cloudron-support: improved dns check

2024-08-20 16:51:56 +02:00
parent 0ed9105a05
commit cebaa71ce1
1 changed files with 42 additions and 23 deletions
--- a/scripts/cloudron-support
+++ b/scripts/cloudron-support
@@ -19,16 +19,18 @@ readonly HELP_MESSAGE="
 Cloudron Support and Diagnostics Tool
 
 Options:
-   --disable-dnssec          Disable DNSSEC
-   --enable-remote-access    Enable SSH Remote Access for the Cloudron support team
-   --patch                   Apply a patch from git. WARNING: Do not use unless you know what you are doing!
-   --recreate-containers     Deletes all existing containers and recreates them without loss of data
-   --recreate-docker         Deletes docker storage (containers and images) and recreates it without loss of data
-   --send-diagnostics        Collects server diagnostics and uploads it to ${PASTEBIN}
-   --troubleshoot            Dashboard down? Run tests to identify the potential problem
-   --owner-login             Login as owner
-   --use-external-dns        Forwards all DNS requests to Google (8.8.8.8) and Cloudflare (1.1.1.1) DNS servers
-   --help                    Show this message
+   --disable-dnssec           Disable DNSSEC
+   --enable-remote-access     Enable SSH Remote Access for the Cloudron support team
+   --patch                    Apply a patch from git. WARNING: Do not use unless you know what you are doing!
+   --recreate-containers      Deletes all existing containers and recreates them without loss of data
+   --recreate-docker          Deletes docker storage (containers and images) and recreates it without loss of data
+   --send-diagnostics         Collects server diagnostics and uploads it to ${PASTEBIN}
+   --troubleshoot             Dashboard down? Run tests to identify the potential problem
+   --owner-login              Login as owner
+   --unbound-use-external-dns Forwards all Unbound requests to Google (8.8.8.8) and Cloudflare (1.1.1.1) DNS servers.
+                              Unbound is the internal DNS server used for recursive DNS queries. This is only needed
+                              if your network does not allow outbound DNS requests.
+   --help                     Show this message
 "

 function success() {
@@ -133,11 +135,10 @@ function check_netplan() {
    fi

    if [[ -z "${output}" ]]; then
-        fail "netplan configuration is empty"
-        exit 1
+        warn "netplan configuration is empty. this might be OK depending on your networking setup"
+    else
+        success "netplan is good"
    fi
-
-    success "netplan is good"
 }

 function owner_login() {
@@ -217,13 +218,31 @@ function send_diagnostics() {
 }

 function check_dns() {
-    if ! host cloudron.io &>/dev/null; then
-        fail "DNS is not resolving"
-        host cloudron.io
-        exit 1
+    if host cloudron.io &>/dev/null; then
+        success "DNS is resolving via systemd-resolved"
+        return
    fi

-    success "DNS is resolving via systemd-resolved"
+    if ! systemctl is-active -q systemd-resolved; then
+        warn "systemd-resolved is not in use. see 'systemctl status systemd-resolved'"
+    fi
+
+    if [[ -L /etc/resolv.conf ]]; then
+        target=$(readlink /etc/resolv.conf)
+        if [[ "$target" != *"/run/systemd/resolve/stub-resolv.conf" ]]; then
+            warn "/etc/resolv.conf is symlinked to $target instead of '../run/systemd/resolve/stub-resolv.conf'"
+        fi
+    else
+        warn "/etc/resolv.conf is not symlinked to '../run/systemd/resolve/stub-resolv.conf'"
+    fi
+
+    if ! grep -q "^nameserver 127.0.0.53" /etc/resolv.conf; then
+        warn "/etc/resolv.conf is not using systemd-resolved. it is missing the line 'nameserver 127.0.0.53'"
+    fi
+
+    fail "DNS is not resolving"
+    host cloudron.io || true
+    exit 1
 }

 function check_unbound() {
@@ -244,7 +263,7 @@ function check_unbound() {
    fi

    if ! host cloudron.io 127.0.0.150 &>/dev/null; then
-        fail "Unbound is not resolving, maybe try forwarding all DNS requests. You can do this by running 'cloudron-support --use-external-dns' option"
+        fail "Unbound is not resolving, maybe try forwarding all DNS requests. You can do this by running 'cloudron-support --unbound-use-external-dns' option"
        host cloudron.io 127.0.0.150
        exit 1
    fi
@@ -430,7 +449,7 @@ function check_expired_domain() {
    success "Domain ${dashboard_domain} is valid and has not expired"
 }

-function use_external_dns() {
+function unbount_use_external_dns() {
    local -r conf_file="/etc/unbound/unbound.conf.d/forward-everything.conf"

    info "To remove the forwarding, please delete $conf_file and 'systemctl restart unbound'"
@@ -658,7 +677,7 @@ function apply_patch() {

 check_disk_space

-args=$(getopt -o "" -l "admin-login,disable-dnssec,enable-ssh,enable-remote-access,help,owner-login,patch:,recreate-containers,recreate-docker,send-diagnostics,use-external-dns,troubleshoot" -n "$0" -- "$@")
+args=$(getopt -o "" -l "admin-login,disable-dnssec,enable-ssh,enable-remote-access,help,owner-login,patch:,recreate-containers,recreate-docker,send-diagnostics,unbound-use-external-dns,troubleshoot" -n "$0" -- "$@")
 eval set -- "${args}"

 while true; do
@@ -674,7 +693,7 @@ while true; do
    --send-diagnostics) send_diagnostics; exit 0;;
    --troubleshoot) troubleshoot; exit 0;;
    --disable-dnssec) disable_dnssec; exit 0;;
-    --use-external-dns) use_external_dns; exit 0;;
+    --unbound-use-external-dns) unbound_use_external_dns; exit 0;;
    --recreate-containers) recreate_containers; exit 0;;
    --recreate-docker) recreate_docker; exit 0;;
    --patch) apply_patch "$2"; exit 0;;