diff options
author | Thomas Haller <thaller@redhat.com> | 2018-09-12 21:16:34 +0200 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2018-09-17 16:41:18 +0200 |
commit | 2988f53b3f6255cd8f7c86c4c9a9bd936b72c5de (patch) | |
tree | c5823f6663e76beaf3541d7d5a5ea7a0ddaea094 | |
parent | 18b2fd2f582f738facd29b7153f55db47df83e61 (diff) | |
download | NetworkManager-th/dns-stub-resolv-conf.tar.gz |
dns: write original DNS servers to /var/run/NetworkManager/no-stub-resolv.confth/dns-stub-resolv-conf
When a DNS plugin is enabled (like "main.dns=dnsmasq" or "main.dns=systemd-resolved"),
the name servers announced to the rc-manager are coerced to be 127.0.0.1
or 127.0.0.53.
Depending on the "main.rc-manager" setting, also /etc/resolv.conf
contains only this coerced name server to the local caching service.
the same is true for /var/run/NetworkManager/resolv.conf file, which
is essentially what we would write to /etc/resolv.conf (depending on
the main.rc-manager configuration.
Write a new file /var/run/NetworkManager/no-stub-resolv.conf, which contains
the original name servers, uncoerced. This file is always written.
The effect is, when one enables "main.dns=systemd-resolved", then there
is still a file "no-stub-resolv.conf" with the content as with
"main.dns=default".
The no-stub-resolv.conf may be a possible solution, when one wants
NetworkManager to update systemd-resolved, but still have a regular
/etc/resolv.conf [1]. For that, the user would configure
[main]
dns=systemd-resolved
rc-manager=unmanaged
and symlink /etc/resolv.conf to /var/run/NetworkManager/no-stub-resolv.conf.
But that is not necessarily the only solution and does not preclude options
for updating systemd-resolved in combination with other DNS plugins.
[1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/20
-rw-r--r-- | man/NetworkManager.conf.xml | 12 | ||||
-rw-r--r-- | src/dns/nm-dns-manager.c | 35 |
2 files changed, 42 insertions, 5 deletions
diff --git a/man/NetworkManager.conf.xml b/man/NetworkManager.conf.xml index 87cf001621..728947b3cb 100644 --- a/man/NetworkManager.conf.xml +++ b/man/NetworkManager.conf.xml @@ -331,15 +331,23 @@ no-auto-default=* after some time. This behavior can be modified passing the 'all-servers' or 'strict-order' options to dnsmasq (see the manual page for more details).</para> + <para><literal>systemd-resolved</literal>: NetworkManager will + push the DNS configuration to systemd-resolved</para> <para><literal>unbound</literal>: NetworkManager will talk to unbound and dnssec-triggerd, providing a "split DNS" configuration with DNSSEC support. <filename>/etc/resolv.conf</filename> will be managed by dnssec-trigger daemon.</para> - <para><literal>systemd-resolved</literal>: NetworkManager will - push the DNS configuration to systemd-resolved</para> <para><literal>none</literal>: NetworkManager will not modify resolv.conf. This implies <literal>rc-manager</literal> <literal>unmanaged</literal></para> + + <para>Note that the plugins <literal>dnsmasq</literal>, <literal>systemd-resolved</literal> + and <literal>unbound</literal> are caching local nameservers. + Hence, when NetworkManager writes <filename>&nmrundir;/resolv.conf</filename> + and <filename>/etc/resolv.conf</filename> (according to <literal>rc-manager</literal> + setting below), the name server there will be localhost only. + NetworkManager also writes a file <filename>&nmrundir;/no-stub-resolv.conf</filename> + that contains the original name servers, which are pushed to the DNS plugin.</para> </listitem> </varlistentry> diff --git a/src/dns/nm-dns-manager.c b/src/dns/nm-dns-manager.c index 33a414831f..2755b26241 100644 --- a/src/dns/nm-dns-manager.c +++ b/src/dns/nm-dns-manager.c @@ -744,9 +744,36 @@ _read_link_cached (const char *path, gboolean *is_cached, char **cached) return (*cached = g_file_read_link (path, NULL)); } -#define MY_RESOLV_CONF NMRUNDIR "/resolv.conf" -#define MY_RESOLV_CONF_TMP MY_RESOLV_CONF ".tmp" -#define RESOLV_CONF_TMP "/etc/.resolv.conf.NetworkManager" +#define MY_RESOLV_CONF NMRUNDIR"/resolv.conf" +#define MY_RESOLV_CONF_TMP MY_RESOLV_CONF".tmp" +#define RESOLV_CONF_TMP "/etc/.resolv.conf.NetworkManager" + +#define NO_STUB_RESOLV_CONF NMRUNDIR "/no-stub-resolv.conf" + +static void +update_resolv_conf_no_stub (NMDnsManager *self, + char **searches, + char **nameservers, + char **options) +{ + gs_free char *content = NULL; + GError *local = NULL; + + content = create_resolv_conf (searches, nameservers, options); + + if (!g_file_set_contents (NO_STUB_RESOLV_CONF, + content, + -1, + &local)) { + _LOGD ("update-resolv-no-stub: failure to write file: %s", + local->message); + g_error_free (local); + return; + } + + _LOGT ("update-resolv-no-stub: '%s' successfully written", + NO_STUB_RESOLV_CONF); +} static SpawnResult update_resolv_conf (NMDnsManager *self, @@ -1421,6 +1448,8 @@ update_dns (NMDnsManager *self, ; } + update_resolv_conf_no_stub (self, searches, nameservers, options); + /* If caching was successful, we only send 127.0.0.1 to /etc/resolv.conf * to ensure that the glibc resolver doesn't try to round-robin nameservers, * but only uses the local caching nameserver. |