[SOLVED] Updates broken as turris can't resolve hostnames

Software SW help
1

Hi,

my turris won’t update. First I found an error message about some missing CRL file:

Updater failed: Missing CRL, possibly broken Internet connection.

Investigating forums I found out, that it’s about a certificate revocation list file needed for the updater. I should be able to download it manually with get-api-crl command.
However, running this results in error:

root@turris:~# get-api-crl
curl: (6) Couldn’t resolve host ‘api.turris.cz’

Investigating further I’ve found out that resolving is configured to use a DNS on localhost:

root@turris:~# cat /etc/resolv.conf
search lan
nameserver 127.0.0.1

However, there is no DNS listening on localhost. kresd listens on local IP (not localhost!) and dnsmasq listens on port 67 which should handle only the DHCP functionality. This is consistent with my settings - dnsmasq’s port is set to 0 (i.e. DNS disabled). Note that resolving on the local network works just fine (clients use kresd’s bind IP as DNS).

The automatic updates used to work fine in the past and I’m not aware of any config change I did, so I guess there must have been an update that broke this (probably a longer time ago - as local network works just fine, I’ve discovered the problem only by accident).
The quick fix to be able to update Turris is to add one more nameserver line with the kresd’s bind IP. However, after reboot I’m back to the original resolv.conf.

I’m not sure what the correct fix is. I’ve read dnsmasq’s DNS is disabled because of it’s problems with DNSSEC, so a better solution than re-enabling it should be to tell kresd to bind to the current bind IP as well as localhost, right? If so, what’s the correct way to achieve this?
I’d also be interested in knowing, whether this is a SW bug or I misconfigured something.

2

kresd is apparently configured to explicitly listen on each interface (seems unchanged recently), but I don’t know how it’s with the list of interfaces on Omnia.

It should be possible to work around by adding extra config (the include_config part) containing e.g. net.listen({'::1', '127.0.0.1'}, 53).

1 Like
3

kresd is configured to listen on each interface. But interface is an option (or rather list) defined in the common section of the resolver config (/etc/config/resolver), not an actual network interface. It actually seems to be the bind address specification for kresd. However, there is only one pair (IPv4+IPv6) of addresses defined as interfaces. kresd indeed binds to both of them, but unfortunately, the localhost pair (127.0.0.1 and ::1) is missing. I really don’t know how this happened or whether it even used to be there at some point. Anyway, adding the pair to /etc/config/resolver solved the problem:

root@turris:~# cat /etc/config/resolver

config resolver 'common'
    list interface '127.0.0.1'
    list interface '::1'
[...snip...]

After restarting resolver, kresd listens on both pairs of addresses. Specifically, it (as before) listens on the local address to resolve queries from my local network, as well as localhost for resolving in Omnia’s own OS environment. No changes to /etc/resolv.conf were needed.

Thanks for pointing me in the right direction.

1 Like