contrib/openresolv: MFV openresolv 3.17.4
Reviewed by: pfg Approved by: lwhsu (mentor) Differential Revision: https://reviews.freebsd.org/D56269
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
Copyright (c) 2007-2019 Roy Marples <roy@marples.name>
|
||||
Copyright (c) 2007-2020 Roy Marples <roy@marples.name>
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
|
||||
+37
-17
@@ -5,6 +5,9 @@ _CONFIG_MK!= test -e config.mk && echo config.mk || echo config-null.mk
|
||||
CONFIG_MK?= ${_CONFIG_MK}
|
||||
include ${CONFIG_MK}
|
||||
|
||||
DIST!= if test -d .git; then echo "dist-git"; \
|
||||
else echo "dist-inst"; fi
|
||||
|
||||
SBINDIR?= /sbin
|
||||
SYSCONFDIR?= /etc
|
||||
LIBEXECDIR?= /libexec/resolvconf
|
||||
@@ -20,9 +23,11 @@ BINMODE?= 0755
|
||||
DOCMODE?= 0644
|
||||
MANMODE?= 0444
|
||||
|
||||
RESOLVCONF= resolvconf resolvconf.8 resolvconf.conf.5
|
||||
SUBSCRIBERS= libc dnsmasq named pdnsd pdns_recursor unbound
|
||||
TARGET= ${RESOLVCONF} ${SUBSCRIBERS}
|
||||
RESOLVCONF= resolvconf resolvconf.8 resolvconf.conf.5
|
||||
SUBSCRIBERS= libc dnsmasq named pdnsd pdns_recursor unbound
|
||||
SUBSCRIBERS+= systemd-resolved resolvectl
|
||||
LIBC_SUBSCRIBERS= avahi-daemon mdnsd
|
||||
TARGET= ${RESOLVCONF} ${SUBSCRIBERS} ${LIBC_SUBSCRIBERS}
|
||||
SRCS= ${TARGET:C,$,.in,} # pmake
|
||||
SRCS:= ${TARGET:=.in} # gmake
|
||||
|
||||
@@ -36,12 +41,12 @@ SED_RCDIR= -e 's:@RCDIR@:${RCDIR}:g'
|
||||
SED_STATUSARG= -e 's:@STATUSARG@:${STATUSARG}:g'
|
||||
|
||||
DISTPREFIX?= ${PKG}-${VERSION}
|
||||
DISTFILEGZ?= ${DISTPREFIX}.tar.gz
|
||||
DISTFILE?= ${DISTPREFIX}.tar.xz
|
||||
DISTINFO= ${DISTFILE}.distinfo
|
||||
DISTINFOSIGN= ${DISTINFO}.asc
|
||||
CKSUM?= cksum -a SHA256
|
||||
PGP?= netpgp
|
||||
DISTINFOMD= ${DISTINFO}.md
|
||||
DISTSIGN= ${DISTFILE}.asc
|
||||
SHA256?= sha256
|
||||
PGP?= gpg2
|
||||
|
||||
GITREF?= HEAD
|
||||
|
||||
@@ -59,7 +64,7 @@ clean:
|
||||
rm -f ${TARGET}
|
||||
|
||||
distclean: clean
|
||||
rm -f config.mk ${DISTFILE} ${DISTINFO} ${DISTINFOSIGN}
|
||||
rm -f config.mk ${DISTFILE} ${DISTINFO} ${DISTINFOMD} ${DISTSIGN}
|
||||
|
||||
installdirs:
|
||||
|
||||
@@ -71,6 +76,9 @@ proginstall: ${TARGET}
|
||||
${INSTALL} -m ${DOCMODE} resolvconf.conf ${DESTDIR}${SYSCONFDIR}
|
||||
${INSTALL} -d ${DESTDIR}${LIBEXECDIR}
|
||||
${INSTALL} -m ${DOCMODE} ${SUBSCRIBERS} ${DESTDIR}${LIBEXECDIR}
|
||||
${INSTALL} -d ${DESTDIR}${LIBEXECDIR}/libc.d
|
||||
${INSTALL} -m ${DOCMODE} ${LIBC_SUBSCRIBERS} \
|
||||
${DESTDIR}${LIBEXECDIR}/libc.d
|
||||
|
||||
maninstall:
|
||||
${INSTALL} -d ${DESTDIR}${MANDIR}/man8
|
||||
@@ -87,18 +95,30 @@ dist-inst:
|
||||
mkdir /tmp/${DISTPREFIX}
|
||||
cp -RPp * /tmp/${DISTPREFIX}
|
||||
(cd /tmp/${DISTPREFIX}; make clean)
|
||||
tar -cvjpf ${DISTFILE} -C /tmp ${DISTPREFIX}
|
||||
tar -cvJpf ${DISTFILE} -C /tmp ${DISTPREFIX}
|
||||
rm -rf /tmp/${DISTPREFIX}
|
||||
|
||||
dist: dist-git
|
||||
dist: ${DIST}
|
||||
|
||||
distinfo: dist
|
||||
rm -f ${DISTINFO} ${DISTINFOSIGN}
|
||||
${CKSUM} ${DISTFILE} >${DISTINFO}
|
||||
#printf "SIZE (${DISTFILE}) = %s\n" $$(wc -c <${DISTFILE}) >>${DISTINFO}
|
||||
${PGP} --clearsign --output=${DISTINFOSIGN} ${DISTINFO}
|
||||
chmod 644 ${DISTINFOSIGN}
|
||||
ls -l ${DISTFILE} ${DISTINFO} ${DISTINFOSIGN}
|
||||
rm -f ${DISTINFO} ${DISTSIGN}
|
||||
${SHA256} ${DISTFILE} >${DISTINFO}
|
||||
wc -c <${DISTFILE} \
|
||||
| xargs printf 'Size (${DISTFILE}) = %s\n' >>${DISTINFO}
|
||||
${PGP} --sign --armour --detach ${DISTFILE}
|
||||
chmod 644 ${DISTSIGN}
|
||||
ls -l ${DISTFILE} ${DISTINFO} ${DISTSIGN}
|
||||
|
||||
${DISTINFOMD}: ${DISTINFO}
|
||||
echo '```' >${DISTINFOMD}
|
||||
cat ${DISTINFO} >>${DISTINFOMD}
|
||||
echo '```' >>${DISTINFOMD}
|
||||
|
||||
release: distinfo ${DISTINFOMD}
|
||||
gh release create v${VERSION} \
|
||||
--title "openresolv ${VERSION}" --draft --generate-notes \
|
||||
--notes-file ${DISTINFOMD} \
|
||||
${DISTFILE} ${DISTSIGN}
|
||||
|
||||
import: dist
|
||||
rm -rf /tmp/${DISTPREFIX}
|
||||
@@ -115,4 +135,4 @@ _import-src:
|
||||
@${ECHO} "openresolv-${VERSION} imported to ${DESTDIR}"
|
||||
|
||||
import-src:
|
||||
${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else echo /tmp/${DISTPREFIX}; fi`
|
||||
${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else echo /tmp/${DISTPREFIX}; fi`
|
||||
|
||||
@@ -37,7 +37,7 @@ Here's some reasons:
|
||||
|
||||
The last point is quite important, especially when running VPN systems.
|
||||
Take the following resolv.conf files which have been generated by a
|
||||
[DHCP client](../dhcpcd) and sent to resolvconf:
|
||||
[DHCP client](https://github.com/NetworkConfiguration/dhcpcd) and sent to resolvconf:
|
||||
|
||||
```
|
||||
# resolv.conf from bge0
|
||||
@@ -58,7 +58,12 @@ openresolv ships with helpers for:
|
||||
* [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
|
||||
* [ISC BIND](http://www.isc.org/software/bind)
|
||||
* [PowerDNS Recursor](http://wiki.powerdns.com/trac)
|
||||
* [systemd-resolved](https://www.freedesktop.org/software/systemd/man/latest/systemd-resolved.service.html)
|
||||
|
||||
See the
|
||||
[configuration section](https://roy.marples.name/projects/openresolv/config)
|
||||
[configuration section](https://roy.marples.name/projects/openresolv/configuration)
|
||||
for more details.
|
||||
|
||||
If openresolv updates `/etc/resolv.conf` it can notify the following of this:
|
||||
* [Bonjour (mdnsd)](https://developer.apple.com/bonjour/)
|
||||
* [avahi](http://www.avahi.org/)
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2007-2023 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# avahi-daemon notifier for resolvconf libc subscriber
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
: ${avahi_daemon_pidfile:=/var/run/avahi-daemon/pid}
|
||||
if [ -s "$avahi_daemon_pidfile" ]; then
|
||||
kill -HUP $(cat "$avahi_daemon_pidfile")
|
||||
fi
|
||||
+2
-2
@@ -39,7 +39,7 @@ for x do
|
||||
--includedir) eval INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }$var";;
|
||||
--datadir|--infodir) ;; # ignore autotools
|
||||
--disable-maintainer-mode|--disable-dependency-tracking) ;;
|
||||
--help) echo "See the README file for available options"; exit 0;;
|
||||
--help) echo "See the source for available options"; exit 0;;
|
||||
*) echo "$0: WARNING: unknown option $opt" >&2;;
|
||||
esac
|
||||
done
|
||||
@@ -92,7 +92,7 @@ dragonfly*)
|
||||
: ${LIBEXECDIR:=${PREFIX:-/usr}/libexec/resolvconf}
|
||||
;;
|
||||
linux*)
|
||||
# cksum does't support -a and netpgp is rare
|
||||
# cksum doesn't support -a and netpgp is rare
|
||||
echo "CKSUM= sha256sum --tag" >>$CONFIG_MK
|
||||
echo "PGP= gpg2" >>$CONFIG_MK
|
||||
;;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2007-2019 Roy Marples
|
||||
# Copyright (c) 2007-2023 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# dnsmasq subscriber for resolvconf
|
||||
@@ -105,7 +105,7 @@ for d in $DOMAINS; do
|
||||
empty=true
|
||||
continue
|
||||
fi
|
||||
i=$(($i + 1))
|
||||
i=$((i + 1))
|
||||
while [ ${#addr} -lt 4 ]; do
|
||||
addr="0${addr}"
|
||||
done
|
||||
@@ -118,7 +118,7 @@ for d in $DOMAINS; do
|
||||
fi
|
||||
done
|
||||
while [ $i != 8 ]; do
|
||||
i=$(($i + 1))
|
||||
i=$((i + 1))
|
||||
front="$front byte:0 byte:0"
|
||||
done
|
||||
front="${front}$back"
|
||||
@@ -151,7 +151,7 @@ else
|
||||
fi
|
||||
|
||||
# Try to ensure that config dirs exist
|
||||
if type config_mkdirs >/dev/null 2>&1; then
|
||||
if command -v config_mkdirs >/dev/null 2>&1; then
|
||||
config_mkdirs "$dnsmasq_conf" "$dnsmasq_resolv"
|
||||
else
|
||||
@SBINDIR@/resolvconf -D "$dnsmasq_conf" "$dnsmasq_resolv"
|
||||
|
||||
+57
-25
@@ -1,5 +1,5 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2007-2019 Roy Marples
|
||||
# Copyright (c) 2007-2025 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# libc subscriber for resolvconf
|
||||
@@ -29,10 +29,23 @@
|
||||
SYSCONFDIR=@SYSCONFDIR@
|
||||
LIBEXECDIR=@LIBEXECDIR@
|
||||
VARDIR=@VARDIR@
|
||||
IFACEDIR="$VARDIR/interfaces"
|
||||
KEYDIR="$VARDIR/keys"
|
||||
# Compat
|
||||
if [ ! -d "$KEYDIR" ] && [ -d "$VARDIR/interfaces" ]; then
|
||||
KEYDIR="$VARDIR/interfaces"
|
||||
fi
|
||||
|
||||
CMD="$1"
|
||||
KEY="$2"
|
||||
|
||||
NL="
|
||||
"
|
||||
|
||||
warn()
|
||||
{
|
||||
echo "${0##*/}: $*" >&2
|
||||
}
|
||||
|
||||
# sed may not be available, and this is faster on small files
|
||||
key_get_value()
|
||||
{
|
||||
@@ -94,8 +107,12 @@ elif [ -d "$SYSCONFDIR"/resolvconf ]; then
|
||||
fi
|
||||
fi
|
||||
: ${resolv_conf:=/etc/resolv.conf}
|
||||
if [ "$resolv_conf" = "/dev/null" ]; then
|
||||
exit 0
|
||||
fi
|
||||
: ${resolv_conf_tmp:="$resolv_conf.$$.openresolv"}
|
||||
: ${libc_service:=nscd}
|
||||
: ${list_resolv:=@SBINDIR@/resolvconf -l}
|
||||
: ${list_resolv:=@SBINDIR@/resolvconf -L}
|
||||
if [ "${resolv_conf_head-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.head ]
|
||||
then
|
||||
resolv_conf_head="$(cat "${SYSCONFDIR}"/resolv.conf.head)"
|
||||
@@ -105,9 +122,8 @@ then
|
||||
resolv_conf_tail="$(cat "$SYSCONFDIR"/resolv.conf.tail)"
|
||||
fi
|
||||
|
||||
backup=true
|
||||
signature="# Generated by resolvconf"
|
||||
|
||||
|
||||
uniqify()
|
||||
{
|
||||
result=
|
||||
@@ -123,15 +139,14 @@ uniqify()
|
||||
|
||||
case "${resolv_conf_passthrough:-NO}" in
|
||||
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
|
||||
backup=false
|
||||
newest=
|
||||
for conf in "$IFACEDIR"/*; do
|
||||
for conf in "$KEYDIR"/*; do
|
||||
if [ -z "$newest" ] || [ "$conf" -nt "$newest" ]; then
|
||||
newest="$conf"
|
||||
fi
|
||||
done
|
||||
[ -z "$newest" ] && exit 0
|
||||
newconf="$(cat "$newest")$NL"
|
||||
newconf="$signature$NL$(cat "$newest")$NL"
|
||||
;;
|
||||
/dev/null|[Nn][Uu][Ll][Ll])
|
||||
: ${resolv_conf_local_only:=NO}
|
||||
@@ -207,27 +222,44 @@ esac
|
||||
|
||||
# Check if the file has actually changed or not
|
||||
if [ -e "$resolv_conf" ]; then
|
||||
[ "$(cat "$resolv_conf")" = "$(printf %s "$newconf")" ] && exit 0
|
||||
fi
|
||||
|
||||
# Change is good.
|
||||
# If the old file does not have our signature, back it up.
|
||||
# If the new file just has our signature, restore the backup.
|
||||
if $backup; then
|
||||
if [ "$newconf" = "$signature$NL" ]; then
|
||||
if [ -e "$resolv_conf.bak" ]; then
|
||||
newconf="$(cat "$resolv_conf.bak")$NL"
|
||||
fi
|
||||
elif [ -e "$resolv_conf" ]; then
|
||||
read line <"$resolv_conf"
|
||||
if [ "$line" != "$signature" ]; then
|
||||
cp "$resolv_conf" "$resolv_conf.bak"
|
||||
if [ "$CMD" != u ] && \
|
||||
[ "$(cat "$resolv_conf")" = "$(printf %s "$newconf")" ]
|
||||
then
|
||||
exit 0
|
||||
fi
|
||||
read line <"$resolv_conf"
|
||||
if [ "$line" != "$signature" ]; then
|
||||
if [ "$CMD" != u ]; then
|
||||
warn "signature mismatch: $resolv_conf"
|
||||
warn "run \`resolvconf -u\` to update"
|
||||
exit 1
|
||||
fi
|
||||
cp "$resolv_conf" "$resolv_conf.bak"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create our resolv.conf now
|
||||
(umask 022; echo "$newconf" >"$resolv_conf")
|
||||
# There are pros and cons for writing directly to resolv.conf
|
||||
# instead of a temporary file and then moving it over.
|
||||
# The default is to write to resolv.conf as it has the least
|
||||
# issues and has been the long standing default behaviour.
|
||||
# resolv.conf could also be bind mounted for network namespaces
|
||||
# so we cannot move in this instance.
|
||||
case "${resolv_conf_mv:-NO}" in
|
||||
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
|
||||
# Protect against symlink attack, ensure new file does not exist
|
||||
rm -f "$resolv_conf_tmp"
|
||||
# Keep original file owner, group and mode
|
||||
[ -r "$resolv_conf" ] && cp -p "$resolv_conf" "$resolv_conf_tmp"
|
||||
# Create our resolv.conf now
|
||||
if (umask 022; printf %s "$newconf" >"$resolv_conf_tmp"); then
|
||||
mv "$resolv_conf_tmp" "$resolv_conf"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
(umask 022; printf %s "$newconf" >"$resolv_conf")
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -n "$libc_restart" ]; then
|
||||
eval $libc_restart
|
||||
elif [ -n "$RESTARTCMD" ]; then
|
||||
|
||||
@@ -0,0 +1,32 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2007-2023 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# mdnsd notifier for resolvconf libc subscriber
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
: ${mdnsd_pidfile:=/var/run/mdnsd/mdnsd.pid}
|
||||
if [ -s "$mdnsd_pidfile" ]; then
|
||||
kill -HUP $(cat "$mdnsd_pidfile")
|
||||
fi
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2007-2016 Roy Marples
|
||||
# Copyright (c) 2007-2023 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# named subscriber for resolvconf
|
||||
@@ -79,7 +79,7 @@ for d in $DOMAINS; do
|
||||
done
|
||||
|
||||
# Try to ensure that config dirs exist
|
||||
if type config_mkdirs >/dev/null 2>&1; then
|
||||
if command -v config_mkdirs >/dev/null 2>&1; then
|
||||
config_mkdirs "$named_options" "$named_zones"
|
||||
else
|
||||
@SBINDIR@/resolvconf -D "$named_options" "$named_zones"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2009-2019 Roy Marples
|
||||
# Copyright (c) 2009-2023 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# PowerDNS Recursor subscriber for resolvconf
|
||||
@@ -54,7 +54,7 @@ for d in $DOMAINS; do
|
||||
done
|
||||
|
||||
# Try to ensure that config dirs exist
|
||||
if type config_mkdirs >/dev/null 2>&1; then
|
||||
if command -v config_mkdirs >/dev/null 2>&1; then
|
||||
config_mkdirs "$pdnsd_zones"
|
||||
else
|
||||
@SBINDIR@/resolvconf -D "$pdnsd_zones"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2010-2018 Roy Marples
|
||||
# Copyright (c) 2010-2023 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# pdnsd subscriber for resolvconf
|
||||
@@ -46,7 +46,7 @@ remove_markers()
|
||||
in_marker=0
|
||||
|
||||
shift; shift
|
||||
if type sed >/dev/null 2>&1; then
|
||||
if command -v sed >/dev/null 2>&1; then
|
||||
sed "/^$m1/,/^$m2/d" $@
|
||||
else
|
||||
for x do
|
||||
@@ -66,9 +66,9 @@ remove_markers()
|
||||
change_file()
|
||||
{
|
||||
if [ -e "$1" ]; then
|
||||
if type cmp >/dev/null 2>&1; then
|
||||
if command -v cmp >/dev/null 2>&1; then
|
||||
cmp -s "$1" "$2"
|
||||
elif type diff >/dev/null 2>&1; then
|
||||
elif command -v diff >/dev/null 2>&1; then
|
||||
diff -q "$1" "$2" >/dev/null
|
||||
else
|
||||
# Hopefully we're only working on small text files ...
|
||||
@@ -88,7 +88,7 @@ newresolv="# Generated by resolvconf$NL"
|
||||
changed=false
|
||||
|
||||
# Try to ensure that config dirs exist
|
||||
if type config_mkdirs >/dev/null 2>&1; then
|
||||
if command -v config_mkdirs >/dev/null 2>&1; then
|
||||
config_mkdirs "$pdnsd_resolv" "$pdnsd_conf"
|
||||
else
|
||||
@SBINDIR@/resolvconf -D "$pdnsd_resolv" "$pdnsd_conf"
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
.\" Copyright (c) 2007-2016 Roy Marples
|
||||
.\" Copyright (c) 2007-2025 Roy Marples
|
||||
.\" All rights reserved
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@@ -22,7 +22,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd November 29, 2016
|
||||
.Dd June 26, 2025
|
||||
.Dt RESOLVCONF 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@@ -35,14 +35,18 @@
|
||||
.Op Fl m Ar metric
|
||||
.Op Fl p
|
||||
.Op Fl x
|
||||
.Fl a Ar interface Ns Op Ar .protocol
|
||||
.Fl a Ar key
|
||||
.No < Ns Pa file
|
||||
.Nm
|
||||
.Fl C Ar pattern
|
||||
.Nm
|
||||
.Fl c Ar pattern
|
||||
.Nm
|
||||
.Op Fl f
|
||||
.Fl d Ar interface Ns Op Ar .protocol
|
||||
.Fl d Ar key
|
||||
.Nm
|
||||
.Op Fl x
|
||||
.Fl il Ar pattern
|
||||
.Fl iLlp Ar pattern
|
||||
.Nm
|
||||
.Fl u
|
||||
.Nm
|
||||
@@ -68,12 +72,20 @@ file to
|
||||
via
|
||||
.Xr stdin 4
|
||||
with the argument
|
||||
.Fl a Ar interface Ns Op Ar .protocol
|
||||
.Fl a Ar key
|
||||
instead of the filesystem.
|
||||
.Nm
|
||||
then updates
|
||||
.Pa /etc/resolv.conf
|
||||
as it thinks best.
|
||||
If
|
||||
.Pa /etc/resolv.conf
|
||||
already exists and the top line does not match the expected signature,
|
||||
then
|
||||
.Nm
|
||||
will refuse to update it unless the
|
||||
.Fl u
|
||||
update command is given.
|
||||
When a local resolver other than libc is installed, such as
|
||||
.Xr dnsmasq 8
|
||||
or
|
||||
@@ -82,27 +94,40 @@ then
|
||||
.Nm
|
||||
will supply files that the resolver should be configured to include.
|
||||
.Pp
|
||||
At it's heart,
|
||||
.Nm
|
||||
assumes it has a job to do.
|
||||
In some situations
|
||||
is a key/value store for
|
||||
.Pa resolv.conf
|
||||
files.
|
||||
Each entry must have a unique
|
||||
.Ar key
|
||||
and should be expressed as
|
||||
.Sy interface.protocol
|
||||
so that it's easy to tell from where the
|
||||
.Pa resolv.conf
|
||||
file came from.
|
||||
This also allows using pattern matching such as
|
||||
.Sy interface.*
|
||||
to match all protocols running on the interface.
|
||||
For example, a modern system will likely run DHCP, RA and DHCPv6
|
||||
which could be from separate programs or one program running
|
||||
many protocols.
|
||||
However, this is not a fixed requirement,
|
||||
.Nm
|
||||
needs to act as a deterrent to writing to
|
||||
.Pa /etc/resolv.conf .
|
||||
Where this file cannot be made immutable or you just need to toggle this
|
||||
behaviour,
|
||||
.Nm
|
||||
can be disabled by adding
|
||||
.Sy resolvconf Ns = Ns NO
|
||||
to
|
||||
.Xr resolvconf.conf 5 .
|
||||
will work with any key name and it should be treated as an opaque value
|
||||
outside of
|
||||
.Nm .
|
||||
.Pp
|
||||
.Nm
|
||||
can mark an interfaces
|
||||
can mark a
|
||||
.Pa resolv.conf
|
||||
as private.
|
||||
as private and optionally non-searchable.
|
||||
This means that the name servers listed in that
|
||||
.Pa resolv.conf
|
||||
are only used for queries against the domain/search listed in the same file.
|
||||
are only used for queries against the domain/search listed in the same file
|
||||
and if non-searchable then the domain/search listed are
|
||||
excluded from the global search list defined in
|
||||
.Pa /etc/resolv.conf .
|
||||
This only works when a local resolver other than libc is installed.
|
||||
See
|
||||
.Xr resolvconf.conf 5
|
||||
@@ -111,57 +136,97 @@ for how to configure
|
||||
to use a local name server and how to remove the private marking.
|
||||
.Pp
|
||||
.Nm
|
||||
can mark an interfaces
|
||||
can mark a
|
||||
.Pa resolv.conf
|
||||
as exclusive.
|
||||
Only the latest exclusive interface is used for processing, otherwise all are.
|
||||
Only the latest exclusive key is used for processing, otherwise all are.
|
||||
.Pp
|
||||
When an interface goes down, it should then call
|
||||
When a configuration source goes away,
|
||||
such as an interface going down or a VPN stopping,
|
||||
it should then call
|
||||
.Nm
|
||||
with
|
||||
.Fl d Ar interface.*
|
||||
arguments to delete the
|
||||
.Fl d Ar key
|
||||
arguments to clean up the
|
||||
.Pa resolv.conf
|
||||
file(s) for all the
|
||||
.Ar protocols
|
||||
on the
|
||||
.Ar interface .
|
||||
it added previously.
|
||||
For systems that support the concept of persisting configuration when
|
||||
the source is suspended,
|
||||
such as the carrier going down,
|
||||
then it should instead call
|
||||
.Nm
|
||||
with
|
||||
.Fl C Ar key
|
||||
arguments to deprecate the entry
|
||||
.Fl c Ar key
|
||||
to activate the entry when it comes back again.
|
||||
This only affects the order in which the
|
||||
.Pa resolv.conf
|
||||
entries are processed.
|
||||
.Pp
|
||||
Here are some options for the above commands:-
|
||||
Here are some options for the above commands:
|
||||
.Bl -tag -width pattern_opt
|
||||
.It Fl f
|
||||
Ignore non existent interfaces.
|
||||
Only really useful for deleting interfaces.
|
||||
Ignore non existent
|
||||
.Pa resolv.conf
|
||||
entries.
|
||||
Only really useful for deleting.
|
||||
.It Fl m Ar metric
|
||||
Set the metric of the interface when adding it, default of 0.
|
||||
Set the metric of the
|
||||
.Pa resolv.conf
|
||||
entry when adding it, default of 0.
|
||||
Lower metrics take precedence.
|
||||
This affects the default order of interfaces when listed.
|
||||
.It Fl p
|
||||
Marks the interface
|
||||
This affects the default order of entires when listed.
|
||||
.It Fl p Op Ar pattern
|
||||
Marks the
|
||||
.Pa resolv.conf
|
||||
as private.
|
||||
as private if the
|
||||
.Fl a
|
||||
command is given, otherwise
|
||||
.Pa resolv.conf
|
||||
entries having their key matching
|
||||
.Ar pattern
|
||||
are listed.
|
||||
If an extra
|
||||
.Fl p
|
||||
is given then the
|
||||
.Pa resolv.conf
|
||||
is marked as non-searchable as well.
|
||||
.It Fl x
|
||||
Mark the interface
|
||||
Mark the
|
||||
.Pa resolv.conf
|
||||
as exclusive when adding, otherwise only use the latest exclusive interface.
|
||||
as exclusive when adding, otherwise only use the latest exclusive key.
|
||||
.El
|
||||
.Pp
|
||||
.Nm
|
||||
has some more commands for general usage:-
|
||||
has some more commands for general usage:
|
||||
.Bl -tag -width pattern_opt
|
||||
.It Fl i Ar pattern
|
||||
List the interfaces and protocols, optionally matching
|
||||
.It Fl i Op Ar pattern
|
||||
List the keys stored, optionally matching
|
||||
.Ar pattern ,
|
||||
we have
|
||||
.Pa resolv.conf
|
||||
files for.
|
||||
.It Fl l Ar pattern
|
||||
If the
|
||||
.Fl L
|
||||
option is given first, then the keys will be list post-processed.
|
||||
.It Fl L Op Ar pattern
|
||||
List the
|
||||
.Pa resolv.conf
|
||||
files we have,
|
||||
post-processed by the
|
||||
.Xr resolvconf.conf 5
|
||||
configuration.
|
||||
If
|
||||
.Ar pattern
|
||||
is specified then we list the files for the keys which match it.
|
||||
.It Fl l Op Ar pattern
|
||||
List the
|
||||
.Pa resolv.conf
|
||||
files we have.
|
||||
If
|
||||
.Ar pattern
|
||||
is specified then we list the files for the interfaces and protocols
|
||||
is specified then we list the files for the keys which match it.
|
||||
that match it.
|
||||
.It Fl u
|
||||
Force
|
||||
@@ -169,27 +234,23 @@ Force
|
||||
to update all its subscribers.
|
||||
.Nm
|
||||
does not update the subscribers when adding a resolv.conf that matches
|
||||
what it already has for that interface.
|
||||
what it already has for that key.
|
||||
.It Fl Fl version
|
||||
Echo the resolvconf version to
|
||||
.Em stdout .
|
||||
.El
|
||||
.Pp
|
||||
.Nm
|
||||
also has some commands designed to be used by it's subscribers and
|
||||
system startup:-
|
||||
also has some commands designed to be used by its subscribers and
|
||||
system startup:
|
||||
.Bl -tag -width pattern_opt
|
||||
.It Fl I
|
||||
Initialise the state directory
|
||||
.Pa @VARDIR@ .
|
||||
This only needs to be called if the initial system boot sequence does not
|
||||
automatically clean it out; for example the state directory is moved
|
||||
somewhere other than
|
||||
.Pa /var/run .
|
||||
If used, it should only be called once as early in the system boot sequence
|
||||
as possible and before
|
||||
.Nm
|
||||
is used to add interfaces.
|
||||
This should be called after the base state directory has either been
|
||||
cleaned out or mounted as a memory backed filesystem during the
|
||||
initial boot sequence before any daemon has the chance to call
|
||||
.Nm .
|
||||
.It Fl R
|
||||
Echo the command used to restart a service.
|
||||
.It Fl r Ar service
|
||||
@@ -208,17 +269,18 @@ except that only the information configured in
|
||||
.Xr resolvconf.conf 5
|
||||
is set.
|
||||
.El
|
||||
.Sh INTERFACE ORDERING
|
||||
.Sh RESOLV.CONF ORDERING
|
||||
For
|
||||
.Nm
|
||||
to work effectively, it has to process the resolv.confs for the interfaces
|
||||
in the correct order.
|
||||
to work effectively, it has to process the
|
||||
.Pa resolv.conf
|
||||
entries in the correct order.
|
||||
.Nm
|
||||
first processes interfaces from the
|
||||
.Sy interface_order
|
||||
list, then interfaces without a metic and that match the
|
||||
first processes keys from the
|
||||
.Sy key_order
|
||||
list, then entries without a metric and that match the
|
||||
.Sy dynamic_order
|
||||
list, then interfaces with a metric in order and finally the rest in
|
||||
list, then entries with a metric in order and finally the rest in
|
||||
the operating systems lexical order.
|
||||
See
|
||||
.Xr resolvconf.conf 5
|
||||
@@ -226,19 +288,9 @@ for details on these lists.
|
||||
.Sh PROTOCOLS
|
||||
Here are some suggested protocol tags to use for each
|
||||
.Pa resolv.conf
|
||||
file registered on an
|
||||
.Ar interface Ns No :-
|
||||
.Bl -tag -width pattern_opt
|
||||
.It dhcp
|
||||
Dynamic Host Configuration Protocol.
|
||||
Initial versions of
|
||||
.Nm
|
||||
did not recommend a
|
||||
.Ar protocol
|
||||
tag be appended to the
|
||||
.Ar interface
|
||||
name.
|
||||
When the protocol is absent, it is assumed to be the DHCP protocol.
|
||||
.It ppp
|
||||
Point-to-Point Protocol.
|
||||
.It ra
|
||||
@@ -270,11 +322,15 @@ option is not present then we use
|
||||
.Va IF_METRIC
|
||||
for the metric.
|
||||
.It Va IF_PRIVATE
|
||||
Marks the interface
|
||||
Marks the
|
||||
.Pa resolv.conf
|
||||
as private.
|
||||
.It Va IF_NOSEARCH
|
||||
Marks the
|
||||
.Pa resolv.conf
|
||||
as non-searchable.
|
||||
.It Va IF_EXCLUSIVE
|
||||
Marks the interface
|
||||
Marks the
|
||||
.Pa resolv.conf
|
||||
as exclusive.
|
||||
.El
|
||||
@@ -295,6 +351,17 @@ Directory of subscribers which are run after the libc subscriber is run.
|
||||
State directory for
|
||||
.Nm .
|
||||
.El
|
||||
.Sh NOTES
|
||||
Domain labels are assumed to be in ASCII and are converted to lower case
|
||||
to avoid duplicate zones when given differing case from different sources.
|
||||
.Pp
|
||||
When running a local resolver other than libc, you will need to configure it
|
||||
to include files that
|
||||
.Nm
|
||||
will generate.
|
||||
You should consult
|
||||
.Xr resolvconf.conf 5
|
||||
for instructions on how to configure your resolver.
|
||||
.Sh SEE ALSO
|
||||
.Xr resolver 3 ,
|
||||
.Xr stdin 4 ,
|
||||
@@ -310,14 +377,3 @@ resolvconf, as written by Thomas Hood.
|
||||
.Sh BUGS
|
||||
Please report them to
|
||||
.Lk http://roy.marples.name/projects/openresolv
|
||||
.Pp
|
||||
.Nm
|
||||
does not validate any of the files given to it.
|
||||
.Pp
|
||||
When running a local resolver other than libc, you will need to configure it
|
||||
to include files that
|
||||
.Nm
|
||||
will generate.
|
||||
You should consult
|
||||
.Xr resolvconf.conf 5
|
||||
for instructions on how to configure your resolver.
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
.\" Copyright (c) 2009-2016 Roy Marples
|
||||
.\" Copyright (c) 2009-2025 Roy Marples
|
||||
.\" All rights reserved
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@@ -22,7 +22,7 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd September 8, 2019
|
||||
.Dd May 15, 2025
|
||||
.Dt RESOLVCONF.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@@ -61,26 +61,44 @@ Set to NO to disable
|
||||
.Nm resolvconf
|
||||
from running any subscribers.
|
||||
Defaults to YES.
|
||||
.It Sy interface_order
|
||||
These interfaces will always be processed first.
|
||||
If unset, defaults to the following:-
|
||||
.Bd -compact -literal -offset indent
|
||||
.It Sy allow_keys
|
||||
If set, only these keys will be processed.
|
||||
.It Sy deny_keys
|
||||
If set, these keys will not be processed.
|
||||
.It Sy exclude
|
||||
Is a space separated list of key/value pairs to match.
|
||||
If all key/value pairs in one element can be found in the file,
|
||||
then the whole file will be excluded from processing.
|
||||
The syntax is this:
|
||||
.Va $keyword Ns / Ns Va $match Ns Op / Ns Va $keyword Ns / Ns Va $match
|
||||
.Pp
|
||||
For example given this configuration:
|
||||
.Bd -literal -compact -offset indent
|
||||
exclude="search/foo*/nameserver/1.2.3.4 search/bar.org"
|
||||
.Ed
|
||||
.Pp
|
||||
Then any resolv.conf with both a search option starting with foo with a nameserver of 1.2.3.4
|
||||
OR a search option of bar.org would be excluded.
|
||||
.It Sy key_order
|
||||
These keys will always be processed first.
|
||||
If unset, defaults to the following:
|
||||
.Bd -literal -compact -offset indent
|
||||
lo lo[0-9]*
|
||||
.Ed
|
||||
.It Sy dynamic_order
|
||||
These interfaces will be processed next, unless they have a metric.
|
||||
If unset, defaults to the following:-
|
||||
.Bd -compact -literal -offset indent
|
||||
tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]*
|
||||
These keys will be processed next, unless they have a metric.
|
||||
If unset, defaults to the following:
|
||||
.Bd -literal -compact -offset indent
|
||||
tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]*
|
||||
.Ed
|
||||
.It Sy inclusive_interfaces
|
||||
Ignore any exclusive marking for these interfaces.
|
||||
.It Sy inclusive_keys
|
||||
Ignore any exclusive marking for these keys.
|
||||
This is handy when 3rd party integrations force the
|
||||
.Nm resolvconf -x
|
||||
option and you want to disable it easily.
|
||||
.It Sy local_nameservers
|
||||
If unset, defaults to the following:-
|
||||
.Bd -compact -literal -offset indent
|
||||
If unset, defaults to the following:
|
||||
.Bd -literal -compact -offset indent
|
||||
127.* 0.0.0.0 255.255.255.255 ::1
|
||||
.Ed
|
||||
.It Sy search_domains
|
||||
@@ -101,20 +119,25 @@ Append name servers to the dynamically generated list.
|
||||
A list of name servers to be removed from consideration.
|
||||
The default is 0.0.0.0 as some faulty routers send it via DHCP.
|
||||
To remove a block, you can use 192.168.*
|
||||
.It Sy private_interfaces
|
||||
These interfaces name servers will only be queried for the domains listed
|
||||
.It Sy private_keys
|
||||
These keys name servers will only be queried for the domains listed
|
||||
in their resolv.conf.
|
||||
Useful for VPN domains.
|
||||
Setting
|
||||
.Sy private_interfaces Ns ="*"
|
||||
.Sy private_keys Ns ="*"
|
||||
will stop the forwarding of the root zone and allows the local resolver to
|
||||
recursively query the root servers directly.
|
||||
Requires a local nameserver other than libc.
|
||||
This is equivalent to the
|
||||
.Nm resolvconf -p
|
||||
option.
|
||||
.It Sy public_interfaces
|
||||
Force these interface to be public, overriding the private marking.
|
||||
.It Sy nosearch_keys
|
||||
These keys domains/search won't be added to the global search list
|
||||
in
|
||||
.Pa /etc/resolv.conf .
|
||||
.It Sy public_keys
|
||||
Force these keys to be public, overriding the private and nosearch
|
||||
markings.
|
||||
This is handy when 3rd party integrations force the
|
||||
.Nm resolvconf -p
|
||||
option and you want to disable it easily.
|
||||
@@ -124,24 +147,27 @@ The syntax is this:
|
||||
.Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement
|
||||
.Pp
|
||||
Example, given this resolv.conf:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
domain foo.org
|
||||
search foo.org dead.beef
|
||||
nameserver 1.2.3.4
|
||||
nameserver 2.3.4.5
|
||||
.Ed
|
||||
and this configuaration:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Pp
|
||||
and this configuration:
|
||||
.Bd -literal -compact -offset indent
|
||||
replace="search/foo*/bar.com"
|
||||
replace="$replace nameserver/1.2.3.4/5.6.7.8"
|
||||
replace="$replace nameserver/2.3.4.5/"
|
||||
.Ed
|
||||
.Pp
|
||||
you would get this resolv.conf instead:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
domain foo.org
|
||||
search bar.com
|
||||
nameserver 5.6.7.8
|
||||
.Ed
|
||||
.Pp
|
||||
.It Sy replace_sub
|
||||
Works the same way as
|
||||
.Sy replace
|
||||
@@ -152,11 +178,12 @@ Using the same example resolv.conf and changing
|
||||
to
|
||||
.Sy replace_sub ,
|
||||
you would get this resolv.conf instead:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
domain foo.org
|
||||
search bar.com dead.beef
|
||||
nameserver 5.6.7.8
|
||||
.Ed
|
||||
.Pp
|
||||
.It Sy state_dir
|
||||
Override the default state directory of
|
||||
.Pa @VARDIR@ .
|
||||
@@ -167,12 +194,17 @@ is in use unless the old directory is copied to the new one.
|
||||
.Sh LIBC OPTIONS
|
||||
The following variables affect
|
||||
.Xr resolv.conf 5
|
||||
directly:-
|
||||
directly:
|
||||
.Bl -tag -width indent
|
||||
.It Sy resolv_conf
|
||||
Defaults to
|
||||
.Pa /etc/resolv.conf
|
||||
if not set.
|
||||
Set to
|
||||
.Pa /dev/null
|
||||
to stop
|
||||
.Xr resolvconf 8
|
||||
from changing it.
|
||||
.It Sy resolv_conf_options
|
||||
A list of libc resolver options, as specified in
|
||||
.Xr resolv.conf 5 .
|
||||
@@ -188,6 +220,14 @@ is unset unless overridden and only the information set in
|
||||
.Nm
|
||||
is written to
|
||||
.Sy resolv_conf .
|
||||
.It Sy resolv_conf_restore
|
||||
When set to YES and
|
||||
and an empty
|
||||
.Pa resolv.conf
|
||||
would be written, restore
|
||||
.Pa resolv.conf.bak
|
||||
instead if it exists.
|
||||
Defaults to YES if not set.
|
||||
.It Sy resolv_conf_sortlist
|
||||
A libc resolver sortlist, as specified in
|
||||
.Xr resolv.conf 5 .
|
||||
@@ -206,21 +246,28 @@ Prepend name servers to the dynamically generated list.
|
||||
Append search domains to the dynamically generated list.
|
||||
.It Sy prepend_search
|
||||
Prepend search domains to the dynamically generated list.
|
||||
.It Sy resolv_conf_mv
|
||||
Defaults to NO.
|
||||
Defines if
|
||||
.Pa /etc/resolv.conf
|
||||
is updated by writing to a temporary file and then moving it
|
||||
vs writing directly to it.
|
||||
.El
|
||||
.Sh SUBSCRIBER OPTIONS
|
||||
openresolv ships with subscribers for the name servers
|
||||
.Xr dnsmasq 8 ,
|
||||
.Xr named 8 ,
|
||||
.Xr pdnsd 8 ,
|
||||
.Xr pdns_recursor 8 ,
|
||||
.Xr pdns_recursor 1 ,
|
||||
and
|
||||
.Xr unbound 8 .
|
||||
Each subscriber can create configuration files which should be included in
|
||||
in the subscribers main configuration file.
|
||||
the subscribers main configuration file.
|
||||
.Pp
|
||||
To disable a subscriber, simply set it's name to NO.
|
||||
To disable a subscriber, simply set its name to NO.
|
||||
If the subscriber name has a dash in it, then replace it with an underscore.
|
||||
For example, to disable the libc subscriber you would set:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
libc=NO
|
||||
.Ed
|
||||
.Bl -tag -width indent
|
||||
@@ -230,14 +277,14 @@ This file tells dnsmasq which name servers to use for specific domains.
|
||||
This file tells dnsmasq which name servers to use for global lookups.
|
||||
.Pp
|
||||
Example resolvconf.conf for dnsmasq:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
name_servers=127.0.0.1
|
||||
dnsmasq_conf=/etc/dnsmasq-conf.conf
|
||||
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
|
||||
.Ed
|
||||
.Pp
|
||||
Example dnsmasq.conf:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
listen-address=127.0.0.1
|
||||
# If dnsmasq is compiled for DBus then we can take
|
||||
# advantage of not having to restart dnsmasq.
|
||||
@@ -253,14 +300,14 @@ Include this file in the named global scope, after the options block.
|
||||
This file tells named which name servers to use for specific domains.
|
||||
.Pp
|
||||
Example resolvconf.conf for named:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
name_servers=127.0.0.1
|
||||
named_options=/etc/named-options.conf
|
||||
named_zones=/etc/named-zones.conf
|
||||
.Ed
|
||||
.Pp
|
||||
Example named.conf:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
options {
|
||||
listen-on { 127.0.0.1; };
|
||||
include "/etc/named-options.conf";
|
||||
@@ -281,14 +328,14 @@ If this variable is not set then it's written to
|
||||
.Pa pdnsd_conf .
|
||||
.Pp
|
||||
Example resolvconf.conf for pdnsd:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
name_servers=127.0.0.1
|
||||
pdnsd_conf=/etc/pdnsd.conf
|
||||
# pdnsd_resolv=/etc/pdnsd-resolv.conf
|
||||
.Ed
|
||||
.Pp
|
||||
Example pdnsd.conf:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
global {
|
||||
server_ip = 127.0.0.1;
|
||||
status_ctl = on;
|
||||
@@ -304,29 +351,76 @@ server {
|
||||
This file tells pdns_recursor about specific and global name servers.
|
||||
.Pp
|
||||
Example resolvconf.conf for pdns_recursor:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
name_servers=127.0.0.1
|
||||
pdns_zones=/etc/pdns/recursor-zones.conf
|
||||
.Ed
|
||||
.Pp
|
||||
Example recursor.conf:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
allow-from=127.0.0.0/8, ::1/128
|
||||
forward-zones-file=/etc/pdns/recursor-zones.conf
|
||||
.Ed
|
||||
.It Sy resolvectl
|
||||
When set to YES,
|
||||
.Xr resolvectl 1
|
||||
will be used to write per interface entries from
|
||||
.Xr resolvconf 8
|
||||
to
|
||||
.Xr systemd-resolved 8 .
|
||||
A warning is emitted for any entry that cannot be matched to an
|
||||
interface.
|
||||
.Pp
|
||||
This subscriber should only be used if your systemd-resolved does
|
||||
not support DNS delegates and you need private or non searchable
|
||||
.Xr resolvconf 8
|
||||
entries, or you're really beholden to seeing DNS setup per interface via
|
||||
.Xr resolvectl 1 .
|
||||
The systemd-resolved subscriber documented below is the better option.
|
||||
.Pp
|
||||
Example resolvconf.conf for resolvectl:
|
||||
.Bd -literal -compact -offset indent
|
||||
# Keep /etc/resolv.conf as systemd-resolved wants it
|
||||
libc=NO
|
||||
resolvectl=YES
|
||||
.Ed
|
||||
.It Sy systemd_resolved
|
||||
When set to YES, global DNS will be written to the
|
||||
.Sy systemd_resolved_conf
|
||||
configuration file and DNS delegates will be written to the
|
||||
.Sy systemd_delegate_dir
|
||||
directory.
|
||||
.It Sy systemd_resolved_conf
|
||||
Defaults to
|
||||
.Pa /run/systemd/resolved.conf.d/60-resolvconf.conf .
|
||||
.It Sy systemd_delegate_dir
|
||||
Defaults to
|
||||
.Pa /run/systemd/dns-delegate.d .
|
||||
.Pp
|
||||
Example resolvconf.conf for systemd-resolved:
|
||||
.Bd -literal -compact -offset indent
|
||||
# Keep /etc/resolv.conf as systemd-resolved wants it
|
||||
libc=NO
|
||||
systemd_resolved=YES
|
||||
.Ed
|
||||
.It Sy unbound_conf
|
||||
This file tells unbound about specific and global name servers.
|
||||
.It Sy unbound_insecure
|
||||
When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC.
|
||||
.It Sy unbound_private
|
||||
When set to YES, unbound marks the domains as private, allowing it and its subdomains to contain private addresses.
|
||||
.It Sy unbound_forward_zone_options
|
||||
Options appended to each forward zone.
|
||||
Each option should be separated by an embedded new line.
|
||||
.Pp
|
||||
Example resolvconf.conf for unbound:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
name_servers=127.0.0.1
|
||||
unbound_conf=/etc/unbound-resolvconf.conf
|
||||
.Ed
|
||||
.Pp
|
||||
Example unbound.conf:
|
||||
.Bd -compact -literal -offset indent
|
||||
.Bd -literal -compact -offset indent
|
||||
include: /etc/unbound-resolvconf.conf
|
||||
.Ed
|
||||
.El
|
||||
@@ -380,5 +474,13 @@ Location of the unbound pidfile.
|
||||
Each distribution is a special snowflake and likes to name the same thing
|
||||
differently, namely the named service script.
|
||||
.Pp
|
||||
Swapping between resolvectl and systemd-resolved subscribers at runtime
|
||||
is not supported.
|
||||
Files referenced by systemd_resolved_conf and systemd_delegate_dir
|
||||
need to be removed by hand.
|
||||
A reboot is recommended so that stale data is removed.
|
||||
While you could run them both at the same time, only using one is the
|
||||
recommended approach.
|
||||
.Pp
|
||||
Please report them to
|
||||
.Lk http://roy.marples.name/projects/openresolv
|
||||
.Lk https://roy.marples.name/projects/openresolv
|
||||
|
||||
+770
-237
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,159 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2025 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# resolvectl subscriber for resolvconf
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
|
||||
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
|
||||
|
||||
case "${resolvectl:-NO}" in
|
||||
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;;
|
||||
*) exit 0;;
|
||||
esac
|
||||
|
||||
# If we don't have resolvectl or systemd-resolved isn't running then
|
||||
# we can't do much.
|
||||
# We can't persist our data in /run/systemd/resolve/netif/$ifindex
|
||||
# because systemd-resolved keeps it somehow, ie we can't change it
|
||||
# once we have inserted it
|
||||
if ! [ -d /sys/class/net ] || \
|
||||
! type resolvectl >/dev/null 2>&1 || \
|
||||
! pidof systemd-resolved >/dev/null
|
||||
then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# resolvectl only accepts resolv.conf setup per physical interface
|
||||
# although resolvconf has always hinted that the named configuration
|
||||
# should be $interface.$protocol, this has never been a fixed requirement.
|
||||
# Because resolvectl only accepts one configuration per interface we need
|
||||
# to try and merge the resolv.conf's together.
|
||||
# Luckily resolvconf makes this easy for us.
|
||||
|
||||
# Returns a list of resolvconf entries for a real interface
|
||||
get_resolvconf_interfaces() {
|
||||
IFACE="$1"
|
||||
[ -d /sys/class/net/"$IFACE" ] || return 1
|
||||
|
||||
IFACES=
|
||||
for IFACE_PROTO in $(@SBINDIR@/resolvconf -Li "$IFACE" "$IFACE.*" 2>/dev/null); do
|
||||
# ens5 will work with ens5.dhcp and ens5.ra,
|
||||
# but not ens5.5 or ens5.5.dhcp
|
||||
if [ "$IFACE_PROTO" != "$IFACE" ]; then
|
||||
# Ensure that ens5.5.dhcp doesn't work for ens5
|
||||
if [ "${IFACE_PROTO%.*}" != "$IFACE" ]; then
|
||||
continue
|
||||
fi
|
||||
# Ensure that ens5.dhcp isn't a real interface
|
||||
# as ens5.5 likely is and the .5 matches the .dhcp
|
||||
if [ -d /sys/class/net/"$IFACE_PROTO" ]; then
|
||||
continue
|
||||
fi
|
||||
fi
|
||||
IFACES="$IFACES${IFACES:+ }$IFACE_PROTO"
|
||||
done
|
||||
echo "$IFACES"
|
||||
}
|
||||
|
||||
# For the given interface, apply a list of resolvconf entries
|
||||
apply_resolvconf() {
|
||||
IFACE="$1"
|
||||
shift
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
resolvectl revert "$IFACE"
|
||||
return
|
||||
fi
|
||||
|
||||
# Set the default-route property first to avoid leakage.
|
||||
# If any entry is private, the whole interface has to be private.
|
||||
# If a more granular approach is needed, consider using the
|
||||
# systemd-resolved subscriber instead which supports DNS delegates.
|
||||
if [ -n "$(@SBINDIR@/resolvconf -p $@)" ]; then
|
||||
resolvectl default-route "$IFACE" false
|
||||
else
|
||||
resolvectl default-route "$IFACE" true
|
||||
fi
|
||||
|
||||
# Now set domain and dns
|
||||
DOMAIN=$(@SBINDIR@/resolvconf -L $@ 2>/dev/null | sed -n -e "s/domain //p" -e "s/search //p")
|
||||
NS=$(@SBINDIR@/resolvconf -L $@ 2>/dev/null | sed -n -e "s/nameserver //p")
|
||||
if [ -n "$DOMAIN" ]; then
|
||||
# If any entry is marked as not searchable, we mark all the
|
||||
# domains as non searchable.
|
||||
# If a more granular approach is needed, consider using the
|
||||
# systemd-resolved subscriber instead which supports DNS delegates.
|
||||
if [ -n "$(@SBINDIR@/resolvconf -pp $@)" ]; then
|
||||
ND=
|
||||
for d in $DOMAIN; do
|
||||
ND="$ND${ND:+ }~$d"
|
||||
done
|
||||
DOMAIN="$ND"
|
||||
fi
|
||||
resolvectl domain "$IFACE" $DOMAIN
|
||||
else
|
||||
resolvectl domain "$IFACE" ""
|
||||
fi
|
||||
if [ -n "$NS" ]; then
|
||||
resolvectl dns "$IFACE" $NS
|
||||
else
|
||||
resolvectl dns "$IFACE" ""
|
||||
fi
|
||||
}
|
||||
|
||||
# To get the full features of resolvconf, we need to work out each interface
|
||||
# for every resolvconf addition and deletion
|
||||
# This is because resolvconf.conf might have changed OR an exclusive
|
||||
# interface deleted which makes other interfaces visible.
|
||||
cd /sys/class/net
|
||||
for IFACE in *; do
|
||||
if [ "$IFACE" = lo ]; then
|
||||
# systemd-resolved doesn't work with lo
|
||||
continue
|
||||
fi
|
||||
|
||||
IFACES=$(get_resolvconf_interfaces "$IFACE")
|
||||
apply_resolvconf "$IFACE" $IFACES
|
||||
done
|
||||
|
||||
# warn about resolv.conf with no matching interface
|
||||
FAILED=
|
||||
for IFACE_PROTO in $(@SBINDIR@/resolvconf -Li); do
|
||||
IFACE="${IFACE_PROTO%.*}"
|
||||
if [ "$IFACE" = lo ]; then
|
||||
# Don't warn about loopback interface as that is typically
|
||||
# used to configure libc for a nameserver on it and the libc
|
||||
# subscriber will process that just fine.
|
||||
continue
|
||||
fi
|
||||
|
||||
if ! [ -d "/sys/class/net/$IFACE" ]; then
|
||||
FAILED="$FAILED${FAILED:+ }$IFACE_PROTO"
|
||||
fi
|
||||
done
|
||||
if [ -n "$FAILED" ]; then
|
||||
echo "Could not apply resolv.conf to resolvectl: $FAILED" >&2
|
||||
fi
|
||||
@@ -0,0 +1,96 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2025 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# systemd-resolved subscriber for resolvconf
|
||||
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# * Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# * Redistributions in binary form must reproduce the above
|
||||
# copyright notice, this list of conditions and the following
|
||||
# disclaimer in the documentation and/or other materials provided
|
||||
# with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
|
||||
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
|
||||
|
||||
case "${systemd_resolved:-NO}" in
|
||||
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;;
|
||||
*) exit 0;;
|
||||
esac
|
||||
|
||||
[ -n "$RESOLVCONF" ] || eval "$(@SBINDIR@/resolvconf -v)"
|
||||
NL="
|
||||
"
|
||||
|
||||
: ${systemd_resolved_conf:=/run/systemd/resolved.conf.d/60-resolvconf.conf}
|
||||
: ${systemd_delegate_dir:=/run/systemd/dns-delegate.d}
|
||||
|
||||
# Try to ensure that config dirs exist
|
||||
if command -v config_mkdirs >/dev/null 2>&1; then
|
||||
config_mkdirs "$systemd_resolved_conf" "$systemd_delegate_dir/x"
|
||||
else
|
||||
@SBINDIR@/resolvconf -D "$systemd_resolved_conf" "$systemd_delegate_dir/x"
|
||||
fi
|
||||
|
||||
header="# Generated by resolvconf$NL"
|
||||
header="${header}$NL"
|
||||
header="${header}[Resolve]$NL"
|
||||
|
||||
conf="$header"
|
||||
# We emit blank values to force them to reset on SIGHUP
|
||||
conf="${conf}DNS=$NAMESERVERS$NL"
|
||||
# Indicate these nameservers are for all domain lookups by using ~.
|
||||
conf="${conf}Domains=$SEARCH${NAMESERVERS:+ ~.}$NL"
|
||||
|
||||
printf %s "$conf" >"$systemd_resolved_conf"
|
||||
|
||||
# DNS Delegates requires https://github.com/systemd/systemd/pull/34368
|
||||
rm -f "$systemd_delegate_dir/resolvconf-"*".dns-delegate"
|
||||
header="# Generated by resolvconf$NL"
|
||||
header="${header}$NL"
|
||||
header="${header}[Delegate]$NL"
|
||||
for d in $DOMAINS; do
|
||||
dn="${d%%:*}"
|
||||
ns="${d#*:}"
|
||||
dconf="${header}Domains="
|
||||
search=false
|
||||
for sd in $SEARCH; do
|
||||
if [ "$sd" = "$dn" ]; then
|
||||
search=true
|
||||
break
|
||||
fi
|
||||
done
|
||||
if ! $search; then
|
||||
dconf="${dconf}~"
|
||||
fi
|
||||
dconf="${dconf}$dn$NL"
|
||||
dconf="${dconf}DNS="
|
||||
while [ -n "$ns" ]; do
|
||||
dconf="$dconf${ns%%,*} "
|
||||
[ "$ns" = "${ns#*,}" ] && break
|
||||
ns="${ns#*,}"
|
||||
done
|
||||
dconf="$dconf$NL"
|
||||
printf %s "$dconf" >"$systemd_delegate_dir/resolvconf-$dn.dns-delegate"
|
||||
done
|
||||
|
||||
pid=$(pidof systemd-resolved)
|
||||
if [ -n "$pid" ]; then
|
||||
kill -HUP $pid
|
||||
fi
|
||||
@@ -1,5 +1,5 @@
|
||||
#!/bin/sh
|
||||
# Copyright (c) 2009-2016 Roy Marples
|
||||
# Copyright (c) 2009-2023 Roy Marples
|
||||
# All rights reserved
|
||||
|
||||
# unbound subscriber for resolvconf
|
||||
@@ -27,6 +27,7 @@
|
||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
unbound_insecure=
|
||||
unbound_private=
|
||||
|
||||
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
|
||||
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
|
||||
@@ -42,13 +43,29 @@ newconf="# Generated by resolvconf$NL"
|
||||
for d in $DOMAINS; do
|
||||
dn="${d%%:*}"
|
||||
ns="${d#*:}"
|
||||
create_unbound_insecure=false
|
||||
create_unbound_private=false
|
||||
case "$unbound_insecure" in
|
||||
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
|
||||
newconf="$newconf${NL}server:$NL"
|
||||
newconf="$newconf domain-insecure: \"$dn\"$NL"
|
||||
;;
|
||||
create_unbound_insecure=true ;;
|
||||
esac
|
||||
case "$unbound_private" in
|
||||
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
|
||||
create_unbound_private=true ;;
|
||||
esac
|
||||
if $create_unbound_insecure || $create_unbound_private; then
|
||||
newconf="$newconf${NL}server:$NL"
|
||||
if $create_unbound_insecure; then
|
||||
newconf="$newconf domain-insecure: \"$dn\"$NL"
|
||||
fi
|
||||
if $create_unbound_private; then
|
||||
newconf="$newconf private-domain: \"$dn\"$NL"
|
||||
fi
|
||||
fi
|
||||
newconf="$newconf${NL}forward-zone:$NL name: \"$dn\"$NL"
|
||||
if [ -n "$unbound_forward_zone_options" ]; then
|
||||
newconf="$newconf $unbound_forward_zone_options${NL}"
|
||||
fi
|
||||
while [ -n "$ns" ]; do
|
||||
newconf="$newconf forward-addr: ${ns%%,*}$NL"
|
||||
[ "$ns" = "${ns#*,}" ] && break
|
||||
@@ -58,13 +75,16 @@ done
|
||||
|
||||
if [ -n "$NAMESERVERS" ]; then
|
||||
newconf="$newconf${NL}forward-zone:$NL name: \".\"$NL"
|
||||
if [ -n "$unbound_forward_zone_options" ]; then
|
||||
newconf="$newconf $unbound_forward_zone_options${NL}"
|
||||
fi
|
||||
for n in $NAMESERVERS; do
|
||||
newconf="$newconf forward-addr: $n$NL"
|
||||
done
|
||||
fi
|
||||
|
||||
# Try to ensure that config dirs exist
|
||||
if type config_mkdirs >/dev/null 2>&1; then
|
||||
if command -v config_mkdirs >/dev/null 2>&1; then
|
||||
config_mkdirs "$unbound_conf"
|
||||
else
|
||||
@SBINDIR@/resolvconf -D "$unbound_conf"
|
||||
|
||||
Reference in New Issue
Block a user