AWS Debian doesn't configure network properly

shyftops · October 24, 2023, 8:24pm

I have an AWS Debian 12 instance. Zerotier and the systemd-manager are both installed. The device is on the zt network and can reach other instances with ping & telnet. I just want to close the loop with zeronsd. I can directly dig against DNS with dig @host foo.mycorp.corp and I get the expected reply.

There is a file in /etc/systemd/network/99-ztXXX.network which appears to have the correct DNS service. I have enabled and started systemd-resolved and systemd-networkd . Even so, /etc/resolv.conf only names the internal AWS resolver and the new name does not appear.

Full logs from systemd below. It doesn’t mention the DNS server.

root@ip-172-31-19-25:/etc#     cat /etc/systemd/network/99-ztiv5datkf.network 
# vim: ft=systemd
# --- Managed by zerotier-systemd-manager. Do not remove this comment. ---
[Match]
Name=ztiv5datkf

[Network]
Description=aya_corp
DHCP=no
DNS=10.147.20.252
Domains=~aya.corp ~20.147.10.in-addr.arpa
ConfigureWithoutCarrier=true
KeepConfiguration=static
root@ip-172-31-19-25:/etc# cat /etc/resolv.conf 
domain ap-southeast-1.compute.internal
search ap-southeast-1.compute.internal
nameserver 172.31.0.2

root@ip-172-31-19-25:/etc# dig @10.147.20.252 grafana.aya.corp
…
grafana.aya.corp. 60 IN A 10.147.20.252

Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: New device has no master, continuing without
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Flags change: +UP +LOWER_UP +RUNNING +MULTICAST +BROADCAST
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Link 3 added
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: udev initialized link
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: State changed: pending -> initialized
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Saved original MTU: 2800
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering foreign address: fe80::2426:33ff:fec7:d5be/64 (valid forever)
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: link_check_ready(): link is in initialized state.
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Gained IPv6LL
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: link_check_ready(): link is in initialized state.
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering foreign address: 10.147.20.248/24 (valid forever)
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: link_check_ready(): link is in initialized state.
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering route: dst: ff00::/8, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: kernel, type: multicast
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering route: dst: fe80::2426:33ff:fec7:d5be/128, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: local, proto: kernel, type: local
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering route: dst: fe80::/64, src: n/a, gw: n/a, prefsrc: n/a, scope: global, table: main, proto: kernel, type: unicast
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering route: dst: 10.147.20.255/32, src: n/a, gw: n/a, prefsrc: 10.147.20.248, scope: link, table: local, proto: kernel, type: broadcast
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering route: dst: 10.147.20.248/32, src: n/a, gw: n/a, prefsrc: 10.147.20.248, scope: host, table: local, proto: kernel, type: local
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering route: dst: 10.147.20.0/32, src: n/a, gw: n/a, prefsrc: 10.147.20.248, scope: link, table: local, proto: kernel, type: broadcast
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Remembering route: dst: 10.147.20.0/24, src: n/a, gw: n/a, prefsrc: 10.147.20.248, scope: link, table: main, proto: kernel, type: unicast
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Link state is up-to-date
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: found matching network '/etc/systemd/network/99-ztiv5datkf.network'
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: Setting '/proc/sys/net/ipv6/conf/ztiv5datkf/disable_ipv6' to '0'
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: Setting '/proc/sys/net/ipv6/conf/ztiv5datkf/use_tempaddr' to '0'
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: Setting '/proc/sys/net/ipv6/conf/ztiv5datkf/accept_ra' to '0'
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Setting nomaster
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Started LLDP.
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Setting address genmode for link
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Failed to read sysctl property stable_secret: Input/output error
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Setting nomaster done.
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Setting address genmode done.
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: State changed: initialized -> configuring
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: Discovering IPv6 routers
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: link_check_ready(): static addresses are not configured.
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: link_check_ready(): static addresses are not configured.
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: Setting '/proc/sys/net/ipv6/conf/ztiv5datkf/proxy_ndp' to '0'
Oct 24 20:16:24 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: link_check_ready(): dynamic addresses or routes are not configured.
Oct 24 20:16:36 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: NDisc handler get timeout event
Oct 24 20:16:36 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: link_check_ready(): dhcp4:no dhcp6_addresses:no dhcp_routes:no dhcp_pd_addresses:no dhcp_pd_routes:no ndisc_addresses:yes ndisc_routes:yes
Oct 24 20:16:36 ip-172-31-19-25 systemd-networkd[745]: ztiv5datkf: State changed: configuring -> configured

shyftops · October 25, 2023, 5:55am

Oh! Enabling systemd-network doesn’t cause it to suddenly start overwriting resolv.conf. maybe that’s a good thing. Or… I dunno.

Anyway, you have to let resolved do its thing by point your name server to 127.0.0.53. To do this you have to turn off requesting of “domain name servers” in /etc/dhcp/dhclient.conf so that it stops overwriting your name server picks. Then manually edit resolv.conf to add “nameserver 127.0.0.53” and reboot, and your resolv.conf should not have been overrwritten and both zeronsd and regular DNS names resolve.

system · November 24, 2023, 5:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.