mycroft-core mycroft.util.network_utils:_connected_dns具有硬编码的DNS(如果网络阻止不受信任的提供商,则在启动时会失败)

huwehgph  于 3个月前  发布在  .NET
关注(0)|答案(3)|浏览(78)

描述bug

在家里,我不允许egress 53进行任何DNS查询,除非它来自我的pihole。DHCP为使用DHCP选项的客户端提供正确的DNS。
看起来有一些启动工具/测试试图验证关于网络的一些内容,并假定它将被允许与Google DNS(8.8.8.8或8.8.4.4)通信。

$ cat /etc/resolv.confnf
# Generated by resolvconf
domain local
nameserver 127.0.0.1

$ cat  /run/dnsmasq/resolv.conf
# Generated by resolvconf
nameserver 10.0.0.60
(.venv) pi@picroft:~ $ systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2022-05-23 14:02:57 BST; 8min ago
  Process: 397 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
  Process: 408 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 420 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
 Main PID: 418 (dnsmasq)
    Tasks: 1 (limit: 2200)
   Memory: 3.0M
   CGroup: /system.slice/dnsmasq.service
           └─418 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service -

(snip)
May 23 14:02:57 picroft systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.
May 23 14:03:09 picroft dnsmasq[418]: reading /run/dnsmasq/resolv.conf
May 23 14:03:09 picroft dnsmasq[418]: using nameserver 10.0.0.60#53
2022-05-23 14:03:48.662 | ERROR    |   755 | mycroft.util.network_utils:_connected_dns:69 | Unable to connect to primary DNS server, trying secondary...
2022-05-23 14:03:51.667 | ERROR    |   755 | mycroft.util.network_utils:_connected_dns:78 | Unable to connect to secondary DNS server.

重现

重现行为的方法:

  1. 阻止Google DNS
  2. 将树莓派启动,ssh进入其中,并检查日志。
  3. pi@picroft:/var/log/mycroft/skills.log

预期行为

UTs应使用系统DNS(非硬编码)

日志文件

2022-05-23 14:03:48.662 | ERROR    |   755 | mycroft.util.network_utils:_connected_dns:69 | Unable to connect to primary DNS server, trying secondary...
2022-05-23 14:03:51.667 | ERROR    |   755 | mycroft.util.network_utils:_connected_dns:78 | Unable to connect to secondary DNS server.
mycroft-core/test/unittests/util/test_network_utils.py:15:    def test_dns_and_ncsi_fail(self, mock_conf):
mycroft-core/test/unittests/util/test_network_utils.py:16:        """Check that DNS and NCSI failure results in False response"""
mycroft-core/test/unittests/util/test_network_utils.py:19:                "dns_primary": "127.0.0.1",
mycroft-core/test/unittests/util/test_network_utils.py:20:                "dns_secondary": "127.0.0.1",
mycroft-core/test/unittests/util/test_network_utils.py:28:    def test_secondary_dns_succeeds(self, mock_conf):
mycroft-core/test/unittests/util/test_network_utils.py:29:        """Check that only primary DNS failing still succeeds"""
mycroft-core/test/unittests/util/test_network_utils.py:32:                "dns_primary": "127.0.0.1",
mycroft-core/test/unittests/util/test_network_utils.py:33:                "dns_secondary": "8.8.4.4",
mycroft-core/test/unittests/util/test_network_utils.py:41:    def test_dns_success_url_fail(self, mock_conf):
mycroft-core/test/unittests/util/test_network_utils.py:45:                "dns_primary": "8.8.8.8",
mycroft-core/test/unittests/util/test_network_utils.py:46:                "dns_secondary": "8.8.4.4",

环境信息(请填写以下信息):

  • 设备类型:[例如树莓派]
  • OS:[Picroft]
  • Mycroft-core版本:[例如21.2.2]
    附加上下文
mkh04yzy

mkh04yzy1#

fwiw; the Python Resolver package should be able to lookup the system nameservers. dns.resolver.nameservers

xurqigkl

xurqigkl2#

嘿,ferm,谢谢你的分享。

如何检测活跃网络是一个长期争论的主题,我已将此问题移动到mycroft-core仓库,因为它不仅影响Picroft版本,还影响所有版本。

最近我添加了一项功能,可以通过mycroft.conf配置这些测试的值,你可以在这里看到:
https://github.com/MycroftAI/mycroft-core/blob/dev/mycroft/configuration/mycroft.conf#L150

针对你的使用场景,将pihole设置为DNS端点是否可行?

我认为这仍然是一个需要更广泛讨论的问题,所以想保持这个问题开放。

zed5wv10

zed5wv103#

DNS检查的想法是,这是一个非常快速的方法来判断外部世界是否可达。将它们指向本地DNS并不能完全反映当前的连接情况。

话虽如此,使用ncsi捕获门户测试可能是一个更准确的测试,也许可以取代套接字连接+谷歌。

我们可以将默认设置从MS检测门户更改为Mozilla(我在写这个时使用的是MS,因为我能找到相当不错的文档)?

Mozilla端点的配置:

"ncsi_endpoint": "http://detectportal.firefox.com/canonical.html",
"ncsi_expected_text": "<meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>"

曾经讨论过Mycroft是否应该托管一个捕获门户检测页面。
由于缺失的DNS应触发回退到ncsi方法,连接应被检测到,Mycroft的启动应继续进行。为了验证回退是否有问题,您能否澄清Mycroft是否按预期工作或在启动时停止?

相关问题