Bug 848297 - Incorrect domain search order in resolv.conf if dhclient prepend statement supplied
Incorrect domain search order in resolv.conf if dhclient prepend statement su...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: NetworkManager (Show other bugs)
17
All Linux
unspecified Severity medium
: ---
: ---
Assigned To: Pavel Šimerda (pavlix)
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-15 04:06 EDT by Peter Rajnoha
Modified: 2013-09-03 10:17 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-01 14:03:09 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Rajnoha 2012-08-15 04:06:03 EDT
Description of problem:
Using additional dhclient options in /etc/dhclient-em1.conf:

prepend domain-search "b.net";
prepend domain-name-servers 192.168.122.1;

This results in the nameservers to be of correct order, however the domain search order is wrong in /etc/resolv.conf:

Actual result:
==============
search a.net b.net.
nameserver 192.168.122.1
nameserver 172.27.0.1

Expected result:
================
search b.net a.net
nameserver 192.168.122.1
nameserver 172.27.0.1

This happens only with NetworkManager enabled for the interface (NM_CONTROLLED="yes" in the ifcfg-em1 script). If disabled, the result is as expected while running the legacy "ifup em1".

Version-Release number of selected component (if applicable):
NetworkManager-0.9.4.0-9.git20120521.fc17.x86_64
dhclient-4.2.4-9.P1.fc17.x86_64
Comment 1 Pavel Šimerda (pavlix) 2012-08-29 06:25:35 EDT
If it works without NM, it means NetworkManager is not reading the configuration file. Can you try to stop NM service and run it manually with --no-daemon and --log-level=debug and find dhcp-related debug lines?
Comment 2 Peter Rajnoha 2012-09-13 10:07:14 EDT
The debug output shows:

NetworkManager[13871]: <debug> [1347544624.999019] [nm-dhcp-dhclient.c:529] dhclient_start(): running: /sbin/dhclient -d -4 -sf /usr/libexec/nm-dhcp-client.action -pf /var/run/dhclient-em1.pid -lf /var/lib/dhclient/dhclient-3d1804bd-ccc7-4bbe-a5f3-b098843ebeec-em1.lease -cf /var/run/nm-dhclient-em1.conf em1

...where the /var/run/nm-dhclient-em1.conf has:

 Created by NetworkManager
# Merged from /etc/dhclient-em1.conf

prepend domain-search "virt.alatyr.brq.redhat.com";
prepend domain-name-servers 192.168.122.1;
send host-name "alatyr"; # added by NetworkManager

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
option ms-classless-static-routes code 249 = array of unsigned integer 8;
option wpad code 252 = string;

also request rfc3442-classless-static-routes;
also request ms-classless-static-routes;
also request wpad;
also request ntp-servers;

So it seems it merges the config just fine, though it's not used correctly somehow. Any clue what could be wrong? (I can send the whole debug output if needed).

BTW, another issue I came across is with VPN on - the "search" as well as "nameserver" settings in /etc/resolv.conf that should be preferred as defined by the "prepend" keyword in the /etc/dhclient-em1.conf are put *after* VPN nameservers and search domains. I'd expect that once I give priority with the "prepend" keyword, this should be prepended first and then all the rest, including VPN records coming after.
Comment 3 Pavel Šimerda (pavlix) 2012-09-18 10:01:50 EDT
If the generated configuration is correct, than this might be a problem with dhclient itself or with the way NetworkManager takes information from dhlclient.
Comment 4 Jirka Klimes 2012-09-20 07:26:03 EDT
(In reply to comment #0)
> Description of problem:
> Using additional dhclient options in /etc/dhclient-em1.conf:
> 
> prepend domain-search "b.net";
> prepend domain-name-servers 192.168.122.1;
> 
If you want to prepend a domain name use:
prepend domain-name "b.net ";
instead of
prepend domain-search "b.net";

Here's how it works now:
There is a discrepancy in behaviour between dhclient (run by initscripts) and
NetworkManager, in regard to 'domain-name' and 'domain-search' DHCP options.

initscripts call dhclient that modify /etc/resolv.conf by means of
/usr/sbin/dhclient-script. The script just puts "search" resolv.conf's option
that is populated with 'domain-search' option values if there are any.  Else
the "search" option is populated with values from 'domain-name' DHCP option
(even if multiple domains in this option is deprecated). But when both 'domain-search' and 'domain-name' are present, 'domain-name' is simply ignored.

NetworkManager puts the first domain name from 'domain-name' DHCP option into
"domain" resolv.conf's option.  Then NetworkManager concatenates values from
'domain-name' and 'domain-search' and puts these into "search" option
that is written into /etc/resolv.conf  after "domain" option.
This behaviour is to support obsolete/misconfigured servers that still send
multiple domains in 'domain-name' option (e.g. due to clients not supporting
domain-search option (119)).
Comment 5 Pavel Šimerda (pavlix) 2012-09-21 11:57:22 EDT
> NetworkManager puts the first domain name from 'domain-name' DHCP option into
> "domain" resolv.conf's option.  Then NetworkManager concatenates values from
> 'domain-name' and 'domain-search' and puts these into "search" option
> that is written into /etc/resolv.conf  after "domain" option.
> This behaviour is to support obsolete/misconfigured servers that still send
> multiple domains in 'domain-name' option (e.g. due to clients not supporting
> domain-search option (119)).

Can this be fixed in a backwards-compatible manner?
Comment 6 Fedora End Of Life 2013-07-04 02:28:41 EDT
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 7 Fedora End Of Life 2013-08-01 14:03:14 EDT
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.

Note You need to log in before you can comment on or make changes to this bug.