yet another This device is not using NextDNS.
quick sitrep:
three systems, all running Kubuntu 2204 and NextDNS 1.42
All OS are up to date.
browsers WaterFox, FireFox, LibreFox report working NextDNS on two systems.
yet, on one system, FireFox, WaterFox, LibreFox complain of the above "not using" when on nextdns.io, which identifies "This device is currently using 'TerraTransit AG' as DNS resolver." (all browsers installed using either FlatPak or SNAP so ARE isolated from each other.)
(also, if i understood what i was doing on the ADMINACCOUNT, System Settings/Network, i MANUALLY set the DNS to 45.90.28.241 and 45.90.30.241; but i am uncertain as to how to get the OS to display if it is actually using these, or, which DNS settings as one could in Windows using the CLI command: ipconfig /all which would detail the OS' configured DNS)
here are CLI details of NextDNS:
=========================================
ADMINACCOUNT@5479:~$ sh -c "$(curl -sL https://nextdns.io/install)"
INFO: OS: ubuntu
INFO: GOARCH: amd64
INFO: GOOS: linux
INFO: NEXTDNS_BIN: /usr/bin/nextdns
INFO: INSTALL_RELEASE: 1.42.0
c) Configure NextDNS
r) Remove NextDNS
e) Exit
Choice (default=c): c
NextDNS Profile ID (default=#################):
Sending your devices name lets you filter analytics and logs by device.
Report device name? [Y|n]: y
Accept DNS request from other network hosts.
Setup as a router? (y/n): n
Make NextDNS CLI cache responses. This improves latency and reduces the amount
of queries sent to NextDNS.
Enable caching? [Y|n]: y
Instant refresh will force low TTL on responses sent to clients so they rely
on CLI DNS cache. This will allow changes on your NextDNS config to be applied
on your LAN hosts without having to wait for their cache to expire.
Enable instant refresh? [Y|n]: y
Changes DNS settings of the host automatically when NextDNS is started.
If you say no here, you will have to manually configure DNS to 127.0.0.1.
Automatically setup local host DNS? [Y|n]: y
NextDNS installed and started using systemd init
c) Configure NextDNS
r) Remove NextDNS
e) Exit
Choice (default=c): e
=========================================
Usage: nextdns <command> [arguments]
The commands are:
install install service init on the system
uninstall uninstall service init from the system
start start installed service
stop stop installed service
restart restart installed service
status return service status
log show service logs
upgrade upgrade the cli to the latest version
run run the daemon
config manage configuration
activate setup the system to use NextDNS as a resolver
deactivate restore the resolver configuration
discovered display discovered clients
cache-stats display cache statistics
cache-keys dump the list of cached entries
trace display a stack trace dump
version show current version
USERACCOUNT@5479:~$ nextdns version
nextdns version 1.42.0
USERACCOUNT@5479:~$ nextdns status
running
USERACCOUNT@5479:~$ nextdns log
Error: not supported
=========================================
(not supported?)
So.
I can not provide "log" information, for, some, reason.
Also, as two of the systems are IDENTICAL OS & Hardware,
this suggests there is a specific configuration issue on the one.
I would appreciate suggestions on additional tests i can run to track-down what is amiss on the one problem system.
28 replies
-
found it: "dig"
which displays:
USERACCOUNT@5479:~$ dig
; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34178
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 1800 IN NS g.root-servers.net.
. 1800 IN NS l.root-servers.net.
. 1800 IN NS f.root-servers.net.
. 1800 IN NS c.root-servers.net.
. 1800 IN NS m.root-servers.net.
. 1800 IN NS e.root-servers.net.
. 1800 IN NS i.root-servers.net.
. 1800 IN NS b.root-servers.net.
. 1800 IN NS a.root-servers.net.
. 1800 IN NS k.root-servers.net.
. 1800 IN NS d.root-servers.net.
. 1800 IN NS j.root-servers.net.
. 1800 IN NS h.root-servers.net.
;; Query time: 72 msec
;; SERVER: 45.90.30.241#53(45.90.30.241) (UDP)
;; WHEN: Wed Mar 06 15:35:28 EST 2024
;; MSG SIZE rcvd: 239
-
sooo,... no guidance from the gurus on additional tests i can perform to determine the source of the above DNS use confusion?
-
Sorry a bit late to this, only just read your thread.
When using the CLI your OS should be pointed to 127.0.0.1 for DNS lookups (as that is where the CLI is listening). By setting up 45.90.28.* & 45.90.30.* manually you’re actually bypassing the NextDNS CLI.
-
Thank you for the input.
I did remove all Network Connections settings, placing back to 'Automatic,' rebooted PC, and here are my abysmal results:
==========================
ADMINACCT@5479:~$ nextdns activate
Error: setup resolv.conf: write /etc/resolv.conf.nextdns-tmp: open /etc/resolv.conf.nextdns-tmp: permission denied
ADMINACCT@5479:~$ sudo nextdns
[sudo] password for ADMINACCT:
Usage: nextdns <command> [arguments]The commands are:
install install service init on the system
uninstall uninstall service init from the system
start start installed service
stop stop installed service
restart restart installed service
status return service status
log show service logs
upgrade upgrade the cli to the latest version
run run the daemon
config manage configuration
activate setup the system to use NextDNS as a resolver
deactivate restore the resolver configuration
discovered display discovered clients
cache-stats display cache statistics
cache-keys dump the list of cached entries
trace display a stack trace dump
version show current versionADMINACCT@5479:~$ sudo nextdns activate
Error: setup resolv.conf: rename /etc/resolv.conf.nextdns-tmp /etc/resolv.conf: operation not permitted
ADMINACCT@5479:~$ nextdns status
running
ADMINACCT@5479:~$ nextdns version
nextdns version 1.42.0
ADMINACCT@5479:~$ nextdns config
profile ######
log-queries false
mdns all
bogus-priv true
use-hosts true
max-inflight-requests 256
hardened-privacy false
timeout 5s
debug false
listen localhost:53
cache-size 10MB
cache-max-age 0s
discovery-dns
control /var/run/nextdns.sock
auto-activate true
max-ttl 5s
report-client-info true
detect-captive-portals false
setup-router false
ADMINACCT@5479:~$==========================
USERACCT@5479:~$ dig
; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15754
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 1800 IN NS b.root-servers.net.
. 1800 IN NS c.root-servers.net.
. 1800 IN NS d.root-servers.net.
. 1800 IN NS e.root-servers.net.
. 1800 IN NS f.root-servers.net.
. 1800 IN NS g.root-servers.net.
. 1800 IN NS h.root-servers.net.
. 1800 IN NS i.root-servers.net.
. 1800 IN NS j.root-servers.net.
. 1800 IN NS k.root-servers.net.
. 1800 IN NS l.root-servers.net.
. 1800 IN NS m.root-servers.net.
. 1800 IN NS a.root-servers.net.
;; Query time: 87 msec
;; SERVER: 45.90.30.241#53(45.90.30.241) (UDP)
;; WHEN: Sat Mar 09 13:45:13 EST 2024
;; MSG SIZE rcvd: 239
USERACCT@5479:~$ nextdns status
running
==========================kinda feels like i am slipping further down the Rabbit's Hole™
Is there anything else i may attempt to determine 1. Why this OS has recently chosen to use different DNS, and what other CLI tests i can implement?
{i do not think anything has changed OS-wise}
Do please keep in mind, that while i am using Kubuntu,
i am by NO means an All Knowing Linux Elite Who Knows & Can Instantly-recall ALL the MAN Pages!!™
So a simplified answer would be greatly appreciated
-
Hmm… very odd that sudo nextdns activate returns that error with permission denied.
Anyway, let’s see the output for
systemctl status nextdns -o cat
(you may need to scroll the output with the arrow keys to get to the end, then press “q”)
Also same command after “sudo nextdns restart”, thanks. (some entries might not show up as log may not go back that far first time)
-
Thank you RPM for this assistance :)
here are the results:ADMINACCT@5479:~$ systemctl status nextdns -o cat
● nextdns.service - NextDNS DNS53 to DoH proxy.
Loaded: loaded (/etc/systemd/system/nextdns.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-03-12 10:08:01 EDT; 27min ago
Main PID: 1043 (nextdns)
Tasks: 11 (limit: 18996)
Memory: 12.1M
CPU: 111ms
CGroup: /system.slice/nextdns.service
└─1043 /usr/bin/nextdns runStarting NextDNS 1.42.0/linux on localhost:53
Listening on TCP/127.0.0.1:53
Listening on UDP/127.0.0.1:53
Activating
Activate: setup resolv.conf: rename /etc/resolv.conf.nextdns-tmp /etc/resolv.conf: operation not permitted
Network change detected: enp5s0 flag up|broadcast|multicast -> up|broadcast|multicast|running
Endpoint provider failed: SourceHTTPSSVCProvider(dns.nextdns.io, https://dns.nextdns.io#45.90.28.0,2a07:a8c0::,45.90.30.0,2a07:a8c1::): exchange: rou>
Endpoint failed: https://dns1.nextdns.io#45.90.28.0,2a07:a8c0::: roundtrip: dial tcp 45.90.28.0:443: connect: network is unreachable
Endpoint failed: https://dns2.nextdns.io#45.90.30.0,2a07:a8c1::: roundtrip: dial tcp 45.90.30.0:443: connect: network is unreachable
Switching endpoint: 127.0.0.1:53ADMINACCT@5479:~$ sudo nextdns restart
[sudo] password for ADMINACCT:
ADMINACCT@5479:~$ sudo nextdns restart
ADMINACCT@5479:~$ systemctl status nextdns -o cat
● nextdns.service - NextDNS DNS53 to DoH proxy.
Loaded: loaded (/etc/systemd/system/nextdns.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-03-12 10:36:59 EDT; 15s ago
Main PID: 7300 (nextdns)
Tasks: 9 (limit: 18996)
Memory: 1.4M
CPU: 5ms
CGroup: /system.slice/nextdns.service
└─7300 /usr/bin/nextdns runStarted NextDNS DNS53 to DoH proxy..
Starting NextDNS 1.42.0/linux on localhost:53
Listening on TCP/127.0.0.1:53
Listening on UDP/127.0.0.1:53
Activating
Activate: setup resolv.conf: rename /etc/resolv.conf.nextdns-tmp /etc/resolv.conf: operation not permittedADMINACCT@5479:~$
-
Looks like it’s still not accessing /etc/resolv.conf
Probably need to check the file out.
ls -lhA /etc | grep -i resolv
In the meantime just set the network DNS to 127.0.0.1 and see if it’s using the CLI.
curl -L https://test.nextdns.io(no need to post here the results of above curl, should be obvious if working correctly)
-
Thank you again! :D
i will need to log out/in to the ADMIN acct to manually set the NIC to 127, but for now:
=======
USERACCT@5479:~$ ls -lhA /etc | grep -i resolv
-rw-r--r-- 1 root root 48 May 14 2023 resolv.conf
lrwxrwxrwx 1 root root 39 Jun 9 2022 resolv.conf.nextdns-bak -> ../run/systemd/resolve/stub-resolv.conf
-rw-r--r-- 1 root root 121 Mar 12 10:37 resolv.conf.nextdns-tmp
USERACCT@5479:~$ curl -L https://test.nextdns.io
{
"status": "unconfigured",
"resolver": "45.134.224.92",
"srcIP": "45.134.224.83",
"server": "anexia-chi-1"
}
USERACCT@5479:~$=======
kinda thinking that "unconfigured" means something, huh?
-
Yep, it’s not using NextDNS at all, that’s what you see on the test.
I don’t see any permission issues with the resolv.conf file, very odd why it’s not allowing it. Maybe deleting the tmp file might unlock things? It shouldn’t cause any harm in doing so.
sudo rm -i /etc/resolv.conf.nextdns-tmp
-
needless to say, i am beginning to become discouraged,...
ADMINACCT@5479:~$ sudo rm -i /etc/resolv.conf.nextdns-tmp
[sudo] password for ADMINACCT:
rm: remove regular file '/etc/resolv.conf.nextdns-tmp'? y
ADMINACCT@5479:~$ sudo rm -i /etc/resolv.conf.nextdns-tmp
rm: cannot remove '/etc/resolv.conf.nextdns-tmp': No such file or directory
ADMINACCT@5479:~$ sh -c "$(curl -sL https://nextdns.io/install)"
INFO: OS: ubuntu
INFO: GOARCH: amd64
INFO: GOOS: linux
INFO: NEXTDNS_BIN: /usr/bin/nextdns
INFO: INSTALL_RELEASE: 1.42.0
c) Configure NextDNS
r) Remove NextDNS
e) Exit
Choice (default=c): c
NextDNS Profile ID (default=#######):
Sending your devices name lets you filter analytics and logs by device.
Report device name? [Y|n]: y
Accept DNS request from other network hosts.
Setup as a router? (y/n): n
Make NextDNS CLI cache responses. This improves latency and reduces the amount
of queries sent to NextDNS.
Enable caching? [Y|n]: y
Instant refresh will force low TTL on responses sent to clients so they rely
on CLI DNS cache. This will allow changes on your NextDNS config to be applied
on your LAN hosts without having to wait for their cache to expire.
Enable instant refresh? [Y|n]: y
Changes DNS settings of the host automatically when NextDNS is started.
If you say no here, you will have to manually configure DNS to 127.0.0.1.
Automatically setup local host DNS? [Y|n]: y
NextDNS installed and started using systemd init
c) Configure NextDNS
r) Remove NextDNS
e) Exit
Choice (default=c): e
ADMINACCT@5479:~$ nextdns status
running
ADMINACCT@5479:~$ nextdns log
Mar 12 10:08:01 5479 systemd[1]: Started NextDNS DNS53 to DoH proxy..
Mar 12 10:08:07 5479 nextdns[1043]: Starting NextDNS 1.42.0/linux on localhost:53
Mar 12 10:08:07 5479 nextdns[1043]: Listening on TCP/127.0.0.1:53
Mar 12 10:08:07 5479 nextdns[1043]: Listening on UDP/127.0.0.1:53
Mar 12 10:08:12 5479 nextdns[1043]: Activating
Mar 12 10:08:12 5479 nextdns[1043]: Activate: setup resolv.conf: rename /etc/resolv.conf.nextdns-tmp /etc/resolv.conf: operation not permitted
Mar 12 10:08:17 5479 nextdns[1043]: Network change detected: enp5s0 flag up|broadcast|multicast -> up|broadcast|multicast|running
Mar 12 10:08:17 5479 nextdns[1043]: Endpoint provider failed: SourceHTTPSSVCProvider(dns.nextdns.io, https://dns.nextdns.io#45.90.28.0,2a07:a8c0::,45.90.30.0,2a07:a8c1::): exchange: roundtrip: dial tcp 45.90.28.0:443: connect: network is unreachable
Mar 12 10:08:17 5479 nextdns[1043]: Endpoint failed: https://dns1.nextdns.io#45.90.28.0,2a07:a8c0::: roundtrip: dial tcp 45.90.28.0:443: connect: network is unreachable
Mar 12 10:08:17 5479 nextdns[1043]: Endpoint failed: https://dns2.nextdns.io#45.90.30.0,2a07:a8c1::: roundtrip: dial tcp 45.90.30.0:443: connect: network is unreachable
Mar 12 10:08:17 5479 nextdns[1043]: Switching endpoint: 127.0.0.1:53
Mar 12 10:36:52 5479 systemd[1]: Stopping NextDNS DNS53 to DoH proxy....
Mar 12 10:36:52 5479 systemd[1]: nextdns.service: Deactivated successfully.
Mar 12 10:36:52 5479 systemd[1]: Stopped NextDNS DNS53 to DoH proxy..
Mar 12 10:36:52 5479 systemd[1]: Started NextDNS DNS53 to DoH proxy..
Mar 12 10:36:52 5479 nextdns[7282]: Starting NextDNS 1.42.0/linux on localhost:53
Mar 12 10:36:52 5479 nextdns[7282]: Listening on TCP/127.0.0.1:53
Mar 12 10:36:52 5479 nextdns[7282]: Listening on UDP/127.0.0.1:53
Mar 12 10:36:57 5479 nextdns[7282]: Activating
Mar 12 10:36:57 5479 nextdns[7282]: Activate: setup resolv.conf: rename /etc/resolv.conf.nextdns-tmp /etc/resolv.conf: operation not permitted
Mar 12 10:36:59 5479 nextdns[7282]: Received signal: terminated
Mar 12 10:36:59 5479 nextdns[7282]: Stopping NextDNS 1.42.0/linux
Mar 12 10:36:59 5479 systemd[1]: Stopping NextDNS DNS53 to DoH proxy....
Mar 12 10:36:59 5479 nextdns[7282]: Deactivating
Mar 12 10:36:59 5479 nextdns[7282]: Deactivate: restore resolv.conf: rename /etc/resolv.conf.nextdns-bak /etc/resolv.conf: operation not permitted
Mar 12 10:36:59 5479 nextdns[7282]: NextDNS 1.42.0/linux stopped
Mar 12 10:36:59 5479 systemd[1]: nextdns.service: Deactivated successfully.
Mar 12 10:36:59 5479 systemd[1]: Stopped NextDNS DNS53 to DoH proxy..
Mar 12 10:36:59 5479 systemd[1]: Started NextDNS DNS53 to DoH proxy..
Mar 12 10:36:59 5479 nextdns[7300]: Starting NextDNS 1.42.0/linux on localhost:53
Mar 12 10:36:59 5479 nextdns[7300]: Listening on TCP/127.0.0.1:53
Mar 12 10:36:59 5479 nextdns[7300]: Listening on UDP/127.0.0.1:53
Mar 12 10:37:04 5479 nextdns[7300]: Activating
Mar 12 10:37:04 5479 nextdns[7300]: Activate: setup resolv.conf: rename /etc/resolv.conf.nextdns-tmp /etc/resolv.conf: operation not permitted
Mar 13 03:01:39 5479 nextdns[7300]: Received signal: terminated
Mar 13 03:01:39 5479 nextdns[7300]: Stopping NextDNS 1.42.0/linux
Mar 13 03:01:39 5479 systemd[1]: Stopping NextDNS DNS53 to DoH proxy....
Mar 13 03:01:39 5479 nextdns[7300]: Deactivating
Mar 13 03:01:39 5479 nextdns[7300]: Deactivate: restore resolv.conf: rename /etc/resolv.conf.nextdns-bak /etc/resolv.conf: operation not permitted
Mar 13 03:01:39 5479 nextdns[7300]: NextDNS 1.42.0/linux stopped
Mar 13 03:01:39 5479 systemd[1]: nextdns.service: Deactivated successfully.
Mar 13 03:01:39 5479 systemd[1]: Stopped NextDNS DNS53 to DoH proxy..
Mar 13 03:01:39 5479 systemd[1]: nextdns.service: Consumed 2.229s CPU time.
Mar 13 03:01:40 5479 systemd[1]: Started NextDNS DNS53 to DoH proxy..
Mar 13 03:01:40 5479 nextdns[25366]: Starting NextDNS 1.42.0/linux on localhost:53
Mar 13 03:01:40 5479 nextdns[25366]: Listening on TCP/127.0.0.1:53
Mar 13 03:01:40 5479 nextdns[25366]: Listening on UDP/127.0.0.1:53
Mar 13 03:01:45 5479 nextdns[25366]: Activating
Mar 13 03:01:45 5479 nextdns[25366]: Activate: setup resolv.conf: rename /etc/resolv.conf.nextdns-tmp /etc/resolv.conf: operation not permitted
ADMINACCT@5479:~$ nextdns activate
Error: setup resolv.conf: write /etc/resolv.conf.nextdns-tmp: open /etc/resolv.conf.nextdns-tmp: permission denied
ADMINACCT@5479:~$ sudo rm -i /etc/resolv.conf.nextdns-tmp
rm: remove regular file '/etc/resolv.conf.nextdns-tmp'? y
ADMINACCT@5479:~$ nextdns activate
Error: setup resolv.conf: write /etc/resolv.conf.nextdns-tmp: open /etc/resolv.conf.nextdns-tmp: permission denied
ADMINACCT@5479:~$----------------------------------------------------
-
The CLI appears to be running but auto activate is failing.
Try,
dig google.com @127.0.0.1If there’s a response then NextDNS CLI is working.
Even if auto activate is not functioning correctly it’s not all bad. It just means you have to setup the dns to 127.0.01 manually (just the once though).Run the test again to see if the system is using the CLI.
curl -L https://test.nextdns.io -
USERACCT@5479:~$ dig google.com @127.0.0.1
; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26287
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A;; ANSWER SECTION:
google.com. 5 IN A 142.251.16.100
google.com. 5 IN A 142.251.16.113
google.com. 5 IN A 142.251.16.102
google.com. 5 IN A 142.251.16.101
google.com. 5 IN A 142.251.16.139
google.com. 5 IN A 142.251.16.138;; Query time: 64 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Mar 13 15:28:28 EDT 2024
;; MSG SIZE rcvd: 135USERACCT@5479:~$ curl -L https://test.nextdns.io
{
"status": "unconfigured",
"resolver": "91.196.69.87",
"srcIP": "91.196.69.89",
"server": "zepto-iad-1"
}
USERACCT@5479:~$the fact need-be stated,
that when viewing the System Settings/Network/Connections/IPv4 tab,
Method is set to Automatic, with
Other DNS Servers set to 127.0.0.1
already.
So all i need do is drop-down the menu and select Manual for Method?
Also, Question:
Where is the "server: zepto-iad-1" in the above curl command being assigned/retrieved from?
also, here is result from duplicate Hardware/OS without seeming nextdns issue:
USERACCT@5479:~$ curl -L https://test.nextdns.io
{
"status": "ok",
"protocol": "DOH",
"profile": "fp52b2d1b85abf851b",
"client": "91.196.69.89",
"srcIP": "91.196.69.89",
"destIP": "199.119.65.94",
"anycast": false,
"server": "zepto-iad-1",
"clientName": "nextdns-cli",
"deviceName": "5479",
"deviceID": "60DFA"
}
USERACCT@5479:~$ -
For the IPv4 tab, not sure what the best option is to use. It depends on what the other options are in the drop down. Also need to check on computer, later on and get back to you.
The server item is just what dns.nextdns.io resolves to at your location and is used to run the test on.
-
please see attached screen capture detailing Method of 'Automatic':
also, the DNS is configured to 127.0.0.1 (hidden by drop down)
-
Ok, after looking at it on my zorin lite laptop (based on Ubuntu with xfce desktop), the best option to use is “Automatic (only addresses)”.
This should give you the same as Automatic but with the custom dns option as the only one being used.
Using the manual option you would have to set up all the IPs for network connectivity (may be difficult if you don’t know what you’re doing).Anyway, check with the test curl addresses after you’ve changed to auto only addresses.
-
Automatic (only) is set, rebooted, and,...
no change:
USERACCT@5479:~$ curl -L https://test.nextdns.io
{
"status": "unconfigured",
"resolver": "45.134.224.139",
"srcIP": "45.134.224.133",
"server": "anexia-dal-1"
}
USERACCT@5479:~$ nextdns status
running
-
Ok, better have a look at the resolv.conf file contents.
cat /etc/resolv.conf
Also maybe try,
resolvectl status
(it might error out, not sure. May as well take a look anyway)
And last thing to check if systemd-resolved is running (I encountered issues with this running and trying to use something else for dns lookups).
systemctl status systemd-resolved -o cat
-
USERACCT@5479:~$ cat /etc/resolv.conf
nameserver 45.90.30.241
nameserver 45.90.28.241
USERACCT@5479:~$...
USERACCT@5479:~$ resolvectl status
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: 45.90.30.241
DNS Servers: 45.90.30.241 45.90.28.241Link 2 (enp5s0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
DNS Servers: 127.0.0.1
USERACCT@5479:~$...
USERACCT@5479:~$ systemctl status systemd-resolved -o cat
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2024-03-17 14:05:54 EDT; 10min ago
Docs: man:systemd-resolved.service(8)
man:org.freedesktop.resolve1(5)
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 821 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 18996)
Memory: 8.4M
CPU: 100ms
CGroup: /system.slice/systemd-resolved.service
└─821 /lib/systemd/systemd-resolvedWarning: some journal files were not opened due to insufficient permissions.
USERACCT@5479:~$--------
ADMINACCT@5479:~$ systemctl status systemd-resolved -o cat
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2024-03-17 14:05:54 EDT; 12min ago
Docs: man:systemd-resolved.service(8)
man:org.freedesktop.resolve1(5)
https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 821 (systemd-resolve)
Status: "Processing requests..."
Tasks: 1 (limit: 18996)
Memory: 8.4M
CPU: 100ms
CGroup: /system.slice/systemd-resolved.service
└─821 /lib/systemd/systemd-resolvedStarting Network Name Resolution...
Positive Trust Anchors:
. IN DS 20326 8 2 e##############################################################d
Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa>
Using system hostname '5479'.
Started Network Name Resolution.
enp5s0: Bus client set default route setting: yes
enp5s0: Bus client set DNS server list to: 127.0.0.1
Clock change detected. Flushing caches.
lines 1-24/24 (END) -
Ok, we’ve narrowed it down to the resolv.conf file containing the dns IPs.
Now, how to fix it. There are two options available, if one doesn’t work try the other.
1, edit the file in place to get the right IPs in it.sudo nano /etc/resolv.conf
Remove the two lines and replace with:
”nameserver 127.0.0.1”
(nano is quite easy to use as it shows in the terminal screen some of the options. To save the edits it’s ctl+o then return. It should say “Wrote x lines” if it completed the save. Then exit with ctl+x)
2, try renaming the file and then create the file with what you should have in it.
I will leave that for next time as it might not be needed or maybe you already know? -
"know"? no, i do not; i am doing all i can just to keep up with what is going on here.
Logged into ADMINACCT
issued sudo nano /etc/resolv.conf command, input ADMINACCT passphrase, then
BACKSPACED previous entries
input:
nameserver 127.0.0.1ctrl+o to save, received in red back ground/white font:
[ Error writing /etc/resolv.conf: Operation not permitted ]
in attempts to rename file also verify its permissions,
did search for "resolv.conf" of the entire hard drive
only to find 27 entries of either resolv.conf or stubresolv.conf, et al. in various directories. {wait, WHY 27 entries? or, is this Obfuscation-Through-Deluge™ that is so prevalent in the IT industry?
}so, which one is to be renamed?
-
Oh no red error! It’s the same error as before with nextdns activate.
I think you should check the admin account’s custom permissions, something appears to be blocking the editing of the /etc/resolv.conf file. I suspect that even attempting to delete that file will result in the same error “operation not permitted”.
One idea is to create a temporary alternative admin account to see if that will work correctly with “nextdns activate” and actually change that resolv.conf file once and for all!
-
After a quick search I may have found something relevant to the situation you’re in with regards to the resolv.conf file and “operation not permitted”.
https://wiki.archlinux.org/title/File_permissions_and_attributes#File_attributes
From that page of information the “resolv.conf” file may have set an immutable flag which makes the file impossible to overwrite or edit, even with sudo command. How it happened I have no idea but to check the file use this command:
lsattr /etc/resolv.conf
if an “i” appears in the output then it is “immutable”. So to remove the immutable flag use:
sudo chattr -i /etc/resolv.conf
Check it’s removed with the command before. Hopefully now nextdns activate will complete successfully with no error.
-
ADMINACCT@5479:~$ lsattr /etc/resolv.conf
----i---------e------- /etc/resolv.confADMINACCT@5479:~$ sudo chattr -i /etc/resolv.conf
[sudo] password for ADMINACCT:ADMINACCT@5479:~$ lsattr /etc/resolv.conf
--------------e------- /etc/resolv.confADMINACCT@5479:~$ nextdns status
runningADMINACCT@5479:~$ nextdns activate
Error: setup resolv.conf: write /etc/resolv.conf.nextdns-tmp: open /etc/resolv.conf.nextdns-tmp: permission deniedADMINACCT@5479:~$
~~~~~~~~~~~REBOOTED.~~~~~~~~~~~~~~~~~~~~
ADMINACCT@5479:~$ sudo nextdns status
runningADMINACCT@5479:~$ nextdns activate
Error: setup resolv.conf: write /etc/resolv.conf.nextdns-tmp: open /etc/resolv.conf.nextdns-tmp: permission deniedADMINACCT@5479:~$ lsattr /etc/resolv.conf
--------------e------- /etc/resolv.confADMINACCT@5479:~$
color me,... con-fuuuz'D (not just regular confused, but confused to the Nth Degree
)considering what little i do know of the OS, the most recent commands should have worked,...
-
I think you need to run it with sudo in front.
sudo nextdns activate
It may have already activated after the reboot. Check the status of the nextdns service:
systemctl status nextdns -o cat
And also use the curl check to be sure:
curl -L https://test.nextdns.io
-
from what i have seen, when issuing sudo a second time on the same terminal window, i am not prompted for ADMINACCT passphrase as i was the first time; seeming to suggest the 'session' is raised as such to sudo for all following commands.
in regards to the second command:
......................................................................................................
USERACCT@5479:~$ systemctl status nextdns -o cat
● nextdns.service - NextDNS DNS53 to DoH proxy.
Loaded: loaded (/etc/systemd/system/nextdns.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2024-03-19 12:57:54 EDT; 7h ago
Main PID: 1024 (nextdns)
Tasks: 13 (limit: 18996)
Memory: 15.8M
CPU: 2.851s
CGroup: /system.slice/nextdns.service
└─1024 /usr/bin/nextdns run
Warning: some journal files were not opened due to insufficient permissions.
......................................................................................................
USERACCT@5479:~$ curl -L https://test.nextdns.io
{
"status": "ok",
"protocol": "DOH",
"profile": "fp52b2d1b85abf851b",
"client": "91.196.69.150",
"srcIP": "91.196.69.150",
"destIP": "5.161.43.197",
"anycast": false,
"server": "hetzner-iad-1",
"clientName": "nextdns-cli",
"deviceName": "5479",
"deviceID": "60DFA"
}
............................................................................ok, this is WEIRD.
the above commands were issued this a.m.
with said results.
just now, with the curl cmd and its status of: "ok"
i reloaded
https://my.nextdns.io/######/setup
to now receive:
All good!
This device is using NextDNS with this profile.
WHAT. is going on here?!
-
Content aside
- 1 mth agoLast active
- 28Replies
- 381Views
-
2
Following