385 lines
12 KiB
Groff
385 lines
12 KiB
Groff
.\" Copyright (c) 2009-2016 Roy Marples
|
|
.\" All rights reserved
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.Dd September 8, 2019
|
|
.Dt RESOLVCONF.CONF 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm resolvconf.conf
|
|
.Nd resolvconf configuration file
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
is the configuration file for
|
|
.Xr resolvconf 8 .
|
|
The
|
|
.Nm
|
|
file is a shell script that is sourced by
|
|
.Xr resolvconf 8 ,
|
|
meaning that
|
|
.Nm
|
|
must contain valid shell commands.
|
|
Listed below are the standard
|
|
.Nm
|
|
variables that may be set.
|
|
If the values contain whitespace, wildcards or other special shell characters,
|
|
ensure they are quoted and escaped correctly.
|
|
See the
|
|
.Sy replace
|
|
variable for an example on quoting.
|
|
.Pp
|
|
After updating this file, you may wish to run
|
|
.Nm resolvconf -u
|
|
to apply the new configuration.
|
|
.Pp
|
|
When a dynamically generated list is appended or prepended to, the whole
|
|
is made unique where left-most wins.
|
|
.Sh RESOLVCONF OPTIONS
|
|
.Bl -tag -width indent
|
|
.It Sy resolvconf
|
|
Set to NO to disable
|
|
.Nm resolvconf
|
|
from running any subscribers.
|
|
Defaults to YES.
|
|
.It Sy interface_order
|
|
These interfaces will always be processed first.
|
|
If unset, defaults to the following:-
|
|
.Bd -compact -literal -offset indent
|
|
lo lo[0-9]*
|
|
.Ed
|
|
.It Sy dynamic_order
|
|
These interfaces will be processed next, unless they have a metric.
|
|
If unset, defaults to the following:-
|
|
.Bd -compact -literal -offset indent
|
|
tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]*
|
|
.Ed
|
|
.It Sy inclusive_interfaces
|
|
Ignore any exclusive marking for these interfaces.
|
|
This is handy when 3rd party integrations force the
|
|
.Nm resolvconf -x
|
|
option and you want to disable it easily.
|
|
.It Sy local_nameservers
|
|
If unset, defaults to the following:-
|
|
.Bd -compact -literal -offset indent
|
|
127.* 0.0.0.0 255.255.255.255 ::1
|
|
.Ed
|
|
.It Sy search_domains
|
|
Prepend search domains to the dynamically generated list.
|
|
.It Sy search_domains_append
|
|
Append search domains to the dynamically generated list.
|
|
.It Sy domain_blacklist
|
|
A list of domains to be removed from consideration.
|
|
To remove a domain, you can use foo.*
|
|
To remove a sub domain, you can use *.bar
|
|
.It Sy name_servers
|
|
Prepend name servers to the dynamically generated list.
|
|
You should set this to 127.0.0.1 if you use a local name server other than
|
|
libc.
|
|
.It Sy name_servers_append
|
|
Append name servers to the dynamically generated list.
|
|
.It Sy name_server_blacklist
|
|
A list of name servers to be removed from consideration.
|
|
The default is 0.0.0.0 as some faulty routers send it via DHCP.
|
|
To remove a block, you can use 192.168.*
|
|
.It Sy private_interfaces
|
|
These interfaces name servers will only be queried for the domains listed
|
|
in their resolv.conf.
|
|
Useful for VPN domains.
|
|
Setting
|
|
.Sy private_interfaces Ns ="*"
|
|
will stop the forwarding of the root zone and allows the local resolver to
|
|
recursively query the root servers directly.
|
|
Requires a local nameserver other than libc.
|
|
This is equivalent to the
|
|
.Nm resolvconf -p
|
|
option.
|
|
.It Sy public_interfaces
|
|
Force these interface to be public, overriding the private marking.
|
|
This is handy when 3rd party integrations force the
|
|
.Nm resolvconf -p
|
|
option and you want to disable it easily.
|
|
.It Sy replace
|
|
Is a space separated list of replacement keywords.
|
|
The syntax is this:
|
|
.Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement
|
|
.Pp
|
|
Example, given this resolv.conf:
|
|
.Bd -compact -literal -offset indent
|
|
domain foo.org
|
|
search foo.org dead.beef
|
|
nameserver 1.2.3.4
|
|
nameserver 2.3.4.5
|
|
.Ed
|
|
and this configuaration:
|
|
.Bd -compact -literal -offset indent
|
|
replace="search/foo*/bar.com"
|
|
replace="$replace nameserver/1.2.3.4/5.6.7.8"
|
|
replace="$replace nameserver/2.3.4.5/"
|
|
.Ed
|
|
you would get this resolv.conf instead:
|
|
.Bd -compact -literal -offset indent
|
|
domain foo.org
|
|
search bar.com
|
|
nameserver 5.6.7.8
|
|
.Ed
|
|
.It Sy replace_sub
|
|
Works the same way as
|
|
.Sy replace
|
|
except it works on each space separated value rather than the whole line,
|
|
so it's useful for the replacing a single domain within the search directive.
|
|
Using the same example resolv.conf and changing
|
|
.Sy replace
|
|
to
|
|
.Sy replace_sub ,
|
|
you would get this resolv.conf instead:
|
|
.Bd -compact -literal -offset indent
|
|
domain foo.org
|
|
search bar.com dead.beef
|
|
nameserver 5.6.7.8
|
|
.Ed
|
|
.It Sy state_dir
|
|
Override the default state directory of
|
|
.Pa @VARDIR@ .
|
|
This should not be changed once
|
|
.Nm resolvconf
|
|
is in use unless the old directory is copied to the new one.
|
|
.El
|
|
.Sh LIBC OPTIONS
|
|
The following variables affect
|
|
.Xr resolv.conf 5
|
|
directly:-
|
|
.Bl -tag -width indent
|
|
.It Sy resolv_conf
|
|
Defaults to
|
|
.Pa /etc/resolv.conf
|
|
if not set.
|
|
.It Sy resolv_conf_options
|
|
A list of libc resolver options, as specified in
|
|
.Xr resolv.conf 5 .
|
|
.It Sy resolv_conf_passthrough
|
|
When set to YES the latest resolv.conf is written to
|
|
.Sy resolv_conf
|
|
without any alteration.
|
|
When set to /dev/null or NULL,
|
|
.Sy resolv_conf_local_only
|
|
is defaulted to NO,
|
|
.Sy local_nameservers
|
|
is unset unless overridden and only the information set in
|
|
.Nm
|
|
is written to
|
|
.Sy resolv_conf .
|
|
.It Sy resolv_conf_sortlist
|
|
A libc resolver sortlist, as specified in
|
|
.Xr resolv.conf 5 .
|
|
.It Sy resolv_conf_local_only
|
|
If a local name server is configured then the default is just to specify that
|
|
and ignore all other entries as they will be configured for the local
|
|
name server.
|
|
Set this to NO to also list non-local nameservers.
|
|
This will give you working DNS even if the local nameserver stops functioning
|
|
at the expense of duplicated server queries.
|
|
.It Sy append_nameservers
|
|
Append name servers to the dynamically generated list.
|
|
.It Sy prepend_nameservers
|
|
Prepend name servers to the dynamically generated list.
|
|
.It Sy append_search
|
|
Append search domains to the dynamically generated list.
|
|
.It Sy prepend_search
|
|
Prepend search domains to the dynamically generated list.
|
|
.El
|
|
.Sh SUBSCRIBER OPTIONS
|
|
openresolv ships with subscribers for the name servers
|
|
.Xr dnsmasq 8 ,
|
|
.Xr named 8 ,
|
|
.Xr pdnsd 8 ,
|
|
.Xr pdns_recursor 8 ,
|
|
and
|
|
.Xr unbound 8 .
|
|
Each subscriber can create configuration files which should be included in
|
|
in the subscribers main configuration file.
|
|
.Pp
|
|
To disable a subscriber, simply set it's name to NO.
|
|
For example, to disable the libc subscriber you would set:
|
|
.Bd -compact -literal -offset indent
|
|
libc=NO
|
|
.Ed
|
|
.Bl -tag -width indent
|
|
.It Sy dnsmasq_conf
|
|
This file tells dnsmasq which name servers to use for specific domains.
|
|
.It Sy dnsmasq_resolv
|
|
This file tells dnsmasq which name servers to use for global lookups.
|
|
.Pp
|
|
Example resolvconf.conf for dnsmasq:
|
|
.Bd -compact -literal -offset indent
|
|
name_servers=127.0.0.1
|
|
dnsmasq_conf=/etc/dnsmasq-conf.conf
|
|
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
|
|
.Ed
|
|
.Pp
|
|
Example dnsmasq.conf:
|
|
.Bd -compact -literal -offset indent
|
|
listen-address=127.0.0.1
|
|
# If dnsmasq is compiled for DBus then we can take
|
|
# advantage of not having to restart dnsmasq.
|
|
enable-dbus
|
|
conf-file=/etc/dnsmasq-conf.conf
|
|
resolv-file=/etc/dnsmasq-resolv.conf
|
|
.Ed
|
|
.It Sy named_options
|
|
Include this file in the named options block.
|
|
This file tells named which name servers to use for global lookups.
|
|
.It Sy named_zones
|
|
Include this file in the named global scope, after the options block.
|
|
This file tells named which name servers to use for specific domains.
|
|
.Pp
|
|
Example resolvconf.conf for named:
|
|
.Bd -compact -literal -offset indent
|
|
name_servers=127.0.0.1
|
|
named_options=/etc/named-options.conf
|
|
named_zones=/etc/named-zones.conf
|
|
.Ed
|
|
.Pp
|
|
Example named.conf:
|
|
.Bd -compact -literal -offset indent
|
|
options {
|
|
listen-on { 127.0.0.1; };
|
|
include "/etc/named-options.conf";
|
|
};
|
|
|
|
include "/etc/named-zones.conf";
|
|
.Ed
|
|
.It Sy pdnsd_conf
|
|
This is the main pdnsd configuration file which we modify to add our
|
|
forward domains to.
|
|
If this variable is not set then we rely on the pdnsd configuration file
|
|
setup to read
|
|
.Pa pdnsd_resolv
|
|
as documented below.
|
|
.It Sy pdnsd_resolv
|
|
This file tells pdnsd about global name servers.
|
|
If this variable is not set then it's written to
|
|
.Pa pdnsd_conf .
|
|
.Pp
|
|
Example resolvconf.conf for pdnsd:
|
|
.Bd -compact -literal -offset indent
|
|
name_servers=127.0.0.1
|
|
pdnsd_conf=/etc/pdnsd.conf
|
|
# pdnsd_resolv=/etc/pdnsd-resolv.conf
|
|
.Ed
|
|
.Pp
|
|
Example pdnsd.conf:
|
|
.Bd -compact -literal -offset indent
|
|
global {
|
|
server_ip = 127.0.0.1;
|
|
status_ctl = on;
|
|
}
|
|
server {
|
|
# A server definition is required, even if empty.
|
|
label="empty";
|
|
proxy_only=on;
|
|
# file="/etc/pdnsd-resolv.conf";
|
|
}
|
|
.Ed
|
|
.It Sy pdns_zones
|
|
This file tells pdns_recursor about specific and global name servers.
|
|
.Pp
|
|
Example resolvconf.conf for pdns_recursor:
|
|
.Bd -compact -literal -offset indent
|
|
name_servers=127.0.0.1
|
|
pdns_zones=/etc/pdns/recursor-zones.conf
|
|
.Ed
|
|
.Pp
|
|
Example recursor.conf:
|
|
.Bd -compact -literal -offset indent
|
|
allow-from=127.0.0.0/8, ::1/128
|
|
forward-zones-file=/etc/pdns/recursor-zones.conf
|
|
.Ed
|
|
.It Sy unbound_conf
|
|
This file tells unbound about specific and global name servers.
|
|
.It Sy unbound_insecure
|
|
When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC.
|
|
.Pp
|
|
Example resolvconf.conf for unbound:
|
|
.Bd -compact -literal -offset indent
|
|
name_servers=127.0.0.1
|
|
unbound_conf=/etc/unbound-resolvconf.conf
|
|
.Ed
|
|
.Pp
|
|
Example unbound.conf:
|
|
.Bd -compact -literal -offset indent
|
|
include: /etc/unbound-resolvconf.conf
|
|
.Ed
|
|
.El
|
|
.Sh SUBSCRIBER INTEGRATION
|
|
Not all distributions store the files the subscribers need in the same
|
|
locations.
|
|
For example, named service scripts have been called named, bind and rc.bind
|
|
and they could be located in a directory called /etc/rc.d, /etc/init.d or
|
|
similar.
|
|
Each subscriber attempts to automatically configure itself, but not every
|
|
distribution has been catered for.
|
|
Also, users could equally want to use a different version from the one
|
|
installed by default, such as bind8 and bind9.
|
|
To accommodate this, the subscribers have these files in configurable
|
|
variables, documented below.
|
|
.Bl -tag -width indent
|
|
.It Sy dnsmasq_service
|
|
Name of the dnsmasq service.
|
|
.It Sy dnsmasq_restart
|
|
Command to restart the dnsmasq service.
|
|
.It Sy dnsmasq_pid
|
|
Location of the dnsmasq pidfile.
|
|
.It Sy libc_service
|
|
Name of the libc service.
|
|
.It Sy libc_restart
|
|
Command to restart the libc service.
|
|
.It Sy named_service
|
|
Name of the named service.
|
|
.It Sy named_restart
|
|
Command to restart the named service.
|
|
.It Sy pdnsd_restart
|
|
Command to restart the pdnsd service.
|
|
.It Sy pdns_service
|
|
Command to restart the pdns_recursor service.
|
|
.It Sy pdns_restart
|
|
Command to restart the pdns_recursor service.
|
|
.It Sy unbound_service
|
|
Name of the unbound service.
|
|
.It Sy unbound_restart
|
|
Command to restart the unbound service.
|
|
.It Sy unbound_pid
|
|
Location of the unbound pidfile.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr sh 1 ,
|
|
.Xr resolv.conf 5 ,
|
|
.Xr resolvconf 8
|
|
.Sh AUTHORS
|
|
.An Roy Marples Aq Mt roy@marples.name
|
|
.Sh BUGS
|
|
Each distribution is a special snowflake and likes to name the same thing
|
|
differently, namely the named service script.
|
|
.Pp
|
|
Please report them to
|
|
.Lk http://roy.marples.name/projects/openresolv
|