/etc/resolv.conf broken after upgrade

[mro512]

Hello. I'm running rueNAS-13.0-U4 and since I have upgraded I have issues with DNS resolution.
For some reason, the contents of /etc/resolv.conf is as follows :
# Generated by resolvconf
nameserver fdaa:fbbc:bfdd:eef0:ff:f1d0::
I can see it's an IPv6 site-local adress but I don't know what it is doing there.
In the GUI, under network/general configuration the list of name servers is correct.
Is there any way to stop resolvconf from overwriting /etc/resolv.conf like that?
Thanks.

 

[-fun-]

Same here.

Configuration, IPv4 nameservers are there just fine:

Result, no IPv4 nameservers shown:

I guess this is the reason for the broken resolv.conf. IPv4 nameservers are missing from that as well ...

This breaks name resolution in all my jails (Edit: because they all inherit the hosts resolv.conf ...) because they do not use IPv6. This for example breaks certificate renewals ...

 

[Patrick M. Hausen]

Do you have IPv6 autoconfiguration active on any interface? If yes, then some router on your network is advertising that nameserver and TrueNAS is simply doing what it is supposed to do.

Brute force method: disable IPv6 for all interfaces. Better: find and fix that router.

For the jails having "/etc/resolv.conf" in the "resolver" parameter means "copy whatever the host has". If you explicitly set "resolver" to e.g. "nameserver 192.168.0.1" then that will be used and your jails will work again.

 

[-fun-]

Do you have IPv6 autoconfiguration active on any interface?

Yes, just checked. Has this been activated due to the update from 12.x to 13.0? I cannot remember whther I ever activated this myself.

Brute force method: disable IPv6 for all interfaces. Better: find and fix that router.

I could change the routers configuration, but this is not a wrong behavior of the router: I have RA activated (of course), and the radvd explicitly advertises DNS configuration. How else would IPv6 clients in the network be able to do name resolution.

I'm not sure whether the problem is not simply a faulty generation of the resolver configuration in TrueNAS: Why should it restrict itself to name resolution via IPv6 if both stacks are active? DHCP is not activated in my TrueNAS, everything is static for IPv4. And the resolver itself works perfectly fine if I have both IPv4 and IPv6 name servers in resolv.conf.

Now I'm obviously limited to switching off IPv6 in TrueNAS. Does no harm in my case.

For the jails having "/etc/resolv.conf" in the "resolver" parameter means "copy whatever the host has". If you explicitly set "resolver" to e.g. "nameserver 192.168.0.1" then that will be used and your jails will work again.

This inheritance and the way for an explicit configuration are obvious, and I want the inheritance.

 

[mro512]

Do you have IPv6 autoconfiguration active on any interface? If yes, then some router on your network is advertising that nameserver and TrueNAS is simply doing what it is supposed to do.

Brute force method: disable IPv6 for all interfaces. Better: find and fix that router.

For the jails having "/etc/resolv.conf" in the "resolver" parameter means "copy whatever the host has". If you explicitly set "resolver" to e.g. "nameserver 192.168.0.1" then that will be used and your jails will work again.

I have investigated further and it turns out that I get indeed RAs with a ULA originating from my Home gateway. However, this ULA does not respond to DNS requests. I have contacted my ISP and it is a known bug (ULA wrongly encoded) that will be fixed in a later release.

 

[mro512]

In case anyone is interested, the ISP is Proximus (BE), the affected HGW is "Bbox 3 SAGEM"

 

[surfer300zx]

Do you have IPv6 autoconfiguration active on any interface? If yes, then some router on your network is advertising that nameserver and TrueNAS is simply doing what it is supposed to do.

Brute force method: disable IPv6 for all interfaces. Better: find and fix that router.

For the jails having "/etc/resolv.conf" in the "resolver" parameter means "copy whatever the host has". If you explicitly set "resolver" to e.g. "nameserver 192.168.0.1" then that will be used and your jails will work again.

There are some cases where your router needs to advertise an IPv6 gateway but does not supply an IPv6 DNS server. In this case, the clients will simply use the IPv4 DNS server. This works for Windows clients, Mac OS, Android, iOS and everything else except FreeBSD hosts. Is FreeBSD equipped to handle this situation? It seems to me you are doubling down on wrong behavior. I don't think FreeBSD is handling this situation properly. It doesn't appear so. I think this may be bug. What am I missing?

 

[surfer300zx]

Just to be clear, the scenario is this. I hope I am being clear.

Network is dual-stack IPv4 and IPv6.
DNS and DHCP services handled by Windows Server with IPv4 address so router does not handle DNS services
Router sends itself as an IPv6 gateway but does not send an IPv6 address for DNS because the DNS IP will be received by client from DHCP server.

All clients are working except the FreeBSD jails. In addition, I can't just force my own resolv.conf entries because resolvconf is the last party to modify the /etc/resolv.conf file. I am unable to manually force my own nameservers. This seems like also a bug. My jail Also, there doesn't seem to be a simple way to deactivate IPv6, even if you uncheck Autoconfigure IPv6, so there's something odd about that too.

 

[surfer300zx]

One last thing. The jail works fine if everything is set to "automatic". It's only a problem when the jail requires a IPv4 static ip address.

 

[Patrick M. Hausen]

There are some cases where your router needs to advertise an IPv6 gateway but does not supply an IPv6 DNS server. In this case, the clients will simply use the IPv4 DNS server. This works for Windows clients, Mac OS, Android, iOS and everything else except FreeBSD hosts. Is FreeBSD equipped to handle this situation? It seems to me you are doubling down on wrong behavior. I don't think FreeBSD is handling this situation properly. It doesn't appear so. I think this may be bug. What am I missing?

FreeBSD hosts also work perfectly well in a dual-stack network when no IPv6 name server is advertised. We had e.g. a bug in OPNsense that advertised an empty name server list via IPv6 RA if no server was explicitly configured. That lead to FreeBSD hosts deleting the "nameserver" entry from /etc/resolv.conf.

Again if name server addresses are distributed via IPv4 DHCP or set statically and there is no name server info in your router advertisments, FreeBSD also works as expected.