Fix DNS resolving (#1004)

* Add resolved.conf to disable stub resolver and DNSSEC There are Add-Ons which try to bind port 53 on all interfaces including 127.0.0.53. Disable the stub resolver to make them continue working. We don't need the resolver currently anyway. Also disable DNSSEC to make sure the baords can access a NTP time server even when their time is incorrect (since DNSSEC validation may fail). This is a known chicken-egg problem with systemd-resolved/systemd-timesyncd and might be addressed in a future version, with what we can reenable DNSSEC: https://github.com/systemd/systemd/issues/5873 * Make sure resolve gets added only once to nsswitch.conf Only add resolve to nsswitch.conf if not already present.
2020-11-18 09:56:38 +01:00
parent 52e21c9ccf
commit 7c25f7c187
2 changed files with 26 additions and 1 deletions
--- a/buildroot-external/scripts/rootfs-layer.sh
+++ b/buildroot-external/scripts/rootfs-layer.sh
@@ -29,7 +29,7 @@ function fix_rootfs() {
    sed -i "s/MACAddressPolicy=persistent/MACAddressPolicy=none/g" "${TARGET_DIR}/usr/lib/systemd/network/99-default.link"

    # Use systemd-resolved for Host OS resolve
-    sed -i '/^hosts:/ {s/dns/resolve [!UNAVAIL=return] dns/}' "${TARGET_DIR}/etc/nsswitch.conf"
+    sed -i '/^hosts:/ {/resolve/! s/files/resolve [!UNAVAIL=return] files/}' "${TARGET_DIR}/etc/nsswitch.conf"
 }