| 12 Sep 2021 |
 das_j | ElvishJerricco: I don't think you need a comma between the nameservers | 09:52:50 |
| das_j | Just "8.8.8.8 8.8.4.4" (with the quotes) | 09:53:07 |
 ElvishJerricco | In reply to @janne.hess:helsinki-systems.de
ElvishJerricco: I don't think you need a comma between the nameservers Dhcpd4 gives me a syntax error if I remove that | 10:03:15 |
| das_j | oof | 10:03:23 |
| das_j | ah yes your syntax seems to be correct: option domain-name-servers 192.168.0.1, 1.1.1.1, 1.0.0.1; | 10:03:42 |
| das_j | * ah yes your syntax seems to be correct: option domain-name-servers 192.168.0.1, 1.1.1.1, 1.0.0.1;, sorry | 10:03:50 |
| das_j | ummm | 10:04:16 |
| das_j |
127.0.0.53
| 10:04:20 |
| das_j | https://wiki.archlinux.org/title/Systemd-resolved | 10:04:29 |
| ElvishJerricco | das_j: what's your point? | 10:06:40 |
| das_j | resolvectl status should show the nameservers | 10:06:54 |
| ElvishJerricco | das_j:
[will@nixos:~]$ resolvectl status
Global
Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1 8.8.8.8 1.0.0.1 8.8.4.4 2606:4700:4700::1111
2001:4860:4860::8888 2606:4700:4700::1001 2001:4860:4860::8844
Link 2 (eth0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
Link 3 (wlan0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
Link 4 (br0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=allow-downgrade/supported
Current DNS Server: 8.8.4.4
DNS Servers: 8.8.8.8 8.8.4.4
[will@nixos:~]$ ping google.com
ping: google.com: Name or service not known
| 10:07:43 |
| ElvishJerricco | huh, guess it has something to do with how I'm setting up the hostapd thing | 10:08:18 |
| 13 Sep 2021 |
| ElvishJerricco | I don't understand then. If resolvectl status shows some DNS servers on br0, why is DNS not working? | 01:24:36 |
| ElvishJerricco | $ resolvectl query google.com
google.com: resolve call failed: DNSSEC validation failed: signature-expired
Huh...
| 01:53:51 |
 lukegb (he/him) | So... is your clock set correctly? :P | 02:01:25 |
| ElvishJerricco | Probably not? | 02:02:16 |
| ElvishJerricco | I set services.resolved.dnssec = "false";, and then DNS started working. Then I removed that, and DNS continued working, even after a reboot | 02:03:04 |
| ElvishJerricco | Was it really a clock thing? | 02:03:09 |
| lukegb (he/him) | I was guessing based on the "signature-expired" thing | 02:03:41 |
| lukegb (he/him) | it's possible that you couldn't sync with NTP because DNS was broken, and DNS was broken because you couldn't sync with NTP | 02:03:55 |
| ElvishJerricco | I have no idea what the clock was set to, but I did notice that the logs for resolved included a lot of failures for ntp domains | 02:04:37 |
| ElvishJerricco | Didn't think that would be important... | 02:04:52 |
| ElvishJerricco | Yea just noticed journalctl logs thought it was June 29. Probably because that's when I last booted this device... | 02:07:22 |
|  disrupt_the_flow changed their profile picture. | 11:59:23 |
 hexa | if your machine does not have an RTC you are in for some fun with NTP/DNSSEC setups | 13:34:29 |
| 14 Sep 2021 |
|  Las joined the room. | 08:04:46 |
| Las | Does anyone know of a nix-y way of doing this in order to make upnpc work? Should I just use networking.firewall.extraCommands? | 08:07:05 |
 Linux Hackerman | In reply to @Las:matrix.org
Does anyone know of a nix-y way of doing this in order to make upnpc work? Should I just use networking.firewall.extraCommands? Yep pretty much. Put your rules in the nixos-fw chain so that they don't get duplicated every time firewall.service gets restarted | 08:10:55 |
| Las | Thanks | 08:19:04 |
