Today on “weird crap that seems undocumented on the Internet” we have DNS that doesn’t want to resolve and DHCP that is acting weird. My home DNS server decided it didn’t want to resolve things any more, and it took far too long to figure out why.
It was all working fine, then it wasn’t. It was all probably triggered by my ISP updating the firmware in my router, which seems to have switched on IPV6 DHCP and thoroughly confused my whole internal network.
So I run my own DNS at home. This isn’t for ad blocking reasons, it’s not a Pi Hole. I used to have one of those, but got annoyed by random things breaking because they couldn’t resolve super secret DNS entries for super secret tracking or APIs. Looking at you YouTube, you’re starting to get super grumpy when your ad servers can’t be reached.
No, this is because I self host my websites, and need to be able to access them from within my network. As far as you all care, “ncot.uk” resolves to a real world IP address. As far as I care, it’s on 192.168.1.xxx and more importantly, is behind an NGINX proxy, so really it needs to point to that.
It works, it’s great, there’s nothing wrong with it.
Until complicated Linux stuff gets in the way. I mean all that stuff that tries to manage network connections and alter the sacred
resolv.conf file. At what point did people decide one Linux package should poke itself into the config of another package in a way that seemingly nobody knows about when you’re Googling?
Well, until you find some random post online where some poor person is being berated for daring to suggest a slightly hacky way to fix things, and someone with zero personal skills wades in with “that’s a dumb way, why aren’t you reading the docs and doing it correctly like this? You’ll break things”.
If you’ve poked around in that part of your machine before, you’ll know what I mean. Utilities like resolvconf, weird firewalls that get in the way and scripts linked in with the DHCP client that silently overwrite files and set up DNS servers on 127.1.1.0.
This is all magical crap that works fine on client machines, but on the machine that is a DNS server it causes no end of problems. It took me forever to realise DHCP was overwriting resolv.conf, but that some sneaky bullshit was also overwriting part of unbound’s config using DHCP config data too.
And if you’ve ever tried to diagnose broken DNS, it’s impossible.
This is your weekly reminder that cosplaying as a sysadmin can waste your Friday evening and Saturday morning, and to add your own time into the cost/benefit calculations of running servers at home or on a cloud service.