13.12.2024 12:53, Vincent Lefevre wrote:
Anyway, /usr/share/doc/network-manager/NEWS.Debian.gz says:
network-manager (1.44.2-2) unstable; urgency=medium
NetworkManager or rather NetworkManager-dispatcher will no longer execute
ifupdown hook scripts from /etc/network/if-*.d/ on network state changes.
Ok. So in case of N-M we don't update resolv.conf at all.
And that's the root issue. I'll add the hooks for N-M in
the next version (it has become trivial).
So, the if-up.d and if-post-down.d scripts were supported when
the interface was brought up and down. But nothing was done for
DHCP changes, and AFAIK, running such scripts on DHCP changes
was not done with just ifupdown either. When I was using wicd
and isc-dhcp-client to connect to wifi networks, I had to use
the /etc/dhcp/dhclient-exit-hooks.d scripts to handle the DHCP
changes. IIRC, this was still working with NetworkManager and
isc-dhcp-client (when enabled). Then isc-dhcp-client became
obsolete.
...
And here's something else for you to consider, which'll fix the issue
for sure. Please consider running some local caching DNS resolver.
Like systemd-resolver, or dnsmasq. They're small things and work
well with network-manager too, and helps with DNS in general. With
any of these, the 'nameserver' line in your resolv.conf will always
point to localhost. I think I can add a Recommends: to postfix for
any of these.
Well, I had tried unbound to bypass the DNS servers of my ISP (like
I did on other machines, due to censorship via DNS in France), but
as a side effect, I could not use the DNS server 192.168.1.1 of my
FTTH router to resolve the hostnames of the machines on the local
network:
https://serverfault.com/questions/1145392/how-to-configure-unbound-to-forward-local-hostname-resolution-to-my-local-dns-se
and I could find no good workaround to resolve the local machines.
Also, for my last try, unbound was not working at all, and I did not
have the time to debug it yet.
Ugh.
There are 2 or 3 problems mixed together.
Unbound works. But let's not add it to the mix, together with
bypassing censorship.
I didn't mention unbound for a reason (I happen to be its maintainer
in debian too, fwiw), - because this one is a more complex beast.
I did mention systemd-resolved or dnsmasq, which are both cached
*stub* resolvers. The picture will be - whatever info provided
by DHCP -> stub resolver on 127.0.0.1 => everything else on the
host. Instead of info provided by DHCP => everything else on the
host. So the behavior does not change wrt which nameservers are
being used, but all local programs will talk to the same nameserver.
/mjt
