[mentaaal]

Hi All,
I am using Arch on a raspberry pi 3 which has its network setup via DHCP on ethernet.
The router in question is not connected to the internet and I'm essentially just using it as a hub at present.
Occasionally, I would like to connect the pi to the internet.
To accomplish this, I use my arch based laptop temporarily as a gateway (using iptables). This laptop is also connected to the aforementioned router but it is also connected to the internet via a different NIC.

Due to the DHCP configuration, the PI would have it's gateway set to the router's IP: 192.168.0.1.
I deleted this route and added a new default gateway to be the laptop I have setup as a gateway.
Now, I thought that all that remained to be done would be to edit /etc/resolv.conf to appropriately update the nameserver.

I did that and set it to 8.8.8.8 (google's primary DNS server). I can then ping this server and other sites on the web but dns name resolution doesn't work.

After a while of scratching my head, I resorted to wireshark and could see that dns lookups were still being addressed to the router.

I then tried an additional iptables rule on the pi: 'iptables -t nat -A OUTPUT -p udp -m udp --dport 53 -j DNAT --to-destination 8.8.8.8:53'.
This works and I can access the internet on the pi.

Now, with that preamble out of the way, the question I have is why do I need that last iptables rule? Why is the pi still forwarding dns requests to the router even though I had updated my /etc/resolv.conf?

The failing scenario:
Routing info:

default via 192.168.0.198 dev eth0
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.197

resolv.conf:

nameserver 8.8.8.8

Relevant services that are running:
systemd-resolved
systemd-networkd

resolved's man page has this to say:

The DNS servers contacted are determined from the global settings in
/etc/systemd/resolved.conf, the per-link static settings in /etc/systemd/network/*.network
files, the per-link dynamic settings received over DHCP and any DNS server information made
available by other system services. See resolved.conf(5) and systemd.network(5) for details
about systemd's own configuration files for DNS servers. To improve compatibility,
/etc/resolv.conf is read in order to discover configured system DNS servers, but only if it
is not a symlink to /run/systemd/resolve/resolv.conf (see below).

I checked /etc/systemd/resolved.conf and /etc/systemd/network/eth0.network.

resolved.conf:

# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
#DNS=
#FallbackDNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
#Domains=
#LLMNR=yes
#DNSSEC=no
#Cache=yes
#DNSStubListener=udp

eth0.network:

[Match]
Name=eth0

[Network]
DHCP=yes

uname -r:
4.4.39-1-ARCH

[WarheadsSE]

If you are using systemd-resolved, you should not be editing the /etc/resolv.conf symlink (it is managed!), but should be overriding the DNS that you want in the network profile.

[mentaaal]

thanks for the reply.
The file /etc/resolv.conf says:

# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.

This is what I did, access it through the symlink at /etc/resolv.conf.

I can appreciate that the modifications I make to this file will be overriten at a later stage but this is really a temporary measure.

You say I shouldn't be editing this file, fair enough, I can do so using the network profile as you suggest. If I understand your comment, are you saying that modifications to /etc/resolv.conf won't have any affect?

[slackit2]

It depends on the application if its using systemd-resolvd or /etc/resolv.conf
When i run strace ping google.de i get something like that:


$this->bbcode_second_pass_quote('', '
')open("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=1739, ...}) = 0
read(5, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1739
read(5, "", 4096) = 0
close(5) = 0
open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=9, ...}) = 0
read(5, "multi on\n", 4096) = 9
read(5, "", 4096) = 0
close(5) = 0
getpid() = 4817
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=56, ...}) = 0
read(5, "# Generated by NetworkManager\nna"..., 4096) = 56
read(5, "", 4096) = 0
close(5) = 0
uname({sysname="Linux", nodename="localhost.localdomain", ...}) = 0
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0644, st_size=145540, ...}) = 0
mmap(NULL, 145540, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f9ce285b000
close(5) = 0

[WarheadsSE]

I am saying modifications to /etc/resolv.conf will be overridden, so don't both modifying them.

Use the profile in whichever program (systemd-networkd or NetworkManager), or remove the symlink, and create the contents of that file by hand. That will remain "on you" though.