T4930 has introduced a bug where if no wireguard interfaces are defined, the vyos-domain-resolver process exits with failure.
We need to implement a check in vyos-domain-resolver to see if output of dict_search_args is NoneType before attempting to iterate.
[edit] vyos@vyos# set firewall group domain-group test address vyos.dev [edit] vyos@vyos# commit [edit] vyos@vyos# sudo systemctl status vyos-domain-resolver × vyos-domain-resolver.service - VyOS firewall domain resolver Loaded: loaded (/lib/systemd/system/vyos-domain-resolver.service; disabled; preset: enabled) Active: failed (Result: exit-code) since Sat 2025-01-25 12:26:50 GMT; 214ms ago Duration: 257ms Process: 3268 ExecStart=/usr/bin/python3 -u /usr/libexec/vyos/services/vyos-domain-resolver (code=exited, status=1/FAILURE) Main PID: 3268 (code=exited, status=1/FAILURE) CPU: 250ms Jan 25 12:26:50 vyos systemd[1]: vyos-domain-resolver.service: Scheduled restart job, restart counter is at 5. Jan 25 12:26:50 vyos systemd[1]: Stopped vyos-domain-resolver.service - VyOS firewall domain resolver. Jan 25 12:26:50 vyos systemd[1]: vyos-domain-resolver.service: Start request repeated too quickly. Jan 25 12:26:50 vyos systemd[1]: vyos-domain-resolver.service: Failed with result 'exit-code'. Jan 25 12:26:50 vyos systemd[1]: Failed to start vyos-domain-resolver.service - VyOS firewall domain resolver.
def update_interfaces(config, node):
if node == 'interfaces':
wg_interfaces = dict_search_args(config, 'wireguard')
peer_public_keys = {}
# for each wireguard interfaces
for interface, wireguard in wg_interfaces.items():
peer_public_keys[interface] = []