!tCyGickeVqkHsYjWnh:nixos.org

NixOS Networking

896 Members
Declaratively manage your switching, routing, wireless, tunneling and more.261 Servers

Load older messages

SenderMessageTime
11 Sep 2025
@toonn:matrix.orgtoonn Responds to DNS queries with mDNS responses. 16:25:05
@saiko:knifepoint.net@saiko:knifepoint.netoh wow 🫠16:27:14
@toonn:matrix.orgtoonn Don't tell anyone though, wouldn't want to hurt my reputation. 16:28:40
@saiko:knifepoint.net@saiko:knifepoint.netnew blackmail material acquired /j16:29:23
@ghostbuster91:matrix.orgghostbuster91please share it or otherwise I will spread the word :P 16:35:48
@toonn:matrix.orgtoonn I could upload it to Codeberg if you really want but it's a small pile of mostly commented out Haskell. 16:42:03
@ghostbuster91:matrix.orgghostbuster91yes, please, I am curious how it works actually16:44:30
12 Sep 2025
@jordanjoel1:matrix.org@jordanjoel1:matrix.org changed their profile picture.03:27:06
@jordanjoel1:matrix.org@jordanjoel1:matrix.org left the room.03:34:46
@ghostbuster91:matrix.orgghostbuster91 Katalin 🔪: toonn what do you think about switching from tailscale to zerotier in this case? 10:26:18
@toonn:matrix.orgtoonn Don't have experience with Zerotier. It sounds more open but I don't have reliable publically accessible hardware for relaying and such. 10:35:03
@emvee381:matrix.orgEm Vee joined the room.12:47:05
@toonn:matrix.orgtoonn ghostbuster91: As promised my unicast DNS multicaster, https://codeberg.org/toonn/dns2mdns 13:15:30
@jassu:kumma.juttu.asiaJassukoHuh? Doesn't nginx support resolving through normal OS provided name lookups?13:32:35
@toonn:matrix.orgtoonn If you have a configuration for me that makes that utility redundant, I'm all ears. 13:37:14
@magic_rb:matrix.redalder.orgmagic_rb

@toonn:matrix.org some haskell review

  • https://codeberg.org/toonn/dns2mdns/src/branch/trunk/src/Main.hs#L68 bytestring has toStrict and fromStrict in the lazy module
  • https://codeberg.org/toonn/dns2mdns/src/branch/trunk/src/Main.hs#L48 all toplevel bindings should have types
13:37:15
@magic_rb:matrix.redalder.orgmagic_rb You can enable mDNS in systemd-resolved and then nginx should use that. 13:37:49
@jassu:kumma.juttu.asiaJassukoI have that kind of setup somewhere. There's some shitty behaviors with the systemd-resolved mdns implementation relating to IPv6, but I don't remember what exactly was the pain point with that. It was something they specifically defined to do wrong and not care about, if I remember correctly.13:40:36
@jassu:kumma.juttu.asiaJassuko

I had this on one laptop where I absolutely needed to use network damager for managing WiFi due to reasons. Thus, the rather weird config on that.

   # Enable Network Manager for WiFi networking
   networking.networkmanager = {
     enable = true;
     connectionConfig."connection.mdns" = 2;
     dns = "systemd-resolved";
     # firewallBackend = "nftables"; ## Deprecated
   };
   networking.resolvconf.dnsSingleRequest = true;
   services.resolved = {
     enable = true;
     llmnr = "false";
     fallbackDns = [
 #      "8.8.8.8"
 #      "2001:4860:4860::8888"
       "1.1.1.1#cloudflare-dns.com"
       "1.0.0.1#cloudflare-dns.com"
       "2606:4700:4700::1111#cloudflare-dns.com"
       "2606:4700:4700::1001#cloudflare-dns.com"
     ];
     extraConfig = ''
         MulticastDNS=yes
         Cache=no-negative
       DNSOverTLS=opportunistic
       DNSStubListenerExtra=::53
     '';
   };
13:44:51
@jassu:kumma.juttu.asiaJassuko

Firewall needs to be handled as well, like:

   # Open ports in the firewall.
   networking.nftables.enable = config.networking.firewall.enable || false ;
   networking.firewall = {
     enable = false;
     allowedTCPPorts = [
       "22"
     ];
     allowedUDPPorts = [
       ""
     ];
     extraInputRules = ''
       ip6 daddr ff02::fb/128 udp sport 5353 dport 5353 accept
       ip daddr 224.0.0.251 udp sport 5353 dport 5353 accept
     '';
   };
13:45:31
@jassu:kumma.juttu.asiaJassukoso systemd-networkd is used to manage all other network things except WiFi, and systemd-resolved is used for all DNS lookups13:47:47
@toonn:matrix.orgtoonn Oh, you know what, I think I remember what the problem with systemd-resolved is in my case. It doesn't allow for subdomains of .local! 13:51:57
@k900:0upti.meK900That's out of spec13:52:15
@jassu:kumma.juttu.asiaJassuko

/etc/nsswitch.conf might or might not need adjusting as well for the hosts: -line. Namely, the resolve needs to be there correctly at the correct place depending on your other setup:

hosts:     mymachines resolve [!UNAVAIL=return] files myhostname dns
13:52:23
@toonn:matrix.orgtoonn Yep, and working well for me : ) 13:52:26
@toonn:matrix.orgtoonn I really don't see a good reason for it to be out of spec, it's just an arbitrary decision AFAICT. 13:53:07
@jassu:kumma.juttu.asiaJassukoAhh. Well, that is a use case I have not had. :D13:53:13
@magic_rb:matrix.redalder.orgmagic_rb Does the spec restrict valid TLDs? .local is very very common 13:57:29
@toonn:matrix.orgtoonn I think the spec requires .local actually. 13:57:51
@k900:0upti.meK900No, but the mDNS spec does not allow multiple parts in the domain name13:58:17

Show newer messages

Back to Room ListRoom Version: 6