contrib/openresolv: MFV openresolv 3.17.4

Reviewed by:	pfg
Approved by:	lwhsu (mentor)
Differential Revision:	https://reviews.freebsd.org/D56269
This commit is contained in:
Siva Mahadevan
2026-04-28 15:25:49 -04:00
17 changed files with 1514 additions and 427 deletions
+1 -1
View File
@@ -1,4 +1,4 @@
Copyright (c) 2007-2019 Roy Marples <roy@marples.name>
Copyright (c) 2007-2020 Roy Marples <roy@marples.name>
All rights reserved.
Redistribution and use in source and binary forms, with or without
+37 -17
View File
@@ -5,6 +5,9 @@ _CONFIG_MK!= test -e config.mk && echo config.mk || echo config-null.mk
CONFIG_MK?= ${_CONFIG_MK}
include ${CONFIG_MK}
DIST!= if test -d .git; then echo "dist-git"; \
else echo "dist-inst"; fi
SBINDIR?= /sbin
SYSCONFDIR?= /etc
LIBEXECDIR?= /libexec/resolvconf
@@ -20,9 +23,11 @@ BINMODE?= 0755
DOCMODE?= 0644
MANMODE?= 0444
RESOLVCONF= resolvconf resolvconf.8 resolvconf.conf.5
SUBSCRIBERS= libc dnsmasq named pdnsd pdns_recursor unbound
TARGET= ${RESOLVCONF} ${SUBSCRIBERS}
RESOLVCONF= resolvconf resolvconf.8 resolvconf.conf.5
SUBSCRIBERS= libc dnsmasq named pdnsd pdns_recursor unbound
SUBSCRIBERS+= systemd-resolved resolvectl
LIBC_SUBSCRIBERS= avahi-daemon mdnsd
TARGET= ${RESOLVCONF} ${SUBSCRIBERS} ${LIBC_SUBSCRIBERS}
SRCS= ${TARGET:C,$,.in,} # pmake
SRCS:= ${TARGET:=.in} # gmake
@@ -36,12 +41,12 @@ SED_RCDIR= -e 's:@RCDIR@:${RCDIR}:g'
SED_STATUSARG= -e 's:@STATUSARG@:${STATUSARG}:g'
DISTPREFIX?= ${PKG}-${VERSION}
DISTFILEGZ?= ${DISTPREFIX}.tar.gz
DISTFILE?= ${DISTPREFIX}.tar.xz
DISTINFO= ${DISTFILE}.distinfo
DISTINFOSIGN= ${DISTINFO}.asc
CKSUM?= cksum -a SHA256
PGP?= netpgp
DISTINFOMD= ${DISTINFO}.md
DISTSIGN= ${DISTFILE}.asc
SHA256?= sha256
PGP?= gpg2
GITREF?= HEAD
@@ -59,7 +64,7 @@ clean:
rm -f ${TARGET}
distclean: clean
rm -f config.mk ${DISTFILE} ${DISTINFO} ${DISTINFOSIGN}
rm -f config.mk ${DISTFILE} ${DISTINFO} ${DISTINFOMD} ${DISTSIGN}
installdirs:
@@ -71,6 +76,9 @@ proginstall: ${TARGET}
${INSTALL} -m ${DOCMODE} resolvconf.conf ${DESTDIR}${SYSCONFDIR}
${INSTALL} -d ${DESTDIR}${LIBEXECDIR}
${INSTALL} -m ${DOCMODE} ${SUBSCRIBERS} ${DESTDIR}${LIBEXECDIR}
${INSTALL} -d ${DESTDIR}${LIBEXECDIR}/libc.d
${INSTALL} -m ${DOCMODE} ${LIBC_SUBSCRIBERS} \
${DESTDIR}${LIBEXECDIR}/libc.d
maninstall:
${INSTALL} -d ${DESTDIR}${MANDIR}/man8
@@ -87,18 +95,30 @@ dist-inst:
mkdir /tmp/${DISTPREFIX}
cp -RPp * /tmp/${DISTPREFIX}
(cd /tmp/${DISTPREFIX}; make clean)
tar -cvjpf ${DISTFILE} -C /tmp ${DISTPREFIX}
tar -cvJpf ${DISTFILE} -C /tmp ${DISTPREFIX}
rm -rf /tmp/${DISTPREFIX}
dist: dist-git
dist: ${DIST}
distinfo: dist
rm -f ${DISTINFO} ${DISTINFOSIGN}
${CKSUM} ${DISTFILE} >${DISTINFO}
#printf "SIZE (${DISTFILE}) = %s\n" $$(wc -c <${DISTFILE}) >>${DISTINFO}
${PGP} --clearsign --output=${DISTINFOSIGN} ${DISTINFO}
chmod 644 ${DISTINFOSIGN}
ls -l ${DISTFILE} ${DISTINFO} ${DISTINFOSIGN}
rm -f ${DISTINFO} ${DISTSIGN}
${SHA256} ${DISTFILE} >${DISTINFO}
wc -c <${DISTFILE} \
| xargs printf 'Size (${DISTFILE}) = %s\n' >>${DISTINFO}
${PGP} --sign --armour --detach ${DISTFILE}
chmod 644 ${DISTSIGN}
ls -l ${DISTFILE} ${DISTINFO} ${DISTSIGN}
${DISTINFOMD}: ${DISTINFO}
echo '```' >${DISTINFOMD}
cat ${DISTINFO} >>${DISTINFOMD}
echo '```' >>${DISTINFOMD}
release: distinfo ${DISTINFOMD}
gh release create v${VERSION} \
--title "openresolv ${VERSION}" --draft --generate-notes \
--notes-file ${DISTINFOMD} \
${DISTFILE} ${DISTSIGN}
import: dist
rm -rf /tmp/${DISTPREFIX}
@@ -115,4 +135,4 @@ _import-src:
@${ECHO} "openresolv-${VERSION} imported to ${DESTDIR}"
import-src:
${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else echo /tmp/${DISTPREFIX}; fi`
${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else echo /tmp/${DISTPREFIX}; fi`
+7 -2
View File
@@ -37,7 +37,7 @@ Here's some reasons:
The last point is quite important, especially when running VPN systems.
Take the following resolv.conf files which have been generated by a
[DHCP client](../dhcpcd) and sent to resolvconf:
[DHCP client](https://github.com/NetworkConfiguration/dhcpcd) and sent to resolvconf:
```
# resolv.conf from bge0
@@ -58,7 +58,12 @@ openresolv ships with helpers for:
* [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
* [ISC BIND](http://www.isc.org/software/bind)
* [PowerDNS Recursor](http://wiki.powerdns.com/trac)
* [systemd-resolved](https://www.freedesktop.org/software/systemd/man/latest/systemd-resolved.service.html)
See the
[configuration section](https://roy.marples.name/projects/openresolv/config)
[configuration section](https://roy.marples.name/projects/openresolv/configuration)
for more details.
If openresolv updates `/etc/resolv.conf` it can notify the following of this:
* [Bonjour (mdnsd)](https://developer.apple.com/bonjour/)
* [avahi](http://www.avahi.org/)
+32
View File
@@ -0,0 +1,32 @@
#!/bin/sh
# Copyright (c) 2007-2023 Roy Marples
# All rights reserved
# avahi-daemon notifier for resolvconf libc subscriber
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
: ${avahi_daemon_pidfile:=/var/run/avahi-daemon/pid}
if [ -s "$avahi_daemon_pidfile" ]; then
kill -HUP $(cat "$avahi_daemon_pidfile")
fi
Vendored Regular → Executable
+2 -2
View File
@@ -39,7 +39,7 @@ for x do
--includedir) eval INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }$var";;
--datadir|--infodir) ;; # ignore autotools
--disable-maintainer-mode|--disable-dependency-tracking) ;;
--help) echo "See the README file for available options"; exit 0;;
--help) echo "See the source for available options"; exit 0;;
*) echo "$0: WARNING: unknown option $opt" >&2;;
esac
done
@@ -92,7 +92,7 @@ dragonfly*)
: ${LIBEXECDIR:=${PREFIX:-/usr}/libexec/resolvconf}
;;
linux*)
# cksum does't support -a and netpgp is rare
# cksum doesn't support -a and netpgp is rare
echo "CKSUM= sha256sum --tag" >>$CONFIG_MK
echo "PGP= gpg2" >>$CONFIG_MK
;;
+4 -4
View File
@@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2007-2019 Roy Marples
# Copyright (c) 2007-2023 Roy Marples
# All rights reserved
# dnsmasq subscriber for resolvconf
@@ -105,7 +105,7 @@ for d in $DOMAINS; do
empty=true
continue
fi
i=$(($i + 1))
i=$((i + 1))
while [ ${#addr} -lt 4 ]; do
addr="0${addr}"
done
@@ -118,7 +118,7 @@ for d in $DOMAINS; do
fi
done
while [ $i != 8 ]; do
i=$(($i + 1))
i=$((i + 1))
front="$front byte:0 byte:0"
done
front="${front}$back"
@@ -151,7 +151,7 @@ else
fi
# Try to ensure that config dirs exist
if type config_mkdirs >/dev/null 2>&1; then
if command -v config_mkdirs >/dev/null 2>&1; then
config_mkdirs "$dnsmasq_conf" "$dnsmasq_resolv"
else
@SBINDIR@/resolvconf -D "$dnsmasq_conf" "$dnsmasq_resolv"
+57 -25
View File
@@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2007-2019 Roy Marples
# Copyright (c) 2007-2025 Roy Marples
# All rights reserved
# libc subscriber for resolvconf
@@ -29,10 +29,23 @@
SYSCONFDIR=@SYSCONFDIR@
LIBEXECDIR=@LIBEXECDIR@
VARDIR=@VARDIR@
IFACEDIR="$VARDIR/interfaces"
KEYDIR="$VARDIR/keys"
# Compat
if [ ! -d "$KEYDIR" ] && [ -d "$VARDIR/interfaces" ]; then
KEYDIR="$VARDIR/interfaces"
fi
CMD="$1"
KEY="$2"
NL="
"
warn()
{
echo "${0##*/}: $*" >&2
}
# sed may not be available, and this is faster on small files
key_get_value()
{
@@ -94,8 +107,12 @@ elif [ -d "$SYSCONFDIR"/resolvconf ]; then
fi
fi
: ${resolv_conf:=/etc/resolv.conf}
if [ "$resolv_conf" = "/dev/null" ]; then
exit 0
fi
: ${resolv_conf_tmp:="$resolv_conf.$$.openresolv"}
: ${libc_service:=nscd}
: ${list_resolv:=@SBINDIR@/resolvconf -l}
: ${list_resolv:=@SBINDIR@/resolvconf -L}
if [ "${resolv_conf_head-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.head ]
then
resolv_conf_head="$(cat "${SYSCONFDIR}"/resolv.conf.head)"
@@ -105,9 +122,8 @@ then
resolv_conf_tail="$(cat "$SYSCONFDIR"/resolv.conf.tail)"
fi
backup=true
signature="# Generated by resolvconf"
uniqify()
{
result=
@@ -123,15 +139,14 @@ uniqify()
case "${resolv_conf_passthrough:-NO}" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
backup=false
newest=
for conf in "$IFACEDIR"/*; do
for conf in "$KEYDIR"/*; do
if [ -z "$newest" ] || [ "$conf" -nt "$newest" ]; then
newest="$conf"
fi
done
[ -z "$newest" ] && exit 0
newconf="$(cat "$newest")$NL"
newconf="$signature$NL$(cat "$newest")$NL"
;;
/dev/null|[Nn][Uu][Ll][Ll])
: ${resolv_conf_local_only:=NO}
@@ -207,27 +222,44 @@ esac
# Check if the file has actually changed or not
if [ -e "$resolv_conf" ]; then
[ "$(cat "$resolv_conf")" = "$(printf %s "$newconf")" ] && exit 0
fi
# Change is good.
# If the old file does not have our signature, back it up.
# If the new file just has our signature, restore the backup.
if $backup; then
if [ "$newconf" = "$signature$NL" ]; then
if [ -e "$resolv_conf.bak" ]; then
newconf="$(cat "$resolv_conf.bak")$NL"
fi
elif [ -e "$resolv_conf" ]; then
read line <"$resolv_conf"
if [ "$line" != "$signature" ]; then
cp "$resolv_conf" "$resolv_conf.bak"
if [ "$CMD" != u ] && \
[ "$(cat "$resolv_conf")" = "$(printf %s "$newconf")" ]
then
exit 0
fi
read line <"$resolv_conf"
if [ "$line" != "$signature" ]; then
if [ "$CMD" != u ]; then
warn "signature mismatch: $resolv_conf"
warn "run \`resolvconf -u\` to update"
exit 1
fi
cp "$resolv_conf" "$resolv_conf.bak"
fi
fi
# Create our resolv.conf now
(umask 022; echo "$newconf" >"$resolv_conf")
# There are pros and cons for writing directly to resolv.conf
# instead of a temporary file and then moving it over.
# The default is to write to resolv.conf as it has the least
# issues and has been the long standing default behaviour.
# resolv.conf could also be bind mounted for network namespaces
# so we cannot move in this instance.
case "${resolv_conf_mv:-NO}" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
# Protect against symlink attack, ensure new file does not exist
rm -f "$resolv_conf_tmp"
# Keep original file owner, group and mode
[ -r "$resolv_conf" ] && cp -p "$resolv_conf" "$resolv_conf_tmp"
# Create our resolv.conf now
if (umask 022; printf %s "$newconf" >"$resolv_conf_tmp"); then
mv "$resolv_conf_tmp" "$resolv_conf"
fi
;;
*)
(umask 022; printf %s "$newconf" >"$resolv_conf")
;;
esac
if [ -n "$libc_restart" ]; then
eval $libc_restart
elif [ -n "$RESTARTCMD" ]; then
+32
View File
@@ -0,0 +1,32 @@
#!/bin/sh
# Copyright (c) 2007-2023 Roy Marples
# All rights reserved
# mdnsd notifier for resolvconf libc subscriber
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
: ${mdnsd_pidfile:=/var/run/mdnsd/mdnsd.pid}
if [ -s "$mdnsd_pidfile" ]; then
kill -HUP $(cat "$mdnsd_pidfile")
fi
+2 -2
View File
@@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2007-2016 Roy Marples
# Copyright (c) 2007-2023 Roy Marples
# All rights reserved
# named subscriber for resolvconf
@@ -79,7 +79,7 @@ for d in $DOMAINS; do
done
# Try to ensure that config dirs exist
if type config_mkdirs >/dev/null 2>&1; then
if command -v config_mkdirs >/dev/null 2>&1; then
config_mkdirs "$named_options" "$named_zones"
else
@SBINDIR@/resolvconf -D "$named_options" "$named_zones"
+2 -2
View File
@@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2009-2019 Roy Marples
# Copyright (c) 2009-2023 Roy Marples
# All rights reserved
# PowerDNS Recursor subscriber for resolvconf
@@ -54,7 +54,7 @@ for d in $DOMAINS; do
done
# Try to ensure that config dirs exist
if type config_mkdirs >/dev/null 2>&1; then
if command -v config_mkdirs >/dev/null 2>&1; then
config_mkdirs "$pdnsd_zones"
else
@SBINDIR@/resolvconf -D "$pdnsd_zones"
+5 -5
View File
@@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2010-2018 Roy Marples
# Copyright (c) 2010-2023 Roy Marples
# All rights reserved
# pdnsd subscriber for resolvconf
@@ -46,7 +46,7 @@ remove_markers()
in_marker=0
shift; shift
if type sed >/dev/null 2>&1; then
if command -v sed >/dev/null 2>&1; then
sed "/^$m1/,/^$m2/d" $@
else
for x do
@@ -66,9 +66,9 @@ remove_markers()
change_file()
{
if [ -e "$1" ]; then
if type cmp >/dev/null 2>&1; then
if command -v cmp >/dev/null 2>&1; then
cmp -s "$1" "$2"
elif type diff >/dev/null 2>&1; then
elif command -v diff >/dev/null 2>&1; then
diff -q "$1" "$2" >/dev/null
else
# Hopefully we're only working on small text files ...
@@ -88,7 +88,7 @@ newresolv="# Generated by resolvconf$NL"
changed=false
# Try to ensure that config dirs exist
if type config_mkdirs >/dev/null 2>&1; then
if command -v config_mkdirs >/dev/null 2>&1; then
config_mkdirs "$pdnsd_resolv" "$pdnsd_conf"
else
@SBINDIR@/resolvconf -D "$pdnsd_resolv" "$pdnsd_conf"
+141 -85
View File
@@ -1,4 +1,4 @@
.\" Copyright (c) 2007-2016 Roy Marples
.\" Copyright (c) 2007-2025 Roy Marples
.\" All rights reserved
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd November 29, 2016
.Dd June 26, 2025
.Dt RESOLVCONF 8
.Os
.Sh NAME
@@ -35,14 +35,18 @@
.Op Fl m Ar metric
.Op Fl p
.Op Fl x
.Fl a Ar interface Ns Op Ar .protocol
.Fl a Ar key
.No < Ns Pa file
.Nm
.Fl C Ar pattern
.Nm
.Fl c Ar pattern
.Nm
.Op Fl f
.Fl d Ar interface Ns Op Ar .protocol
.Fl d Ar key
.Nm
.Op Fl x
.Fl il Ar pattern
.Fl iLlp Ar pattern
.Nm
.Fl u
.Nm
@@ -68,12 +72,20 @@ file to
via
.Xr stdin 4
with the argument
.Fl a Ar interface Ns Op Ar .protocol
.Fl a Ar key
instead of the filesystem.
.Nm
then updates
.Pa /etc/resolv.conf
as it thinks best.
If
.Pa /etc/resolv.conf
already exists and the top line does not match the expected signature,
then
.Nm
will refuse to update it unless the
.Fl u
update command is given.
When a local resolver other than libc is installed, such as
.Xr dnsmasq 8
or
@@ -82,27 +94,40 @@ then
.Nm
will supply files that the resolver should be configured to include.
.Pp
At it's heart,
.Nm
assumes it has a job to do.
In some situations
is a key/value store for
.Pa resolv.conf
files.
Each entry must have a unique
.Ar key
and should be expressed as
.Sy interface.protocol
so that it's easy to tell from where the
.Pa resolv.conf
file came from.
This also allows using pattern matching such as
.Sy interface.*
to match all protocols running on the interface.
For example, a modern system will likely run DHCP, RA and DHCPv6
which could be from separate programs or one program running
many protocols.
However, this is not a fixed requirement,
.Nm
needs to act as a deterrent to writing to
.Pa /etc/resolv.conf .
Where this file cannot be made immutable or you just need to toggle this
behaviour,
.Nm
can be disabled by adding
.Sy resolvconf Ns = Ns NO
to
.Xr resolvconf.conf 5 .
will work with any key name and it should be treated as an opaque value
outside of
.Nm .
.Pp
.Nm
can mark an interfaces
can mark a
.Pa resolv.conf
as private.
as private and optionally non-searchable.
This means that the name servers listed in that
.Pa resolv.conf
are only used for queries against the domain/search listed in the same file.
are only used for queries against the domain/search listed in the same file
and if non-searchable then the domain/search listed are
excluded from the global search list defined in
.Pa /etc/resolv.conf .
This only works when a local resolver other than libc is installed.
See
.Xr resolvconf.conf 5
@@ -111,57 +136,97 @@ for how to configure
to use a local name server and how to remove the private marking.
.Pp
.Nm
can mark an interfaces
can mark a
.Pa resolv.conf
as exclusive.
Only the latest exclusive interface is used for processing, otherwise all are.
Only the latest exclusive key is used for processing, otherwise all are.
.Pp
When an interface goes down, it should then call
When a configuration source goes away,
such as an interface going down or a VPN stopping,
it should then call
.Nm
with
.Fl d Ar interface.*
arguments to delete the
.Fl d Ar key
arguments to clean up the
.Pa resolv.conf
file(s) for all the
.Ar protocols
on the
.Ar interface .
it added previously.
For systems that support the concept of persisting configuration when
the source is suspended,
such as the carrier going down,
then it should instead call
.Nm
with
.Fl C Ar key
arguments to deprecate the entry
.Fl c Ar key
to activate the entry when it comes back again.
This only affects the order in which the
.Pa resolv.conf
entries are processed.
.Pp
Here are some options for the above commands:-
Here are some options for the above commands:
.Bl -tag -width pattern_opt
.It Fl f
Ignore non existent interfaces.
Only really useful for deleting interfaces.
Ignore non existent
.Pa resolv.conf
entries.
Only really useful for deleting.
.It Fl m Ar metric
Set the metric of the interface when adding it, default of 0.
Set the metric of the
.Pa resolv.conf
entry when adding it, default of 0.
Lower metrics take precedence.
This affects the default order of interfaces when listed.
.It Fl p
Marks the interface
This affects the default order of entires when listed.
.It Fl p Op Ar pattern
Marks the
.Pa resolv.conf
as private.
as private if the
.Fl a
command is given, otherwise
.Pa resolv.conf
entries having their key matching
.Ar pattern
are listed.
If an extra
.Fl p
is given then the
.Pa resolv.conf
is marked as non-searchable as well.
.It Fl x
Mark the interface
Mark the
.Pa resolv.conf
as exclusive when adding, otherwise only use the latest exclusive interface.
as exclusive when adding, otherwise only use the latest exclusive key.
.El
.Pp
.Nm
has some more commands for general usage:-
has some more commands for general usage:
.Bl -tag -width pattern_opt
.It Fl i Ar pattern
List the interfaces and protocols, optionally matching
.It Fl i Op Ar pattern
List the keys stored, optionally matching
.Ar pattern ,
we have
.Pa resolv.conf
files for.
.It Fl l Ar pattern
If the
.Fl L
option is given first, then the keys will be list post-processed.
.It Fl L Op Ar pattern
List the
.Pa resolv.conf
files we have,
post-processed by the
.Xr resolvconf.conf 5
configuration.
If
.Ar pattern
is specified then we list the files for the keys which match it.
.It Fl l Op Ar pattern
List the
.Pa resolv.conf
files we have.
If
.Ar pattern
is specified then we list the files for the interfaces and protocols
is specified then we list the files for the keys which match it.
that match it.
.It Fl u
Force
@@ -169,27 +234,23 @@ Force
to update all its subscribers.
.Nm
does not update the subscribers when adding a resolv.conf that matches
what it already has for that interface.
what it already has for that key.
.It Fl Fl version
Echo the resolvconf version to
.Em stdout .
.El
.Pp
.Nm
also has some commands designed to be used by it's subscribers and
system startup:-
also has some commands designed to be used by its subscribers and
system startup:
.Bl -tag -width pattern_opt
.It Fl I
Initialise the state directory
.Pa @VARDIR@ .
This only needs to be called if the initial system boot sequence does not
automatically clean it out; for example the state directory is moved
somewhere other than
.Pa /var/run .
If used, it should only be called once as early in the system boot sequence
as possible and before
.Nm
is used to add interfaces.
This should be called after the base state directory has either been
cleaned out or mounted as a memory backed filesystem during the
initial boot sequence before any daemon has the chance to call
.Nm .
.It Fl R
Echo the command used to restart a service.
.It Fl r Ar service
@@ -208,17 +269,18 @@ except that only the information configured in
.Xr resolvconf.conf 5
is set.
.El
.Sh INTERFACE ORDERING
.Sh RESOLV.CONF ORDERING
For
.Nm
to work effectively, it has to process the resolv.confs for the interfaces
in the correct order.
to work effectively, it has to process the
.Pa resolv.conf
entries in the correct order.
.Nm
first processes interfaces from the
.Sy interface_order
list, then interfaces without a metic and that match the
first processes keys from the
.Sy key_order
list, then entries without a metric and that match the
.Sy dynamic_order
list, then interfaces with a metric in order and finally the rest in
list, then entries with a metric in order and finally the rest in
the operating systems lexical order.
See
.Xr resolvconf.conf 5
@@ -226,19 +288,9 @@ for details on these lists.
.Sh PROTOCOLS
Here are some suggested protocol tags to use for each
.Pa resolv.conf
file registered on an
.Ar interface Ns No :-
.Bl -tag -width pattern_opt
.It dhcp
Dynamic Host Configuration Protocol.
Initial versions of
.Nm
did not recommend a
.Ar protocol
tag be appended to the
.Ar interface
name.
When the protocol is absent, it is assumed to be the DHCP protocol.
.It ppp
Point-to-Point Protocol.
.It ra
@@ -270,11 +322,15 @@ option is not present then we use
.Va IF_METRIC
for the metric.
.It Va IF_PRIVATE
Marks the interface
Marks the
.Pa resolv.conf
as private.
.It Va IF_NOSEARCH
Marks the
.Pa resolv.conf
as non-searchable.
.It Va IF_EXCLUSIVE
Marks the interface
Marks the
.Pa resolv.conf
as exclusive.
.El
@@ -295,6 +351,17 @@ Directory of subscribers which are run after the libc subscriber is run.
State directory for
.Nm .
.El
.Sh NOTES
Domain labels are assumed to be in ASCII and are converted to lower case
to avoid duplicate zones when given differing case from different sources.
.Pp
When running a local resolver other than libc, you will need to configure it
to include files that
.Nm
will generate.
You should consult
.Xr resolvconf.conf 5
for instructions on how to configure your resolver.
.Sh SEE ALSO
.Xr resolver 3 ,
.Xr stdin 4 ,
@@ -310,14 +377,3 @@ resolvconf, as written by Thomas Hood.
.Sh BUGS
Please report them to
.Lk http://roy.marples.name/projects/openresolv
.Pp
.Nm
does not validate any of the files given to it.
.Pp
When running a local resolver other than libc, you will need to configure it
to include files that
.Nm
will generate.
You should consult
.Xr resolvconf.conf 5
for instructions on how to configure your resolver.
+142 -40
View File
@@ -1,4 +1,4 @@
.\" Copyright (c) 2009-2016 Roy Marples
.\" Copyright (c) 2009-2025 Roy Marples
.\" All rights reserved
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd September 8, 2019
.Dd May 15, 2025
.Dt RESOLVCONF.CONF 5
.Os
.Sh NAME
@@ -61,26 +61,44 @@ Set to NO to disable
.Nm resolvconf
from running any subscribers.
Defaults to YES.
.It Sy interface_order
These interfaces will always be processed first.
If unset, defaults to the following:-
.Bd -compact -literal -offset indent
.It Sy allow_keys
If set, only these keys will be processed.
.It Sy deny_keys
If set, these keys will not be processed.
.It Sy exclude
Is a space separated list of key/value pairs to match.
If all key/value pairs in one element can be found in the file,
then the whole file will be excluded from processing.
The syntax is this:
.Va $keyword Ns / Ns Va $match Ns Op / Ns Va $keyword Ns / Ns Va $match
.Pp
For example given this configuration:
.Bd -literal -compact -offset indent
exclude="search/foo*/nameserver/1.2.3.4 search/bar.org"
.Ed
.Pp
Then any resolv.conf with both a search option starting with foo with a nameserver of 1.2.3.4
OR a search option of bar.org would be excluded.
.It Sy key_order
These keys will always be processed first.
If unset, defaults to the following:
.Bd -literal -compact -offset indent
lo lo[0-9]*
.Ed
.It Sy dynamic_order
These interfaces will be processed next, unless they have a metric.
If unset, defaults to the following:-
.Bd -compact -literal -offset indent
tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]*
These keys will be processed next, unless they have a metric.
If unset, defaults to the following:
.Bd -literal -compact -offset indent
tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]*
.Ed
.It Sy inclusive_interfaces
Ignore any exclusive marking for these interfaces.
.It Sy inclusive_keys
Ignore any exclusive marking for these keys.
This is handy when 3rd party integrations force the
.Nm resolvconf -x
option and you want to disable it easily.
.It Sy local_nameservers
If unset, defaults to the following:-
.Bd -compact -literal -offset indent
If unset, defaults to the following:
.Bd -literal -compact -offset indent
127.* 0.0.0.0 255.255.255.255 ::1
.Ed
.It Sy search_domains
@@ -101,20 +119,25 @@ Append name servers to the dynamically generated list.
A list of name servers to be removed from consideration.
The default is 0.0.0.0 as some faulty routers send it via DHCP.
To remove a block, you can use 192.168.*
.It Sy private_interfaces
These interfaces name servers will only be queried for the domains listed
.It Sy private_keys
These keys name servers will only be queried for the domains listed
in their resolv.conf.
Useful for VPN domains.
Setting
.Sy private_interfaces Ns ="*"
.Sy private_keys Ns ="*"
will stop the forwarding of the root zone and allows the local resolver to
recursively query the root servers directly.
Requires a local nameserver other than libc.
This is equivalent to the
.Nm resolvconf -p
option.
.It Sy public_interfaces
Force these interface to be public, overriding the private marking.
.It Sy nosearch_keys
These keys domains/search won't be added to the global search list
in
.Pa /etc/resolv.conf .
.It Sy public_keys
Force these keys to be public, overriding the private and nosearch
markings.
This is handy when 3rd party integrations force the
.Nm resolvconf -p
option and you want to disable it easily.
@@ -124,24 +147,27 @@ The syntax is this:
.Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement
.Pp
Example, given this resolv.conf:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
domain foo.org
search foo.org dead.beef
nameserver 1.2.3.4
nameserver 2.3.4.5
.Ed
and this configuaration:
.Bd -compact -literal -offset indent
.Pp
and this configuration:
.Bd -literal -compact -offset indent
replace="search/foo*/bar.com"
replace="$replace nameserver/1.2.3.4/5.6.7.8"
replace="$replace nameserver/2.3.4.5/"
.Ed
.Pp
you would get this resolv.conf instead:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
domain foo.org
search bar.com
nameserver 5.6.7.8
.Ed
.Pp
.It Sy replace_sub
Works the same way as
.Sy replace
@@ -152,11 +178,12 @@ Using the same example resolv.conf and changing
to
.Sy replace_sub ,
you would get this resolv.conf instead:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
domain foo.org
search bar.com dead.beef
nameserver 5.6.7.8
.Ed
.Pp
.It Sy state_dir
Override the default state directory of
.Pa @VARDIR@ .
@@ -167,12 +194,17 @@ is in use unless the old directory is copied to the new one.
.Sh LIBC OPTIONS
The following variables affect
.Xr resolv.conf 5
directly:-
directly:
.Bl -tag -width indent
.It Sy resolv_conf
Defaults to
.Pa /etc/resolv.conf
if not set.
Set to
.Pa /dev/null
to stop
.Xr resolvconf 8
from changing it.
.It Sy resolv_conf_options
A list of libc resolver options, as specified in
.Xr resolv.conf 5 .
@@ -188,6 +220,14 @@ is unset unless overridden and only the information set in
.Nm
is written to
.Sy resolv_conf .
.It Sy resolv_conf_restore
When set to YES and
and an empty
.Pa resolv.conf
would be written, restore
.Pa resolv.conf.bak
instead if it exists.
Defaults to YES if not set.
.It Sy resolv_conf_sortlist
A libc resolver sortlist, as specified in
.Xr resolv.conf 5 .
@@ -206,21 +246,28 @@ Prepend name servers to the dynamically generated list.
Append search domains to the dynamically generated list.
.It Sy prepend_search
Prepend search domains to the dynamically generated list.
.It Sy resolv_conf_mv
Defaults to NO.
Defines if
.Pa /etc/resolv.conf
is updated by writing to a temporary file and then moving it
vs writing directly to it.
.El
.Sh SUBSCRIBER OPTIONS
openresolv ships with subscribers for the name servers
.Xr dnsmasq 8 ,
.Xr named 8 ,
.Xr pdnsd 8 ,
.Xr pdns_recursor 8 ,
.Xr pdns_recursor 1 ,
and
.Xr unbound 8 .
Each subscriber can create configuration files which should be included in
in the subscribers main configuration file.
the subscribers main configuration file.
.Pp
To disable a subscriber, simply set it's name to NO.
To disable a subscriber, simply set its name to NO.
If the subscriber name has a dash in it, then replace it with an underscore.
For example, to disable the libc subscriber you would set:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
libc=NO
.Ed
.Bl -tag -width indent
@@ -230,14 +277,14 @@ This file tells dnsmasq which name servers to use for specific domains.
This file tells dnsmasq which name servers to use for global lookups.
.Pp
Example resolvconf.conf for dnsmasq:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
name_servers=127.0.0.1
dnsmasq_conf=/etc/dnsmasq-conf.conf
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
.Ed
.Pp
Example dnsmasq.conf:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
listen-address=127.0.0.1
# If dnsmasq is compiled for DBus then we can take
# advantage of not having to restart dnsmasq.
@@ -253,14 +300,14 @@ Include this file in the named global scope, after the options block.
This file tells named which name servers to use for specific domains.
.Pp
Example resolvconf.conf for named:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
name_servers=127.0.0.1
named_options=/etc/named-options.conf
named_zones=/etc/named-zones.conf
.Ed
.Pp
Example named.conf:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
options {
listen-on { 127.0.0.1; };
include "/etc/named-options.conf";
@@ -281,14 +328,14 @@ If this variable is not set then it's written to
.Pa pdnsd_conf .
.Pp
Example resolvconf.conf for pdnsd:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
name_servers=127.0.0.1
pdnsd_conf=/etc/pdnsd.conf
# pdnsd_resolv=/etc/pdnsd-resolv.conf
.Ed
.Pp
Example pdnsd.conf:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
global {
server_ip = 127.0.0.1;
status_ctl = on;
@@ -304,29 +351,76 @@ server {
This file tells pdns_recursor about specific and global name servers.
.Pp
Example resolvconf.conf for pdns_recursor:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
name_servers=127.0.0.1
pdns_zones=/etc/pdns/recursor-zones.conf
.Ed
.Pp
Example recursor.conf:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
allow-from=127.0.0.0/8, ::1/128
forward-zones-file=/etc/pdns/recursor-zones.conf
.Ed
.It Sy resolvectl
When set to YES,
.Xr resolvectl 1
will be used to write per interface entries from
.Xr resolvconf 8
to
.Xr systemd-resolved 8 .
A warning is emitted for any entry that cannot be matched to an
interface.
.Pp
This subscriber should only be used if your systemd-resolved does
not support DNS delegates and you need private or non searchable
.Xr resolvconf 8
entries, or you're really beholden to seeing DNS setup per interface via
.Xr resolvectl 1 .
The systemd-resolved subscriber documented below is the better option.
.Pp
Example resolvconf.conf for resolvectl:
.Bd -literal -compact -offset indent
# Keep /etc/resolv.conf as systemd-resolved wants it
libc=NO
resolvectl=YES
.Ed
.It Sy systemd_resolved
When set to YES, global DNS will be written to the
.Sy systemd_resolved_conf
configuration file and DNS delegates will be written to the
.Sy systemd_delegate_dir
directory.
.It Sy systemd_resolved_conf
Defaults to
.Pa /run/systemd/resolved.conf.d/60-resolvconf.conf .
.It Sy systemd_delegate_dir
Defaults to
.Pa /run/systemd/dns-delegate.d .
.Pp
Example resolvconf.conf for systemd-resolved:
.Bd -literal -compact -offset indent
# Keep /etc/resolv.conf as systemd-resolved wants it
libc=NO
systemd_resolved=YES
.Ed
.It Sy unbound_conf
This file tells unbound about specific and global name servers.
.It Sy unbound_insecure
When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC.
.It Sy unbound_private
When set to YES, unbound marks the domains as private, allowing it and its subdomains to contain private addresses.
.It Sy unbound_forward_zone_options
Options appended to each forward zone.
Each option should be separated by an embedded new line.
.Pp
Example resolvconf.conf for unbound:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
name_servers=127.0.0.1
unbound_conf=/etc/unbound-resolvconf.conf
.Ed
.Pp
Example unbound.conf:
.Bd -compact -literal -offset indent
.Bd -literal -compact -offset indent
include: /etc/unbound-resolvconf.conf
.Ed
.El
@@ -380,5 +474,13 @@ Location of the unbound pidfile.
Each distribution is a special snowflake and likes to name the same thing
differently, namely the named service script.
.Pp
Swapping between resolvectl and systemd-resolved subscribers at runtime
is not supported.
Files referenced by systemd_resolved_conf and systemd_delegate_dir
need to be removed by hand.
A reboot is recommended so that stale data is removed.
While you could run them both at the same time, only using one is the
recommended approach.
.Pp
Please report them to
.Lk http://roy.marples.name/projects/openresolv
.Lk https://roy.marples.name/projects/openresolv
File diff suppressed because it is too large Load Diff
+159
View File
@@ -0,0 +1,159 @@
#!/bin/sh
# Copyright (c) 2025 Roy Marples
# All rights reserved
# resolvectl subscriber for resolvconf
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
case "${resolvectl:-NO}" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;;
*) exit 0;;
esac
# If we don't have resolvectl or systemd-resolved isn't running then
# we can't do much.
# We can't persist our data in /run/systemd/resolve/netif/$ifindex
# because systemd-resolved keeps it somehow, ie we can't change it
# once we have inserted it
if ! [ -d /sys/class/net ] || \
! type resolvectl >/dev/null 2>&1 || \
! pidof systemd-resolved >/dev/null
then
exit 1
fi
# resolvectl only accepts resolv.conf setup per physical interface
# although resolvconf has always hinted that the named configuration
# should be $interface.$protocol, this has never been a fixed requirement.
# Because resolvectl only accepts one configuration per interface we need
# to try and merge the resolv.conf's together.
# Luckily resolvconf makes this easy for us.
# Returns a list of resolvconf entries for a real interface
get_resolvconf_interfaces() {
IFACE="$1"
[ -d /sys/class/net/"$IFACE" ] || return 1
IFACES=
for IFACE_PROTO in $(@SBINDIR@/resolvconf -Li "$IFACE" "$IFACE.*" 2>/dev/null); do
# ens5 will work with ens5.dhcp and ens5.ra,
# but not ens5.5 or ens5.5.dhcp
if [ "$IFACE_PROTO" != "$IFACE" ]; then
# Ensure that ens5.5.dhcp doesn't work for ens5
if [ "${IFACE_PROTO%.*}" != "$IFACE" ]; then
continue
fi
# Ensure that ens5.dhcp isn't a real interface
# as ens5.5 likely is and the .5 matches the .dhcp
if [ -d /sys/class/net/"$IFACE_PROTO" ]; then
continue
fi
fi
IFACES="$IFACES${IFACES:+ }$IFACE_PROTO"
done
echo "$IFACES"
}
# For the given interface, apply a list of resolvconf entries
apply_resolvconf() {
IFACE="$1"
shift
if [ -z "$1" ]; then
resolvectl revert "$IFACE"
return
fi
# Set the default-route property first to avoid leakage.
# If any entry is private, the whole interface has to be private.
# If a more granular approach is needed, consider using the
# systemd-resolved subscriber instead which supports DNS delegates.
if [ -n "$(@SBINDIR@/resolvconf -p $@)" ]; then
resolvectl default-route "$IFACE" false
else
resolvectl default-route "$IFACE" true
fi
# Now set domain and dns
DOMAIN=$(@SBINDIR@/resolvconf -L $@ 2>/dev/null | sed -n -e "s/domain //p" -e "s/search //p")
NS=$(@SBINDIR@/resolvconf -L $@ 2>/dev/null | sed -n -e "s/nameserver //p")
if [ -n "$DOMAIN" ]; then
# If any entry is marked as not searchable, we mark all the
# domains as non searchable.
# If a more granular approach is needed, consider using the
# systemd-resolved subscriber instead which supports DNS delegates.
if [ -n "$(@SBINDIR@/resolvconf -pp $@)" ]; then
ND=
for d in $DOMAIN; do
ND="$ND${ND:+ }~$d"
done
DOMAIN="$ND"
fi
resolvectl domain "$IFACE" $DOMAIN
else
resolvectl domain "$IFACE" ""
fi
if [ -n "$NS" ]; then
resolvectl dns "$IFACE" $NS
else
resolvectl dns "$IFACE" ""
fi
}
# To get the full features of resolvconf, we need to work out each interface
# for every resolvconf addition and deletion
# This is because resolvconf.conf might have changed OR an exclusive
# interface deleted which makes other interfaces visible.
cd /sys/class/net
for IFACE in *; do
if [ "$IFACE" = lo ]; then
# systemd-resolved doesn't work with lo
continue
fi
IFACES=$(get_resolvconf_interfaces "$IFACE")
apply_resolvconf "$IFACE" $IFACES
done
# warn about resolv.conf with no matching interface
FAILED=
for IFACE_PROTO in $(@SBINDIR@/resolvconf -Li); do
IFACE="${IFACE_PROTO%.*}"
if [ "$IFACE" = lo ]; then
# Don't warn about loopback interface as that is typically
# used to configure libc for a nameserver on it and the libc
# subscriber will process that just fine.
continue
fi
if ! [ -d "/sys/class/net/$IFACE" ]; then
FAILED="$FAILED${FAILED:+ }$IFACE_PROTO"
fi
done
if [ -n "$FAILED" ]; then
echo "Could not apply resolv.conf to resolvectl: $FAILED" >&2
fi
+96
View File
@@ -0,0 +1,96 @@
#!/bin/sh
# Copyright (c) 2025 Roy Marples
# All rights reserved
# systemd-resolved subscriber for resolvconf
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
case "${systemd_resolved:-NO}" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;;
*) exit 0;;
esac
[ -n "$RESOLVCONF" ] || eval "$(@SBINDIR@/resolvconf -v)"
NL="
"
: ${systemd_resolved_conf:=/run/systemd/resolved.conf.d/60-resolvconf.conf}
: ${systemd_delegate_dir:=/run/systemd/dns-delegate.d}
# Try to ensure that config dirs exist
if command -v config_mkdirs >/dev/null 2>&1; then
config_mkdirs "$systemd_resolved_conf" "$systemd_delegate_dir/x"
else
@SBINDIR@/resolvconf -D "$systemd_resolved_conf" "$systemd_delegate_dir/x"
fi
header="# Generated by resolvconf$NL"
header="${header}$NL"
header="${header}[Resolve]$NL"
conf="$header"
# We emit blank values to force them to reset on SIGHUP
conf="${conf}DNS=$NAMESERVERS$NL"
# Indicate these nameservers are for all domain lookups by using ~.
conf="${conf}Domains=$SEARCH${NAMESERVERS:+ ~.}$NL"
printf %s "$conf" >"$systemd_resolved_conf"
# DNS Delegates requires https://github.com/systemd/systemd/pull/34368
rm -f "$systemd_delegate_dir/resolvconf-"*".dns-delegate"
header="# Generated by resolvconf$NL"
header="${header}$NL"
header="${header}[Delegate]$NL"
for d in $DOMAINS; do
dn="${d%%:*}"
ns="${d#*:}"
dconf="${header}Domains="
search=false
for sd in $SEARCH; do
if [ "$sd" = "$dn" ]; then
search=true
break
fi
done
if ! $search; then
dconf="${dconf}~"
fi
dconf="${dconf}$dn$NL"
dconf="${dconf}DNS="
while [ -n "$ns" ]; do
dconf="$dconf${ns%%,*} "
[ "$ns" = "${ns#*,}" ] && break
ns="${ns#*,}"
done
dconf="$dconf$NL"
printf %s "$dconf" >"$systemd_delegate_dir/resolvconf-$dn.dns-delegate"
done
pid=$(pidof systemd-resolved)
if [ -n "$pid" ]; then
kill -HUP $pid
fi
+25 -5
View File
@@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2009-2016 Roy Marples
# Copyright (c) 2009-2023 Roy Marples
# All rights reserved
# unbound subscriber for resolvconf
@@ -27,6 +27,7 @@
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
unbound_insecure=
unbound_private=
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
@@ -42,13 +43,29 @@ newconf="# Generated by resolvconf$NL"
for d in $DOMAINS; do
dn="${d%%:*}"
ns="${d#*:}"
create_unbound_insecure=false
create_unbound_private=false
case "$unbound_insecure" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
newconf="$newconf${NL}server:$NL"
newconf="$newconf domain-insecure: \"$dn\"$NL"
;;
create_unbound_insecure=true ;;
esac
case "$unbound_private" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
create_unbound_private=true ;;
esac
if $create_unbound_insecure || $create_unbound_private; then
newconf="$newconf${NL}server:$NL"
if $create_unbound_insecure; then
newconf="$newconf domain-insecure: \"$dn\"$NL"
fi
if $create_unbound_private; then
newconf="$newconf private-domain: \"$dn\"$NL"
fi
fi
newconf="$newconf${NL}forward-zone:$NL name: \"$dn\"$NL"
if [ -n "$unbound_forward_zone_options" ]; then
newconf="$newconf $unbound_forward_zone_options${NL}"
fi
while [ -n "$ns" ]; do
newconf="$newconf forward-addr: ${ns%%,*}$NL"
[ "$ns" = "${ns#*,}" ] && break
@@ -58,13 +75,16 @@ done
if [ -n "$NAMESERVERS" ]; then
newconf="$newconf${NL}forward-zone:$NL name: \".\"$NL"
if [ -n "$unbound_forward_zone_options" ]; then
newconf="$newconf $unbound_forward_zone_options${NL}"
fi
for n in $NAMESERVERS; do
newconf="$newconf forward-addr: $n$NL"
done
fi
# Try to ensure that config dirs exist
if type config_mkdirs >/dev/null 2>&1; then
if command -v config_mkdirs >/dev/null 2>&1; then
config_mkdirs "$unbound_conf"
else
@SBINDIR@/resolvconf -D "$unbound_conf"