - duno: untested conf.)

> However, it appears
> that openresolv does not work very well out of the box on Ubuntu.

How in soft words these things are said :)
(almost everyone that had to battle against resolvconf had murder
pulsions at least once.)

> So, I'm not quite sure what I can recommend to Ubuntu users as a
> reliable way of setting a per-interface DNS override. Or even what
> command I could put in wg-quick to encapsulate that kind of logic.
> 
> Any ideas?

1- list all possibilities,
2- test  "        "      , or ask people that use each one to see
   which are DNS hampered,
3- write a few lines into the README file to cover all cases,
4- have a rollmops and relax.

ubuntu people must understand that an OS isn't and can't be a
click'o'matic all the time, and that sometimes they have to open
the hood and get some grease on the hands before the engine starts
properly - this is *always* a good thing.

Jean-Yves

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-22  1:34       ` Bzzzz
@ 2017-05-22  1:40         ` Jason A. Donenfeld
  2017-05-22  2:11           ` Bzzzz
  0 siblings, 1 reply; 11+ messages in thread
From: Jason A. Donenfeld @ 2017-05-22  1:40 UTC (permalink / raw)
  To: Bzzzz; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 337 bytes --]

On Mon, May 22, 2017 at 3:34 AM, Bzzzz <lazyvirus@gmx.com> wrote:
>
> ubuntu people must understand that an OS isn't and can't be a
> click'o'matic all the time
>

My Gentoo system is more click-o-matic than Ubuntu dysfunctionality.

Anyway, here's the solution I'm considering at the moment:
https://github.com/jlund/streisand/pull/702

[-- Attachment #2: Type: text/html, Size: 808 bytes --]

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-22  1:40         ` Jason A. Donenfeld
@ 2017-05-22  2:11           ` Bzzzz
  0 siblings, 0 replies; 11+ messages in thread
From: Bzzzz @ 2017-05-22  2:11 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

On Mon, 22 May 2017 03:40:36 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

Whoops, back in the loop:
=20
> Anyway, here's the solution I'm considering at the moment:
> https://github.com/jlund/streisand/pull/702

> My Gentoo system is more click-o-matic than Ubuntu dysfunctionality. =20

Gentoo is good (they also hate shitstemd;)
ubuntu is=E2=80=A6 ubuntu - using testing packages I wouldn't consider in a=
ny
configuration (I use Debian).

> Anyway, here's the solution I'm considering at the moment:
> https://github.com/jlund/streisand/pull/702 =20

This sounds fair, the only pending question being the last one:
"Building on that last point, I'm still uncertain exactly how Ubuntu's
use of dnsmasq interacts with --enable-updates/disable-updates and
resolvconf in general."
that I can't answer.
All I know is Debian waits for ~30s and jump to another resolver if
there's one into /etc/resolv.conf - but it doesn't keep track about
that (or not very long) and do the same for almost each DNS request.

My guess is you're trying to do too much for end users; just advertise
behaviors and let people fix their own configuration.
After all, this ML is here for that and WG is about VPN, not DNS.

Jean-Yves

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-21 23:13 openresolv dependency Bert Vermeulen
  2017-05-21 23:23 ` Bzzzz
  2017-05-22  0:41 ` Jason A. Donenfeld
@ 2017-05-22 11:02 ` Jason A. Donenfeld
  2017-05-22 11:09   ` Bert Vermeulen
  2 siblings, 1 reply; 11+ messages in thread
From: Jason A. Donenfeld @ 2017-05-22 11:02 UTC (permalink / raw)
  To: Bert Vermeulen, Egbert Verhage; +Cc: WireGuard mailing list

Hi Bert,

11 hours later, your wish has become a reality, thanks to Eggie for
updating the PPA.

Regards,
Jason

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-22 11:02 ` Jason A. Donenfeld
@ 2017-05-22 11:09   ` Bert Vermeulen
  0 siblings, 0 replies; 11+ messages in thread
From: Bert Vermeulen @ 2017-05-22 11:09 UTC (permalink / raw)
  To: Jason A. Donenfeld, Egbert Verhage; +Cc: WireGuard mailing list

On 05/22/2017 01:02 PM, Jason A. Donenfeld wrote:
> Hi Bert,
> 
> 11 hours later, your wish has become a reality, thanks to Eggie for
> updating the PPA.

Awesome! Thanks all for the quick response.


-- 
Bert Vermeulen
bert@biot.com

^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: openresolv dependency
  2017-05-22  1:08     ` Jason A. Donenfeld
  2017-05-22  1:34       ` Bzzzz
@ 2017-05-30 21:18       ` Jörg Thalheim
  1 sibling, 0 replies; 11+ messages in thread
From: Jörg Thalheim @ 2017-05-30 21:18 UTC (permalink / raw)
  To: wireguard

On 2017-05-22 02:08, Jason A. Donenfeld wrote:
>
>
> On Mon, May 22, 2017 at 3:02 AM, Bzzzz <lazyvirus@gmx.com <mailto:lazyvirus@gmx.com>> wrote:
>
>     On Mon, 22 May 2017 02:41:13 +0200
>     "Jason A. Donenfeld" <Jason@zx2c4.com <mailto:Jason@zx2c4.com>> wrote:
>
>     > https://github.com/EggieCode/wireguard-ppa/issues/19 <https://github.com/EggieCode/wireguard-ppa/issues/19>
>
>     Following your comment, you could flip the resolvconf dependency from
>     a mandatory one to a a recommand or even a suggest, with a few comment
>     lines into the /usr/share/doc/README.Debian file.
>
>
> The problem is that I would like to be able to use the -x and -m switches of resolvconf, which only openresolv has. However, it appears that openresolv does not work very well out of the box on Ubuntu.
>
> So, I'm not quite sure what I can recommend to Ubuntu users as a reliable way of setting a per-interface DNS override. Or even what command I could put in wg-quick to encapsulate that kind of logic.
>
> Any ideas?
>

If I recall correctly ubuntu 16.10+ switched to systemd-resolved, which has a saner way of per-interface DNS server
(I would even say the first true DNS server per-interface resolver implementation at all on linux).

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, other threads:[~2017-05-30 21:06 UTC | newest]

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-21 23:13 openresolv dependency Bert Vermeulen
2017-05-21 23:23 ` Bzzzz
2017-05-22  0:41 ` Jason A. Donenfeld
2017-05-22  1:02   ` Bzzzz
2017-05-22  1:08     ` Jason A. Donenfeld
2017-05-22  1:34       ` Bzzzz
2017-05-22  1:40         ` Jason A. Donenfeld
2017-05-22  2:11           ` Bzzzz
2017-05-30 21:18       ` Jörg Thalheim
2017-05-22 11:02 ` Jason A. Donenfeld
2017-05-22 11:09   ` Bert Vermeulen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.