Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install and configure systemd-resolved #329

Merged
merged 5 commits into from
May 11, 2024
Merged

Install and configure systemd-resolved #329

merged 5 commits into from
May 11, 2024

Conversation

jsf9k
Copy link
Member

@jsf9k jsf9k commented Apr 30, 2024
edited
Loading

🗣 Description

This pull request modifies the AMI to use the stub DNS resolver from systemd-resolved. See also cisagov/ansible-role-systemd-resolved#1.

💭 Motivation and context

This PR resolves cisagov/cool-system-internal#140.

🧪 Testing

All automated tests pass.

I also built a staging AMI from these changes and tweaked the cisagov/cool-assessment-terraform code to use this AMI when deploying Debian Desktop instances. In this way I was able to verify that this AMI indeed uses the systemd-resolved stub DNS resolver by default for both UDP and TCP requests:

ssm-user@debiandesktop0:/usr/bin$ dig www.yahoo.com

; <<>> DiG 9.18.24-1-Debian <<>> www.yahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10251
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.yahoo.com.                 IN      A

;; ANSWER SECTION:
www.yahoo.com.          1       IN      CNAME   me-ycpi-cf-www.g06.yahoodns.net.
me-ycpi-cf-www.g06.yahoodns.net. 1 IN   A       69.147.92.12
me-ycpi-cf-www.g06.yahoodns.net. 1 IN   A       69.147.92.11

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Wed May 01 16:02:31 UTC 2024
;; MSG SIZE  rcvd: 119

ssm-user@debiandesktop0:/usr/bin$ dig +tcp www.yahoo.com

; <<>> DiG 9.18.24-1-Debian <<>> +tcp www.yahoo.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19082
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.yahoo.com.                 IN      A

;; ANSWER SECTION:
www.yahoo.com.          11      IN      CNAME   me-ycpi-cf-www.g06.yahoodns.net.
me-ycpi-cf-www.g06.yahoodns.net. 11 IN  A       69.147.92.11
me-ycpi-cf-www.g06.yahoodns.net. 11 IN  A       69.147.92.12

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (TCP)
;; WHEN: Wed May 01 16:02:22 UTC 2024
;; MSG SIZE  rcvd: 119

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.
  • Build and test a prerelease AMI with these changes.

✅ Pre-merge checklist

✅ Post-merge checklist

  • Create a release.

@jsf9k jsf9k self-assigned this Apr 30, 2024
@jsf9k jsf9k added bug This issue or pull request addresses broken functionality breaking change This issue or pull request involves changes to existing functionality version bump This issue or pull request increments the version number ansible Pull requests that update Ansible code labels Apr 30, 2024
@jsf9k jsf9k marked this pull request as ready for review May 1, 2024 16:08
@jsf9k jsf9k requested a review from a team May 1, 2024 16:09
dav3r
dav3r approved these changes May 1, 2024
View reviewed changes
Copy link
Member

@dav3r dav3r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Strong work! 💪 💼

mcdonnnj
mcdonnnj approved these changes May 8, 2024
View reviewed changes
Copy link
Member

@mcdonnnj mcdonnnj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@jsf9k jsf9k added the kraken 🐙 This pull request is ready to merge during the next Lineage Kraken release label May 8, 2024
@jsf9k jsf9k added this pull request to the merge queue May 11, 2024
Merged via the queue into develop with commit 644993a May 11, 2024
9 checks passed
@jsf9k jsf9k deleted the bugfix/configure-systemd-resolved branch May 11, 2024 19:25
@mcdonnnj mcdonnnj mentioned this pull request Aug 23, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dav3r dav3r dav3r approved these changes

@mcdonnnj mcdonnnj mcdonnnj approved these changes

@felddy felddy Awaiting requested review from felddy felddy is a code owner

@jasonodoom jasonodoom Awaiting requested review from jasonodoom

Assignees

@jsf9k jsf9k

Labels
ansible Pull requests that update Ansible code breaking change This issue or pull request involves changes to existing functionality bug This issue or pull request addresses broken functionality kraken 🐙 This pull request is ready to merge during the next Lineage Kraken release version bump This issue or pull request increments the version number
Projects
Next Kraken
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsf9k @dav3r @mcdonnnj