Hi,
my turris won’t update. First I found an error message about some missing CRL file:
Updater failed: Missing CRL, possibly broken Internet connection.
Investigating forums I found out, that it’s about a certificate revocation list file needed for the updater. I should be able to download it manually with get-api-crl
command.
However, running this results in error:
root@turris:~# get-api-crl
curl: (6) Couldn’t resolve host ‘api.turris.cz’
Investigating further I’ve found out that resolving is configured to use a DNS on localhost:
root@turris:~# cat /etc/resolv.conf
search lan
nameserver 127.0.0.1
However, there is no DNS listening on localhost. kresd
listens on local IP (not localhost!) and dnsmasq
listens on port 67 which should handle only the DHCP functionality. This is consistent with my settings - dnsmasq
’s port is set to 0 (i.e. DNS disabled). Note that resolving on the local network works just fine (clients use kresd
’s bind IP as DNS).
The automatic updates used to work fine in the past and I’m not aware of any config change I did, so I guess there must have been an update that broke this (probably a longer time ago - as local network works just fine, I’ve discovered the problem only by accident).
The quick fix to be able to update Turris is to add one more nameserver
line with the kresd
’s bind IP. However, after reboot I’m back to the original resolv.conf.
I’m not sure what the correct fix is. I’ve read dnsmasq
’s DNS is disabled because of it’s problems with DNSSEC, so a better solution than re-enabling it should be to tell kresd
to bind to the current bind IP as well as localhost, right? If so, what’s the correct way to achieve this?
I’d also be interested in knowing, whether this is a SW bug or I misconfigured something.