Its not a bug, it just means that you havent set one up explicitly (thats why it says unknown).
This can be intended if you, for example, are using the DNS of your VPN.
You can use ujust dns-selector to setup a DNS if you want to.
#system dns unknown
split oxide
warm cobalt
No, unknown here means a permission error, if you chmod the file it mentions to be user-readable then it'll be able to do that check
The audit script runs everything as an unprivileged user
I think newer versions of the DNS selector set the permissions on that file so the check works automatically
split oxide
No, unknown here means a permission error, if you chmod the file it mentions to ...
Oh my bad, should still show some notice that no explicit DNS is set though, right? Thought that was it.
warm cobalt
No, if it can't read the contents of that file then it can't determine the DNS setting at all
split oxide
I mean once those permissions are fixed/if the file wouldn't exist
Unsure if the files is created once you configure DNS with the ujust utility or exists always
warm cobalt
btw the relevant chmod command is:
run0 chmod 644 /etc/systemd/resolved.conf.d/10-securedns.conf
never mind, it didn't, but I've opened a PR to fix this
warm cobalt
hm... maybe the directory has too restrictive permissions too?
so try run0 chmod -R 644 /etc/systemd/resolved.conf.d
warm cobalt
uh... what's the output if you run stat /etc/systemd/resolved.conf.d/10-securedns.conf?
I'm confused because as the audit script is currently written, the only way to get an UNKNOWN status from that check is if attempting to read that file raises a PermissionError
which shouldn't happen if you've changed the permissions to be readable by all users
warm cobalt
uh... what's the output if you run `stat /etc/systemd/resolved.conf.d/10-secured...
(fixed typo, the command to run is stat)
warm cobalt
that looks like the directory still doesn't have the right permissions. what's the output of stat /etc/systemd/resolved.conf.d?
warm cobalt
...oh, I gave you the wrong command, oops. directories need execute permission to be able to read their contents
so run0 chmod 755 /etc/systemd/resolved.conf.d should fix it
sorry about that
(if you have read but not execute permission on a directory, you can list the names of things it contains, but you can't do anything with the files or directories it contains)