Name resolution fails at boot time

koolean · October 5, 2023, 10:49am

On a regular basis, when I boot my NixOS virtual machine, there are failures with name resolution. That breaks services that are started at boot time and that need to resolve domain names (e.g., Wireguard).

After investigating, I found out that /etc/resolv.conf is edited when booting.

If my services name resolutions happen after the /etc/resolv.conf was edited, then they are successful. That is because /etc/resolv.conf is updated with the DNS IP addresses provided by DHCP.
But if my services name resolutions are attempted before /etc/resolv.conf is edited, then they fail. /etc/resolv.conf does not contain any DNS IP addresses at that moment.

Here is a test that shows the failure of DNS resolution:

[root@mymachine:~]# cat /etc/nixos/test-dns/default.nix 
{ pkgs, ... }:
{
  systemd.services."test-dns-at-bootime" = {

    path = [
      pkgs.host
    ];

    script = ''
      echo "/etc/resolv.conf content is:"
      cat /etc/resolv.conf
      echo "Resolve google.com ..."
      host -v google.com
    '';

    wantedBy = [
      "multi-user.target"
    ];

    wants = [ "network-online.target" ];
    after = [ "network-online.target" ];

    serviceConfig = {

      Type = "oneshot";
      RemainAfterExit = true;
    };
  };
}


[root@mymachine:~]# cat /etc/resolv.conf
# Generated by resolvconf
domain <REDACTED DOMAIN>
nameserver <REDACTED IPv4>
nameserver <REDACTED IPv6>
options edns0

[root@mymachine:~]# journalctl -u test-dns-at-bootime.service -b 
Oct 05 12:13:55 mymachine systemd[1]: Starting test-dns-at-bootime.service...
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1949]: /etc/resolv.conf content is:
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1957]: # Generated by resolvconf
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1957]: options edns0
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1949]: Resolve google.com ...
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1960]: Trying "google.com"
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1960]: ;; communications error to ::1#53: connection refused
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1960]: ;; communications error to ::1#53: connection refused
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1960]: ;; communications error to 127.0.0.1#53: connection refused
Oct 05 12:13:55 mymachine test-dns-at-bootime-start[1960]: ;; no servers could be reached
Oct 05 12:13:55 mymachine systemd[1]: test-dns-at-bootime.service: Main process exited, code=exited, status=1/FAILURE
Oct 05 12:13:55 mymachine systemd[1]: test-dns-at-bootime.service: Failed with result 'exit-code'.
Oct 05 12:13:55 mymachine systemd[1]: Failed to start test-dns-at-bootime.service.
Oct 05 12:13:55 mymachine systemd[1]: test-dns-at-bootime.service: Consumed 34ms CPU time, received 0B IP traffic, sent 208B IP traffic.

DNS resolution was successful on the previous boot:

Note that only nameserver <REDACTED IPv6> is included in /etc/resolv.conf (nameserver <REDACTED IPv4> is missing) but it was enough to succeed.

[root@mymachine:~]# journalctl -u test-dns-at-bootime.service -b -1
Oct 05 12:12:05 mymachine systemd[1]: Starting test-dns-at-bootime.service...
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2163]: /etc/resolv.conf content is:
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2167]: # Generated by resolvconf
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2167]: domain <REDACTED DOMAIN>
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2167]: nameserver <REDACTED IPv6>
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2167]: options edns0
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2163]: Resolve google.com ...
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: Trying "google.com"
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4873
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; QUESTION SECTION:
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;google.com.                        IN        A
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; ANSWER SECTION:
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: google.com.                119        IN        A        142.250.74.78
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: Received 44 bytes from <REDACTED IPv6>#53 in 4 ms
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: Trying "google.com"
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62830
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; QUESTION SECTION:
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;google.com.                        IN        AAAA
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; ANSWER SECTION:
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: google.com.                247        IN        AAAA        2a00:1450:400f:805::200e
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: Received 56 bytes from <REDACTED IPv6>#53 in 6 ms
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: Trying "google.com"
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42482
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; QUESTION SECTION:
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;google.com.                        IN        MX
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: ;; ANSWER SECTION:
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: google.com.                18        IN        MX        10 smtp.google.com.
Oct 05 12:12:05 mymachine test-dns-at-bootime-start[2169]: Received 49 bytes from <REDACTED IPv6>#53 in 4 ms
Oct 05 12:12:05 mymachine systemd[1]: Finished test-dns-at-bootime.service.
Oct 05 12:13:28 mymachine systemd[1]: test-dns-at-bootime.service: Deactivated successfully.
Oct 05 12:13:28 mymachine systemd[1]: Stopped test-dns-at-bootime.service.
Oct 05 12:13:28 mymachine systemd[1]: test-dns-at-bootime.service: Consumed 27ms CPU time, received 293B IP traffic, sent 228B IP traffic.

How can I make sure my Wireguard and others services start successfully at boot time?

koolean · October 10, 2023, 7:30am

After investigating more, it seems the problem is due to the Wireguard interfaces.

Here is an example with name resolution failures:

[root@mymachine:~]# journalctl -u test-dns-at-bootime.service -u wireguard-wg* -u dhcpcd.service -u network-online.target -b -3
Oct 09 16:11:30 mymachine systemd[1]: Starting DHCP Client...
Oct 09 16:11:30 mymachine dhcpcd[1323]: dhcpcd-9.4.1 starting
Oct 09 16:11:30 mymachine dhcpcd[1340]: dev: loaded udev
Oct 09 16:11:30 mymachine dhcpcd[1340]: DUID <REDACTED>
Oct 09 16:11:30 mymachine systemd[1]: Starting WireGuard Tunnel - wg0...
Oct 09 16:11:30 mymachine systemd[1]: Starting WireGuard Tunnel - wg1...
Oct 09 16:11:30 mymachine dhcpcd[1340]: no valid interfaces found
Oct 09 16:11:30 mymachine dhcpcd[1323]: no valid interfaces found
Oct 09 16:11:30 mymachine dhcpcd[1340]: ens33: waiting for carrier
Oct 09 16:11:30 mymachine dhcpcd[1340]: ens33: waiting for carrier
Oct 09 16:11:30 mymachine systemd[1]: Finished WireGuard Tunnel - wg0.
Oct 09 16:11:30 mymachine systemd[1]: Finished WireGuard Tunnel - wg1.
Oct 09 16:11:30 mymachine dhcpcd[1340]: wg0: waiting for carrier
Oct 09 16:11:30 mymachine dhcpcd[1340]: wg1: IAID <REDACTED>
Oct 09 16:11:30 mymachine dhcpcd[1340]: wg1: waiting for 3rd party to configure IP address
Oct 09 16:11:30 mymachine dhcpcd[1340]: wg0: carrier acquired
Oct 09 16:11:30 mymachine dhcpcd[1340]: wg0: IAID <REDACTED>
Oct 09 16:11:30 mymachine dhcpcd[1340]: wg0: using static address <REDACTED>/24
Oct 09 16:11:30 mymachine dhcpcd[1340]: wg0: adding route to <REDACTED>/24
Oct 09 16:11:30 mymachine systemd[1]: Started DHCP Client.
Oct 09 16:11:30 mymachine systemd[1]: Reached target Network is Online.
Oct 09 16:11:30 mymachine systemd[1]: Starting test-dns-at-bootime.service...
Oct 09 16:11:30 mymachine systemd[1]: Starting WireGuard Peer - wg0 - <REDACTED> (<REDACTED>)...
Oct 09 16:11:30 mymachine test-dns-at-bootime-start[1589]: /etc/resolv.conf content is:
Oct 09 16:11:30 mymachine systemd[1]: Starting WireGuard Peer - wg1 - <REDACTED> (<REDACTED>)...
Oct 09 16:11:30 mymachine test-dns-at-bootime-start[1601]: # Generated by resolvconf
Oct 09 16:11:30 mymachine test-dns-at-bootime-start[1601]: options edns0
Oct 09 16:11:30 mymachine test-dns-at-bootime-start[1589]: Resolve google.com ...
Oct 09 16:11:30 mymachine wireguard-wg0-peer-<REDACTED>-start[1604]: Name or service not known: `wireguard.example.com:51820'
Oct 09 16:11:30 mymachine wireguard-wg1-peer-<REDACTED>-start[1606]: Name or service not known: `wireguard.example.com:51821'
Oct 09 16:11:30 mymachine systemd[1]: wireguard-wg0-peer-<REDACTED>.service: Main process exited, code=exited, status=1/FAILURE
Oct 09 16:11:30 mymachine systemd[1]: wireguard-wg1-peer-<REDACTED>.service: Main process exited, code=exited, status=1/FAILURE
Oct 09 16:11:30 mymachine wireguard-wg0-peer-<REDACTED>-post-stop[1627]: RTNETLINK answers: No such process
Oct 09 16:11:30 mymachine systemd[1]: wireguard-wg0-peer-<REDACTED>.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 09 16:11:30 mymachine systemd[1]: wireguard-wg0-peer-<REDACTED>.service: Failed with result 'exit-code'.
Oct 09 16:11:30 mymachine wireguard-wg1-peer-<REDACTED>-post-stop[1629]: RTNETLINK answers: No such process
Oct 09 16:11:30 mymachine systemd[1]: Failed to start WireGuard Peer - wg0 - <REDACTED> (<REDACTED>).
Oct 09 16:11:30 mymachine systemd[1]: wireguard-wg1-peer-<REDACTED>.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 09 16:11:30 mymachine systemd[1]: wireguard-wg1-peer-<REDACTED>.service: Failed with result 'exit-code'.
Oct 09 16:11:33 mymachine systemd[1]: Failed to start WireGuard Peer - wg1 - <REDACTED> (<REDACTED>).
Oct 09 16:11:33 mymachine systemd[1]: Reached target WireGuard Tunnel - wg0.
Oct 09 16:11:33 mymachine systemd[1]: Reached target WireGuard Tunnel - wg1.
Oct 09 16:11:33 mymachine test-dns-at-bootime-start[1605]: Trying "google.com"
Oct 09 16:11:33 mymachine test-dns-at-bootime-start[1605]: ;; communications error to ::1#53: connection refused
Oct 09 16:11:33 mymachine test-dns-at-bootime-start[1605]: ;; communications error to ::1#53: connection refused
Oct 09 16:11:33 mymachine test-dns-at-bootime-start[1605]: ;; communications error to 127.0.0.1#53: connection refused
Oct 09 16:11:33 mymachine test-dns-at-bootime-start[1605]: ;; no servers could be reached
Oct 09 16:11:33 mymachine systemd[1]: test-dns-at-bootime.service: Main process exited, code=exited, status=1/FAILURE
Oct 09 16:11:33 mymachine systemd[1]: test-dns-at-bootime.service: Failed with result 'exit-code'.
Oct 09 16:11:33 mymachine systemd[1]: Failed to start test-dns-at-bootime.service.
Oct 09 16:11:33 mymachine systemd[1]: test-dns-at-bootime.service: Consumed 66ms CPU time, received 0B IP traffic, sent 208B IP traffic.
Oct 09 16:11:35 mymachine dhcpcd[1340]: ens33: carrier acquired
Oct 09 16:11:35 mymachine dhcpcd[1340]: ens33: IAID <REDACTED>
Oct 09 16:11:35 mymachine dhcpcd[1340]: ens33: adding address <REDACTED>
Oct 09 16:11:36 mymachine dhcpcd[1340]: ens33: soliciting an IPv6 router
Oct 09 16:11:37 mymachine dhcpcd[1340]: ens33: Router Advertisement from <REDACTED>
Oct 09 16:11:37 mymachine dhcpcd[1340]: ens33: adding address <REDACTED>/64
Oct 09 16:11:37 mymachine dhcpcd[1340]: ens33: adding route to <REDACTED>/64
Oct 09 16:11:37 mymachine dhcpcd[1340]: ens33: requesting DHCPv6 information
Oct 09 16:11:37 mymachine dhcpcd[1340]: ens33: adding default route via <REDACTED>
Oct 09 16:11:37 mymachine dhcpcd[1340]: ens33: rebinding lease of <REDACTED>
Oct 09 16:11:37 mymachine dhcpcd[1340]: ens33: probing address <REDACTED>/24
Oct 09 16:11:38 mymachine dhcpcd[1340]: ens33: REPLY6 received from <REDACTED>
Oct 09 16:11:38 mymachine dhcpcd[1340]: ens33: refresh in 86400 seconds
Oct 09 16:11:42 mymachine dhcpcd[1340]: ens33: leased <REDACTED> for 86400 seconds
Oct 09 16:11:42 mymachine dhcpcd[1340]: ens33: adding route to <REDACTED>/24
Oct 09 16:11:42 mymachine dhcpcd[1340]: ens33: adding default route via <REDACTED>
Oct 09 16:12:26 mymachine systemd[1]: Stopped target Network is Online.
Oct 09 16:12:26 mymachine systemd[1]: Stopped target WireGuard Tunnel - wg0.
Oct 09 16:12:26 mymachine systemd[1]: Stopped target WireGuard Tunnel - wg1.
Oct 09 16:12:26 mymachine dhcpcd[1340]: received SIGTERM, stopping
Oct 09 16:12:26 mymachine systemd[1]: Stopping DHCP Client...
Oct 09 16:12:26 mymachine dhcpcd[1340]: wg1: removing interface
Oct 09 16:12:26 mymachine dhcpcd[1340]: wg0: removing interface
Oct 09 16:12:26 mymachine dhcpcd[1340]: wg0: deleting route to <REDACTED>/24
Oct 09 16:12:26 mymachine dhcpcd[1340]: ens33: removing interface
Oct 09 16:12:26 mymachine dhcpcd[1340]: ens33: deleting address <REDACTED>/64
Oct 09 16:12:26 mymachine dhcpcd[1340]: ens33: deleting route to <REDACTED>/64
Oct 09 16:12:26 mymachine dhcpcd[1340]: ens33: deleting default route via <REDACTED>
Oct 09 16:12:26 mymachine dhcpcd[1340]: ens33: deleting address <REDACTED>
Oct 09 16:12:26 mymachine dhcpcd[1340]: ens33: deleting route to <REDACTED>/24
Oct 09 16:12:26 mymachine dhcpcd[1340]: ens33: deleting default route via <REDACTED>
Oct 09 16:12:26 mymachine systemd[1]: dhcpcd.service: Deactivated successfully.
Oct 09 16:12:26 mymachine systemd[1]: Stopped DHCP Client.
Oct 09 16:12:26 mymachine systemd[1]: dhcpcd.service: Consumed 1.198s CPU time, received 3.1K IP traffic, sent 1.8K IP traffic.
Oct 09 16:12:27 mymachine systemd[1]: Stopping WireGuard Tunnel - wg0...
Oct 09 16:12:27 mymachine systemd[1]: Stopping WireGuard Tunnel - wg1...
Oct 09 16:12:27 mymachine systemd[1]: wireguard-wg0.service: Deactivated successfully.
Oct 09 16:12:27 mymachine systemd[1]: Stopped WireGuard Tunnel - wg0.
Oct 09 16:12:27 mymachine systemd[1]: wireguard-wg1.service: Deactivated successfully.
Oct 09 16:12:27 mymachine systemd[1]: Stopped WireGuard Tunnel - wg1.

Here is an example with no failures:

[root@mymachine:~]# journalctl -u test-dns-at-bootime.service -u wireguard-wg* -u dhcpcd.service -u network-online.target -b -2
Oct 09 16:13:13 mymachine systemd[1]: Starting DHCP Client...
Oct 09 16:13:13 mymachine dhcpcd[1333]: dhcpcd-9.4.1 starting
Oct 09 16:13:13 mymachine dhcpcd[1351]: dev: loaded udev
Oct 09 16:13:13 mymachine dhcpcd[1351]: DUID <REDACTED>
Oct 09 16:13:13 mymachine systemd[1]: Starting WireGuard Tunnel - wg0...
Oct 09 16:13:13 mymachine systemd[1]: Starting WireGuard Tunnel - wg1...
Oct 09 16:13:13 mymachine dhcpcd[1351]: ens33: waiting for carrier
Oct 09 16:13:13 mymachine systemd[1]: Finished WireGuard Tunnel - wg1.
Oct 09 16:13:13 mymachine systemd[1]: Finished WireGuard Tunnel - wg0.
Oct 09 16:13:13 mymachine dhcpcd[1351]: wg0: waiting for carrier
Oct 09 16:13:13 mymachine dhcpcd[1351]: wg1: IAID <REDACTED>
Oct 09 16:13:13 mymachine dhcpcd[1351]: wg1: waiting for 3rd party to configure IP address
Oct 09 16:13:13 mymachine dhcpcd[1351]: wg0: carrier acquired
Oct 09 16:13:13 mymachine dhcpcd[1351]: wg0: IAID <REDACTED>
Oct 09 16:13:13 mymachine dhcpcd[1351]: wg0: waiting for 3rd party to configure IP address
Oct 09 16:13:18 mymachine dhcpcd[1351]: ens33: carrier acquired
Oct 09 16:13:18 mymachine dhcpcd[1351]: ens33: IAID <REDACTED>
Oct 09 16:13:18 mymachine dhcpcd[1351]: ens33: adding address <REDACTED>
Oct 09 16:13:18 mymachine dhcpcd[1351]: ens33: soliciting an IPv6 router
Oct 09 16:13:19 mymachine dhcpcd[1351]: ens33: rebinding lease of <REDACTED>
Oct 09 16:13:19 mymachine dhcpcd[1351]: ens33: probing address <REDACTED>/24
Oct 09 16:13:20 mymachine dhcpcd[1351]: ens33: Router Advertisement from <REDACTED>
Oct 09 16:13:20 mymachine dhcpcd[1351]: ens33: adding address <REDACTED>/64
Oct 09 16:13:20 mymachine dhcpcd[1351]: ens33: adding route to <REDACTED>/64
Oct 09 16:13:20 mymachine dhcpcd[1351]: ens33: requesting DHCPv6 information
Oct 09 16:13:20 mymachine dhcpcd[1351]: ens33: adding default route via <REDACTED>
Oct 09 16:13:21 mymachine dhcpcd[1351]: ens33: REPLY6 received from <REDACTED>
Oct 09 16:13:21 mymachine dhcpcd[1351]: ens33: refresh in 86400 seconds
Oct 09 16:13:22 mymachine systemd[1]: Started DHCP Client.
Oct 09 16:13:22 mymachine systemd[1]: Reached target Network is Online.
Oct 09 16:13:22 mymachine systemd[1]: Starting test-dns-at-bootime.service...
Oct 09 16:13:22 mymachine systemd[1]: Starting WireGuard Peer - wg0 - <REDACTED> (<REDACTED>)...
Oct 09 16:13:22 mymachine systemd[1]: Starting WireGuard Peer - wg1 - <REDACTED> (<REDACTED>)...
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2196]: /etc/resolv.conf content is:
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2199]: # Generated by resolvconf
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2199]: domain <REDACTED>
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2199]: nameserver <REDACTED>
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2199]: options edns0
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2196]: Resolve google.com ...
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: Trying "google.com"
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23041
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; QUESTION SECTION:
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;google.com.                        IN        A
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; ANSWER SECTION:
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: google.com.                281        IN        A        142.250.74.110
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: Received 44 bytes from <REDACTED>#53 in 10 ms
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: Trying "google.com"
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20303
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; QUESTION SECTION:
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;google.com.                        IN        AAAA
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; ANSWER SECTION:
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: google.com.                247        IN        AAAA        2a00:1450:400f:803::200e
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: Received 56 bytes from <REDACTED>#53 in 4 ms
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: Trying "google.com"
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24548
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; QUESTION SECTION:
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;google.com.                        IN        MX
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: ;; ANSWER SECTION:
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: google.com.                300        IN        MX        10 smtp.google.com.
Oct 09 16:13:22 mymachine test-dns-at-bootime-start[2200]: Received 49 bytes from <REDACTED>#53 in 31 ms
Oct 09 16:13:22 mymachine systemd[1]: Finished WireGuard Peer - wg1 - <REDACTED> (<REDACTED>).
Oct 09 16:13:22 mymachine systemd[1]: Finished test-dns-at-bootime.service.
Oct 09 16:13:22 mymachine systemd[1]: Finished WireGuard Peer - wg0 - <REDACTED> (<REDACTED>).
Oct 09 16:13:22 mymachine systemd[1]: Reached target WireGuard Tunnel - wg0.
Oct 09 16:13:22 mymachine systemd[1]: Reached target WireGuard Tunnel - wg1.
Oct 09 16:13:24 mymachine dhcpcd[1351]: ens33: leased <REDACTED> for 86400 seconds
Oct 09 16:13:24 mymachine dhcpcd[1351]: ens33: adding route to <REDACTED>/24
Oct 09 16:13:24 mymachine dhcpcd[1351]: ens33: adding default route via <REDACTED>

It is the same NixOS configuration in both examples.

Once network-online.target is reached (log “Reached target Network is Online”), my test-dns-at-bootime.service and my Wireguard peer services start.

The problem is that sometimes, network-online.target is reached too early before the main interface ens33 is actually online.

Adding networking.dhcpcd.denyInterfaces = [ "wg*" ]; in my configuration seems to solve the problem. dhcpcd stops doing anything with the Wireguard interfaces and the network-online.target is reached at the right moment.

[root@mymachine:~]# journalctl -u test-dns-at-bootime.service -u wireguard-wg* -u dhcpcd.service -u network-online.target -b
Oct 10 09:15:04 mymachine systemd[1]: Starting DHCP Client...
Oct 10 09:15:04 mymachine dhcpcd[1357]: dhcpcd-9.4.1 starting
Oct 10 09:15:04 mymachine dhcpcd[1371]: dev: loaded udev
Oct 10 09:15:04 mymachine dhcpcd[1371]: DUID <REDACTED>
Oct 10 09:15:05 mymachine systemd[1]: Starting WireGuard Tunnel - wg0...
Oct 10 09:15:05 mymachine systemd[1]: Starting WireGuard Tunnel - wg1...
Oct 10 09:15:05 mymachine dhcpcd[1371]: no valid interfaces found
Oct 10 09:15:05 mymachine dhcpcd[1357]: no valid interfaces found
Oct 10 09:15:05 mymachine dhcpcd[1371]: ens33: waiting for carrier
Oct 10 09:15:05 mymachine dhcpcd[1371]: ens33: waiting for carrier
Oct 10 09:15:05 mymachine systemd[1]: Finished WireGuard Tunnel - wg1.
Oct 10 09:15:05 mymachine systemd[1]: Finished WireGuard Tunnel - wg0.
Oct 10 09:15:08 mymachine dhcpcd[1371]: ens33: carrier acquired
Oct 10 09:15:08 mymachine dhcpcd[1371]: ens33: IAID <REDACTED>
Oct 10 09:15:08 mymachine dhcpcd[1371]: ens33: adding address <REDACTED>
Oct 10 09:15:09 mymachine dhcpcd[1371]: ens33: soliciting an IPv6 router
Oct 10 09:15:10 mymachine dhcpcd[1371]: ens33: Router Advertisement from <REDACTED>
Oct 10 09:15:10 mymachine dhcpcd[1371]: ens33: adding address <REDACTED>/64
Oct 10 09:15:10 mymachine dhcpcd[1371]: ens33: adding route to <REDACTED>/64
Oct 10 09:15:10 mymachine dhcpcd[1371]: ens33: requesting DHCPv6 information
Oct 10 09:15:10 mymachine dhcpcd[1371]: ens33: adding default route via <REDACTED>
Oct 10 09:15:10 mymachine dhcpcd[1371]: ens33: rebinding lease of <REDACTED>
Oct 10 09:15:10 mymachine dhcpcd[1371]: ens33: probing address <REDACTED>/24
Oct 10 09:15:11 mymachine dhcpcd[1371]: ens33: REPLY6 received from <REDACTED>
Oct 10 09:15:11 mymachine dhcpcd[1371]: ens33: refresh in 86400 seconds
Oct 10 09:15:12 mymachine systemd[1]: Started DHCP Client.
Oct 10 09:15:12 mymachine systemd[1]: Reached target Network is Online.
Oct 10 09:15:12 mymachine systemd[1]: Starting test-dns-at-bootime.service...
Oct 10 09:15:12 mymachine systemd[1]: Starting WireGuard Peer - wg0 - <REDACTED> (<REDACTED>)...
Oct 10 09:15:12 mymachine systemd[1]: Starting WireGuard Peer - wg1 - <REDACTED> (<REDACTED>)...
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2275]: /etc/resolv.conf content is:
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2281]: # Generated by resolvconf
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2281]: domain <REDACTED>
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2281]: nameserver <REDACTED>
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2281]: options edns0
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2275]: Resolve google.com ...
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: Trying "google.com"
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54230
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; QUESTION SECTION:
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;google.com.                        IN        A
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; ANSWER SECTION:
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: google.com.                80        IN        A        142.250.74.110
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: Received 44 bytes from <REDACTED>#53 in 6 ms
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: Trying "google.com"
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33873
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; QUESTION SECTION:
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;google.com.                        IN        AAAA
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; ANSWER SECTION:
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: google.com.                207        IN        AAAA        2a00:1450:400f:803::200e
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: Received 56 bytes from <REDACTED>#53 in 3 ms
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: Trying "google.com"
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5514
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; QUESTION SECTION:
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;google.com.                        IN        MX
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: ;; ANSWER SECTION:
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: google.com.                300        IN        MX        10 smtp.google.com.
Oct 10 09:15:12 mymachine test-dns-at-bootime-start[2282]: Received 49 bytes from <REDACTED>#53 in 31 ms
Oct 10 09:15:12 mymachine systemd[1]: Finished WireGuard Peer - wg1 - <REDACTED> (<REDACTED>).
Oct 10 09:15:12 mymachine systemd[1]: Finished test-dns-at-bootime.service.
Oct 10 09:15:12 mymachine systemd[1]: Finished WireGuard Peer - wg0 - <REDACTED> (<REDACTED>).
Oct 10 09:15:12 mymachine systemd[1]: Reached target WireGuard Tunnel - wg0.
Oct 10 09:15:12 mymachine systemd[1]: Reached target WireGuard Tunnel - wg1.
Oct 10 09:15:14 mymachine dhcpcd[1371]: ens33: leased <REDACTED> for 86400 seconds
Oct 10 09:15:14 mymachine dhcpcd[1371]: ens33: adding route to <REDACTED>/24
Oct 10 09:15:14 mymachine dhcpcd[1371]: ens33: adding default route via <REDACTED>

Why are the Wireguard interfaces not automatically added to networking.dhcpcd.denyInterfaces?

koolean · October 10, 2023, 7:43am

The problem also seemed fixed if I add the following instead of changing networking.dhcpcd.denyInterfaces:

networking.useDHCP = false;
networking.interfaces.ens33.useDHCP = true;