Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NixOS module does not resolve queries when enabled #75

Open
negatethis opened this issue Nov 30, 2024 · 7 comments
Open

NixOS module does not resolve queries when enabled #75

negatethis opened this issue Nov 30, 2024 · 7 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@negatethis
Copy link

Hello, I've been trying to set up leng v1.6.1 using the flake.nix NixOS module. I currently use dnsmasq with the following basic configuration:

{ 
  services.dnsmasq = { 
    enable = true; 
    alwaysKeepRunning = true;

    settings = { 
      server = [ "1.1.1.1" "1.0.0.1" ]; 
      address = "/nixos.server/192.168.0.82"; 
    }; 
  }; 
}

I added this configuration for leng:

{
  services.leng = { 
    enable = true; 
    configuration = { 
      bind = "0.0.0.0:53"; 
      api = "127.0.0.1:5300"; 
      blocking.sourcesStore = "/var/lib/leng-sources"; 
    }; 
  }; 
}

When I disable dnsmasq and enable leng with that configuration, no queries are resolved on my server, so I can't ping basic sites like "google.com", etc. The leng logs look like this: leng-logs.txt.

Are there extra options I need to set somewhere to get leng to work as a local DNS resolver for my server?

@cottand
Copy link
Owner

cottand commented Nov 30, 2024

hi!

Yes, you can achieve similar functionality by setting your local resolver to the leng DNS address. With your example:

services.leng = { 
  enable = true; 
  configuration = { 
    bind = "0.0.0.0:53"; 
    api = "127.0.0.1:5300";   
    blocking.sourcesStore = "/var/lib/leng-sources"; 
  }; 
}; 
networking.nameservers = [ "127.0.0.1" ]

Keep in mind this might leave your machine without DNS if leng goes down, so I recommend a more HA setup were you have several machines with leng running and they are all part of the networking.nameservers setting (dnsmasq has the same problem). But if you're ok with that this is the way!

As for why it works in dnsmasq automatically, it's because it has services.dnsmasq.resolveLocalQueries, an option that is true by default, which does the same thing.

@cottand cottand added the question Further information is requested label Nov 30, 2024
@negatethis
Copy link
Author

I tried adding the networking.nameservers attribute as suggested, but I get the same results. I took a look at the dnsmasq module and noticed resolvconf has the useLocalResolver attribute set to true, so I tried again, but this time added that attribute and specifically enabled resolvconf:

{
    networking = {
        nameservers = [ "127.0.0.1" ];

        resolvconf = {
            enable = true;
            useLocalResolver = true;
        };
    };
}

But I get the same results as before. leng won't resolve any queries and produces the same log file output.

@cottand
Copy link
Owner

cottand commented Dec 4, 2024

I took a look at the dnsmasq module and noticed resolvconf has the useLocalResolver attribute set to true

yes, this is what I meant in my message above: resolveconf.useLocalResolver is true by default, and resolveconf.useLocalResolver = true is the same as setting nameservers = [ "127.0.0.1" ]

Sorry for the back and forth, but I would like to make sure I am understanding you properly. Are you trying to use dnsmasq and leng at the same time? If yes this would result in the behaviour you describe.

As for the errors in leng file output, leng does need some other DNS resolver to be present in the system to be able to download blocklists, but this should not stop it from resolving queries.

@negatethis
Copy link
Author

No worries about the back and forth. To clear things up, I am running the unstable branch of NixOS on a Raspberry Pi 4. I am currently using dnsmasq on my server, but I want to replace it completely with leng. However, when I replace my dnsmasq configuration with the following leng configuration, no DNS queries are resolved.

{
  services.leng = { 
    enable = true; 
    configuration = { 
      bind = "0.0.0.0:53"; 
      api = "127.0.0.1:5300";   
      blocking.sourcesStore = "/var/lib/leng-sources"; 
    }; 
  }; 
  networking.nameservers = [ "127.0.0.1" ]
}

When I try to ping something, such as google.com, I get the error Temporary failure in name resolution. When I run nslookup google.com or dig google.com, I get the following error:

;; communications error to 127.0.0.1#53: timed out                          
;; communications error to 127.0.0.1#53: timed out                          
;; communications error to 127.0.0.1#53: timed out                          
;; no servers could be reached                                              

But if I check netstat, I can see that leng is running and listening on port 53. And it's generating journal logs, the same ones I sent you in a previous comment.

> netstat -tunlp | grep leng
tcp6       0      0 :::53                :::*                    LISTEN      28661/leng
udp6       0      0 :::53                :::*                    LISTEN      28661/leng

I am running all of these commands on the server itself, so it's not a firewall issue. I'm not really sure what could be blocking communication to the leng server.

@cottand
Copy link
Owner

cottand commented Dec 10, 2024

I have looked at this again more in-depth. I am afraid this not supported by leng right now, because leng itself uses resolv.conf under the hood (because Go uses it for every network connection).

This results in:

  • you make a DNS query
  • leng looks up the host of your server, as well as your blocklists
  • Go parses resolv.conf, and finds leng
  • Go calls the local nameserver
  • leng receives the DNS query
  • the cycle begins again

This can be fixed I think, by replacing every HTTP client in leng with one with a custom implementation of Go's net.Dialer.DialContext. This is more complex work and I would need some time to implement and test.

Sorry I cannot be of more help just yet. I will leave this issue open until this use-case works!

@cottand cottand added enhancement New feature or request help wanted Extra attention is needed and removed question Further information is requested labels Dec 10, 2024
cottand added a commit that referenced this issue Dec 14, 2024
This adds a failing test to keep track of progress to hopefully resolve_
#75
@cottand
Copy link
Owner

cottand commented Dec 21, 2024

hi @negatethis

I have a new build which I believe resolves this in #83

Could you try running that version of leng? If you are using flakes, that would be the ref github:cottand/leng/parallel-serve in your flake inputs.

@negatethis
Copy link
Author

I tried the new branch in a NixOS VM and it worked. I won't be able to try it on my Raspberry Pi until I'm home from the holidays, but it's working in a VM so I expect it to work on real hardware. Thanks for the quick turnaround on this problem, I really appreciate it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants