Import openresolv 3.9.0

More information at: https://roy.marples.name/projects/openresolv
This commit is contained in:
pfg 2019-11-20 22:13:14 +00:00
parent 450918ee9e
commit dacbde89b2
14 changed files with 437 additions and 246 deletions

23
LICENSE Normal file
View File

@ -0,0 +1,23 @@
Copyright (c) 2007-2019 Roy Marples <roy@marples.name>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.

View File

@ -10,6 +10,7 @@ SYSCONFDIR?= /etc
LIBEXECDIR?= /libexec/resolvconf
VARDIR?= /var/run/resolvconf
ECHO?= echo
INSTALL?= install
SED?= sed
@ -20,7 +21,7 @@ DOCMODE?= 0644
MANMODE?= 0444
RESOLVCONF= resolvconf resolvconf.8 resolvconf.conf.5
SUBSCRIBERS= libc dnsmasq named pdnsd unbound
SUBSCRIBERS= libc dnsmasq named pdnsd pdns_recursor unbound
TARGET= ${RESOLVCONF} ${SUBSCRIBERS}
SRCS= ${TARGET:C,$,.in,} # pmake
SRCS:= ${TARGET:=.in} # gmake
@ -42,7 +43,7 @@ DISTINFOSIGN= ${DISTINFO}.asc
CKSUM?= cksum -a SHA256
PGP?= netpgp
FOSSILID?= current
GITREF?= HEAD
.SUFFIXES: .in
@ -79,15 +80,17 @@ maninstall:
install: proginstall maninstall
import:
rm -rf /tmp/${DISTPREFIX}
${INSTALL} -d /tmp/${DISTPREFIX}
cp README ${SRCS} /tmp/${DISTPREFIX}
dist-git:
git archive --prefix=${DISTPREFIX}/ ${GITREF} | xz >${DISTFILE}
dist:
fossil tarball --name ${DISTPREFIX} ${FOSSILID} ${DISTFILEGZ}
gunzip -c ${DISTFILEGZ} | xz >${DISTFILE}
rm ${DISTFILEGZ}
dist-inst:
mkdir /tmp/${DISTPREFIX}
cp -RPp * /tmp/${DISTPREFIX}
(cd /tmp/${DISTPREFIX}; make clean)
tar -cvjpf ${DISTFILE} -C /tmp ${DISTPREFIX}
rm -rf /tmp/${DISTPREFIX}
dist: dist-git
distinfo: dist
rm -f ${DISTINFO} ${DISTINFOSIGN}
@ -96,3 +99,20 @@ distinfo: dist
${PGP} --clearsign --output=${DISTINFOSIGN} ${DISTINFO}
chmod 644 ${DISTINFOSIGN}
ls -l ${DISTFILE} ${DISTINFO} ${DISTINFOSIGN}
import: dist
rm -rf /tmp/${DISTPREFIX}
${INSTALL} -d /tmp/${DISTPREFIX}
tar xvJpf ${DISTFILE} -C /tmp
_import-src:
rm -rf ${DESTDIR}/*
${INSTALL} -d ${DESTDIR}
cp LICENSE README.md ${SRCS} resolvconf.conf ${DESTDIR};
cp resolvconf.8.in resolvconf.conf.5.in ${DESTDIR};
@${ECHO}
@${ECHO} "============================================================="
@${ECHO} "openresolv-${VERSION} imported to ${DESTDIR}"
import-src:
${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else echo /tmp/${DISTPREFIX}; fi`

11
README
View File

@ -1,11 +0,0 @@
openresolv is a resolvconf implementation which manages resolv.conf
You can find the latest version at http://roy.marples.name/projects/openresolv
It is written and maintained by Roy Marples <roy@marples.name>
This resolvconf implementation, along with its subscribers, work with a
POSIX compliant shell and userland utilities. It is designed to work without
tools such as sed as it *has* to work without /usr being available.
On systems where resolvconf is expected to be used before /var/run is available
for writing, you can configure openresolv to write somewhere else, like say a
ramdisk.

64
README.md Normal file
View File

@ -0,0 +1,64 @@
# openresolv
openresolv is a [resolvconf](https://en.wikipedia.org/wiki/Resolvconf)
implementation which manages `/etc/resolv.conf`.
`/etc/resolv.conf` is a file that holds the configuration for the local
resolution of domain names.
Normally this file is either static or maintained by a local daemon,
normally a DHCP daemon. But what happens if more than one thing wants to
control the file?
Say you have wired and wireless interfaces to different subnets and run a VPN
or two on top of that, how do you say which one controls the file?
It's also not as easy as just adding and removing the nameservers each client
knows about as different clients could add the same nameservers.
Enter resolvconf, the middleman between the network configuration services and
`/etc/resolv.conf`.
resolvconf itself is just a script that stores, removes and lists a full
`resolv.conf` generated for the interface. It then calls all the helper scripts
it knows about so it can configure the real `/etc/resolv.conf` and optionally
any local nameservers other than libc.
## Reasons for using openresolv
Why openresolv over the
[Debian implementation](http://qref.sourceforge.net/Debian/reference/ch-gateway.en.html#s-dns-resolvconf)?
Here's some reasons:
* Works with
[POSIX shell and userland](http://www.opengroup.org/onlinepubs/009695399)
* Does not need awk, grep or sed which means we can work without `/usr`
mounted
* Works with other init systems than Debians' out of the box
* Available as a 2 clause
[BSD license](http://www.freebsd.org/copyright/freebsd-license.html)
* Prefer configs via IF_METRIC for dynamic ordering
* Configures zones for local resolvers other than libc
The last point is quite important, especially when running VPN systems.
Take the following resolv.conf files which have been generated by a
[DHCP client](../dhcpcd) and sent to resolvconf:
```
# resolv.conf from bge0
search foo.com
nameserver 1.2.3.4
# resolv.conf from tap0
domain bar.org
nameserver 5.6.7.8
```
In this instance, queries for foo.com will go to 1.2.3.4 and queries for
bar.org will go to 5.6.7.8.
This does require the resolvers to be configured to pickup the resolvconf
generated configuration for them though.
openresolv ships with helpers for:
* [unbound](http://www.unbound.net/)
* [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html)
* [ISC BIND](http://www.isc.org/software/bind)
* [PowerDNS Recursor](http://wiki.powerdns.com/trac)
See the
[configuration section](https://roy.marples.name/projects/openresolv/config)
for more details.

90
configure vendored
View File

@ -44,42 +44,8 @@ for x do
esac
done
if [ -z "$LIBEXECDIR" ]; then
printf "Checking for directory /libexec ... "
if [ -d /libexec ]; then
echo "yes"
LIBEXECDIR=$PREFIX/libexec/resolvconf
else
echo "no"
LIBEXECDIR=$PREFIX/lib/resolvconf
fi
fi
if [ -z "$RUNDIR" ]; then
printf "Checking for directory /run ... "
if [ -d /run ]; then
echo "yes"
RUNDIR=/run
else
echo "no"
RUNDIR=/var/run
fi
fi
: ${SED:=sed}
: ${SYSCONFDIR:=$PREFIX/etc}
: ${SBINDIR:=$PREFIX/sbin}
: ${LIBEXECDIR:=$PREFIX/libexec/resolvconf}
: ${STATEDIR:=/var}
: ${RUNDIR:=$STATEDIR/run}
: ${MANDIR:=${PREFIX:-/usr}/share/man}
eval SYSCONFDIR="$SYSCONFDIR"
eval SBINDIR="$SBINDIR"
eval LIBEXECDIR="$LIBEXECDIR"
eval VARDIR="$RUNDIR/resolvconf"
eval MANDIR="$MANDIR"
CONFIG_MK=config.mk
if [ -z "$BUILD" ]; then
@ -121,13 +87,9 @@ rm -rf $CONFIG_MK
echo "# $OS" >$CONFIG_MK
case "$OS" in
freebsd*)
# On FreeBSD, /etc/init.d/foo status returns 0 if foo is not enabled
# regardless of if it's not running.
# So we force onestatus to work around this silly bug.
if [ -z "$STATUSARG" ]; then
STATUSARG="onestatus"
fi
dragonfly*)
# This means /usr HAS to be mounted not via dhcpcd
: ${LIBEXECDIR:=${PREFIX:-/usr}/libexec/resolvconf}
;;
linux*)
# cksum does't support -a and netpgp is rare
@ -136,6 +98,52 @@ linux*)
;;
esac
case "$OS" in
dragonfly*|freebsd*)
# On FreeBSD, /etc/init.d/foo status returns 0 if foo is not enabled
# regardless of if it's not running.
# So we force onestatus to work around this silly bug.
if [ -z "$STATUSARG" ]; then
STATUSARG="onestatus"
fi
;;
esac
if [ -z "$LIBEXECDIR" ]; then
printf "Checking for directory /libexec ... "
if [ -d /libexec ]; then
echo "yes"
LIBEXECDIR=$PREFIX/libexec/resolvconf
else
echo "no"
LIBEXECDIR=$PREFIX/lib/resolvconf
fi
fi
if [ -z "$RUNDIR" ]; then
printf "Checking for directory /run ... "
if [ -d /run ]; then
echo "yes"
RUNDIR=/run
else
echo "no"
RUNDIR=/var/run
fi
fi
: ${SYSCONFDIR:=$PREFIX/etc}
: ${SBINDIR:=$PREFIX/sbin}
: ${LIBEXECDIR:=$PREFIX/libexec/resolvconf}
: ${STATEDIR:=/var}
: ${RUNDIR:=$STATEDIR/run}
: ${MANDIR:=${PREFIX:-/usr}/share/man}
eval SYSCONFDIR="$SYSCONFDIR"
eval SBINDIR="$SBINDIR"
eval LIBEXECDIR="$LIBEXECDIR"
eval VARDIR="$RUNDIR/resolvconf"
eval MANDIR="$MANDIR"
for x in SYSCONFDIR SBINDIR LIBEXECDIR VARDIR MANDIR RESTARTCMD RCDIR STATUSARG
do
eval v=\$$x

View File

@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2007-2016 Roy Marples
# Copyright (c) 2007-2019 Roy Marples
# All rights reserved
# dnsmasq subscriber for resolvconf
@ -28,7 +28,7 @@
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
[ -z "$dnsmasq_conf" -a -z "$dnsmasq_resolv" ] && exit 0
[ -z "${dnsmasq_conf}${dnsmasq_resolv}" ] && exit 0
[ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)"
NL="
"
@ -98,7 +98,7 @@ for d in $DOMAINS; do
empty=false i=0
IFS=:
set -- $n
while [ -n "$1" -o -n "$2" ]; do
while [ -n "$1" ] || [ -n "$2" ]; do
addr="$1"
shift
if [ -z "$addr" ]; then
@ -184,7 +184,7 @@ if $changed; then
eval $dnsmasq_restart
elif [ -n "$RESTARTCMD" ]; then
set -- ${dnsmasq_service}
eval $RESTARTCMD
eval "$RESTARTCMD"
else
@SBINDIR@/resolvconf -r ${dnsmasq_service}
fi
@ -206,4 +206,6 @@ if $dbus; then
dbus-send --system --dest=uk.org.thekelleys.dnsmasq \
/uk/org/thekelleys/dnsmasq uk.org.thekelleys.$method \
$dbusdest
dbus-send --system --dest=uk.org.thekelleys.dnsmasq \
/uk/org/thekelleys/dnsmasq uk.org.thekelleys.ClearCache
fi

24
libc.in
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2007-2016 Roy Marples
# Copyright (c) 2007-2019 Roy Marples
# All rights reserved
# libc subscriber for resolvconf
@ -36,9 +36,9 @@ NL="
# sed may not be available, and this is faster on small files
key_get_value()
{
local key="$1" x= line=
key="$1"
shift
if [ $# -eq 0 ]; then
while read -r line; do
case "$line" in
@ -58,8 +58,6 @@ key_get_value()
keys_remove()
{
local key x line found
while read -r line; do
found=false
for key do
@ -79,7 +77,7 @@ local_nameservers="127.* 0.0.0.0 255.255.255.255 ::1"
if [ -f "$SYSCONFDIR"/resolvconf.conf ]; then
. "$SYSCONFDIR"/resolvconf.conf
elif [ -d "$SYSCONFDIR"/resolvconf ]; then
SYSCONFDIR="$SYSCONFDIR/resolvconf/resolv.conf.d"
SYSCONFDIR="$SYSCONFDIR/resolvconf"
base="$SYSCONFDIR/resolv.conf.d/base"
if [ -f "$base" ]; then
prepend_nameservers="$(key_get_value "nameserver " "$base")"
@ -98,10 +96,12 @@ fi
: ${resolv_conf:=/etc/resolv.conf}
: ${libc_service:=nscd}
: ${list_resolv:=@SBINDIR@/resolvconf -l}
if [ "${resolv_conf_head-x}" = x -a -f "$SYSCONFDIR"/resolv.conf.head ]; then
if [ "${resolv_conf_head-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.head ]
then
resolv_conf_head="$(cat "${SYSCONFDIR}"/resolv.conf.head)"
fi
if [ "${resolv_conf_tail-x}" = x -a -f "$SYSCONFDIR"/resolv.conf.tail ]; then
if [ "${resolv_conf_tail-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.tail ]
then
resolv_conf_tail="$(cat "$SYSCONFDIR"/resolv.conf.tail)"
fi
@ -110,7 +110,7 @@ signature="# Generated by resolvconf"
uniqify()
{
local result=
result=
while [ -n "$1" ]; do
case " $result " in
*" $1 "*);;
@ -126,7 +126,7 @@ case "${resolv_conf_passthrough:-NO}" in
backup=false
newest=
for conf in "$IFACEDIR"/*; do
if [ -z "$newest" -o "$conf" -nt "$newest" ]; then
if [ -z "$newest" ] || [ "$conf" -nt "$newest" ]; then
newest="$conf"
fi
done
@ -178,7 +178,7 @@ case "${resolv_conf_passthrough:-NO}" in
fi
[ -n "$domain" ] && newconf="${newconf}domain $domain$NL"
if [ -n "$newsearch" -a "$newsearch" != "$domain" ]; then
if [ -n "$newsearch" ] && [ "$newsearch" != "$domain" ]; then
newconf="${newconf}search $newsearch$NL"
fi
for n in $newns; do
@ -232,7 +232,7 @@ if [ -n "$libc_restart" ]; then
eval $libc_restart
elif [ -n "$RESTARTCMD" ]; then
set -- ${libc_service}
eval $RESTARTCMD
eval "$RESTARTCMD"
else
@SBINDIR@/resolvconf -r ${libc_service}
fi

View File

@ -28,14 +28,14 @@
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
[ -z "$named_zones" -a -z "$named_options" ] && exit 0
[ -z "${named_zones}${named_options}" ] && exit 0
[ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)"
NL="
"
# Platform specific kludges
if [ -z "$named_service" -a -z "$named_restart" -a \
-d "$RCDIR" -a ! -x "$RCDIR"/named ]
if [ -z "${named_service}${named_restart}" ] &&
[ -d "$RCDIR" ] && ! [ -x "$RCDIR"/named ]
then
if [ -x "$RCDIR"/bind9 ]; then
# Debian and derivatives
@ -111,7 +111,7 @@ if $changed; then
eval $named_restart
elif [ -n "$RESTARTCMD" ]; then
set -- ${named_service}
eval $RESTARTCMD
eval "$RESTARTCMD"
else
@SBINDIR@/resolvconf -r ${named_service}
fi

View File

@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2009-2011 Roy Marples
# Copyright (c) 2009-2019 Roy Marples
# All rights reserved
# PowerDNS Recursor subscriber for resolvconf
@ -33,17 +33,14 @@
NL="
"
: ${pdns_service:=pdns_recursor}
: ${pdns_service:=pdns-recursor}
newzones=
# pds_recursor does not present support global forward servers, which
# does limit it's usefulness somewhat.
# If it did, the below code can be enabled, or something like it.
#for n in $NAMESERVERS; do
# newzones="$newzones${newzones:+,}$n"
#done
#[ -n "$newzones" ] && newzones=".=$newzones$NL"
for n in $NAMESERVERS; do
newzones="$newzones${newzones:+,}$n"
done
[ -n "$newzones" ] && newzones="+.=$newzones$NL"
for d in $DOMAINS; do
newns=
@ -71,7 +68,7 @@ then
eval $pdns_restart
elif [ -n "$RESTARTCMD" ]; then
set -- ${pdns_service}
eval $RESTARTCMD
eval "$RESTARTCMD"
else
@SBINDIR@/resolvconf -r ${pdns_service}
fi

View File

@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2010-2013 Roy Marples
# Copyright (c) 2010-2018 Roy Marples
# All rights reserved
# pdnsd subscriber for resolvconf
@ -28,7 +28,7 @@
[ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0
. "@SYSCONFDIR@/resolvconf.conf" || exit 1
[ -z "$pdnsd_conf" -a -z "$pdnsd_resolv" ] && exit 0
[ -z "${pdnsd_conf}${pdnsd_resolv}" ] && exit 0
[ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)"
NL="
"
@ -41,14 +41,16 @@ signature_end="# End of resolvconf"
# but sed may not always be available at the time.
remove_markers()
{
local m1="$1" m2="$2" x= line= in_marker=0
m1="$1"
m2="$2"
in_marker=0
shift; shift
if type sed >/dev/null 2>&1; then
sed "/^$m1/,/^$m2/d" $@
else
for x; do
while read -r line; do
for x do
while read line; do
case "$line" in
"$m1"*) in_marker=1;;
"$m2"*) in_marker=0;;

View File

@ -4,4 +4,4 @@
resolv_conf=/etc/resolv.conf
# If you run a local name server, you should uncomment the below line and
# configure your subscribers configuration files below.
#name_servers=127.0.0.1
#name_servers=127.0.0.1

View File

@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd December 29, 2016
.Dd September 8, 2019
.Dt RESOLVCONF.CONF 5
.Os
.Sh NAME
@ -64,19 +64,25 @@ Defaults to YES.
.It Sy interface_order
These interfaces will always be processed first.
If unset, defaults to the following:-
.D1 lo lo[0-9]*
.Bd -compact -literal -offset indent
lo lo[0-9]*
.Ed
.It Sy dynamic_order
These interfaces will be processed next, unless they have a metric.
If unset, defaults to the following:-
.D1 tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]*
.Bd -compact -literal -offset indent
tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]*
.Ed
.It Sy inclusive_interfaces
Ignore any exlcusive marking for these interfaces.
Ignore any exclusive marking for these interfaces.
This is handy when 3rd party integrations force the
.Nm resolvconf -x
option and you want to disable it easily.
.It Sy local_nameservers
If unset, defaults to the following:-
.D1 127.* 0.0.0.0 255.255.255.255 ::1
.Bd -compact -literal -offset indent
127.* 0.0.0.0 255.255.255.255 ::1
.Ed
.It Sy search_domains
Prepend search domains to the dynamically generated list.
.It Sy search_domains_append
@ -118,16 +124,24 @@ The syntax is this:
.Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement
.Pp
Example, given this resolv.conf:
.D1 domain foo.org
.D1 search foo.org dead.beef
.D1 nameserver 1.2.3.4
.D1 nameserver 2.3.4.5
.Bd -compact -literal -offset indent
domain foo.org
search foo.org dead.beef
nameserver 1.2.3.4
nameserver 2.3.4.5
.Ed
and this configuaration:
.D1 replace="search/foo*/bar.com nameserver/1.2.3.4/5.6.7.8 nameserver/2.3.4.5/"
.Bd -compact -literal -offset indent
replace="search/foo*/bar.com"
replace="$replace nameserver/1.2.3.4/5.6.7.8"
replace="$replace nameserver/2.3.4.5/"
.Ed
you would get this resolv.conf instead:
.D1 domain foo.org
.D1 search bar.com
.D1 nameserver 5.6.7.8
.Bd -compact -literal -offset indent
domain foo.org
search bar.com
nameserver 5.6.7.8
.Ed
.It Sy replace_sub
Works the same way as
.Sy replace
@ -138,9 +152,11 @@ Using the same example resolv.conf and changing
to
.Sy replace_sub ,
you would get this resolv.conf instead:
.D1 domain foo.org
.D1 search bar.com dead.beef
.D1 nameserver 5.6.7.8
.Bd -compact -literal -offset indent
domain foo.org
search bar.com dead.beef
nameserver 5.6.7.8
.Ed
.It Sy state_dir
Override the default state directory of
.Pa @VARDIR@ .
@ -195,7 +211,8 @@ Prepend search domains to the dynamically generated list.
openresolv ships with subscribers for the name servers
.Xr dnsmasq 8 ,
.Xr named 8 ,
.Xr pdnsd 8
.Xr pdnsd 8 ,
.Xr pdns_recursor 8 ,
and
.Xr unbound 8 .
Each subscriber can create configuration files which should be included in
@ -203,7 +220,9 @@ in the subscribers main configuration file.
.Pp
To disable a subscriber, simply set it's name to NO.
For example, to disable the libc subscriber you would set:
.D1 libc=NO
.Bd -compact -literal -offset indent
libc=NO
.Ed
.Bl -tag -width indent
.It Sy dnsmasq_conf
This file tells dnsmasq which name servers to use for specific domains.
@ -211,17 +230,21 @@ This file tells dnsmasq which name servers to use for specific domains.
This file tells dnsmasq which name servers to use for global lookups.
.Pp
Example resolvconf.conf for dnsmasq:
.D1 name_servers=127.0.0.1
.D1 dnsmasq_conf=/etc/dnsmasq-conf.conf
.D1 dnsmasq_resolv=/etc/dnsmasq-resolv.conf
.Bd -compact -literal -offset indent
name_servers=127.0.0.1
dnsmasq_conf=/etc/dnsmasq-conf.conf
dnsmasq_resolv=/etc/dnsmasq-resolv.conf
.Ed
.Pp
Example dnsmasq.conf:
.D1 listen-address=127.0.0.1
.D1 # If dnsmasq is compiled for DBus then we can take
.D1 # advantage of not having to restart dnsmasq.
.D1 enable-dbus
.D1 conf-file=/etc/dnsmasq-conf.conf
.D1 resolv-file=/etc/dnsmasq-resolv.conf
.Bd -compact -literal -offset indent
listen-address=127.0.0.1
# If dnsmasq is compiled for DBus then we can take
# advantage of not having to restart dnsmasq.
enable-dbus
conf-file=/etc/dnsmasq-conf.conf
resolv-file=/etc/dnsmasq-resolv.conf
.Ed
.It Sy named_options
Include this file in the named options block.
This file tells named which name servers to use for global lookups.
@ -230,16 +253,21 @@ Include this file in the named global scope, after the options block.
This file tells named which name servers to use for specific domains.
.Pp
Example resolvconf.conf for named:
.D1 name_servers=127.0.0.1
.D1 named_options=/etc/named-options.conf
.D1 named_zones=/etc/named-zones.conf
.Bd -compact -literal -offset indent
name_servers=127.0.0.1
named_options=/etc/named-options.conf
named_zones=/etc/named-zones.conf
.Ed
.Pp
Example named.conf:
.D1 options {
.D1 listen-on { 127.0.0.1; };
.D1 include "/etc/named-options.conf";
.D1 };
.D1 include "/etc/named-zones.conf";
.Bd -compact -literal -offset indent
options {
listen-on { 127.0.0.1; };
include "/etc/named-options.conf";
};
include "/etc/named-zones.conf";
.Ed
.It Sy pdnsd_conf
This is the main pdnsd configuration file which we modify to add our
forward domains to.
@ -253,32 +281,54 @@ If this variable is not set then it's written to
.Pa pdnsd_conf .
.Pp
Example resolvconf.conf for pdnsd:
.D1 name_servers=127.0.0.1
.D1 pdnsd_conf=/etc/pdnsd.conf
.D1 # pdnsd_resolv=/etc/pdnsd-resolv.conf
.Bd -compact -literal -offset indent
name_servers=127.0.0.1
pdnsd_conf=/etc/pdnsd.conf
# pdnsd_resolv=/etc/pdnsd-resolv.conf
.Ed
.Pp
Example pdnsd.conf:
.D1 global {
.D1 server_ip = 127.0.0.1;
.D1 status_ctl = on;
.D1 }
.D1 server {
.D1 # A server definition is required, even if emtpy.
.D1 label="empty";
.D1 proxy_only=on;
.D1 # file="/etc/pdnsd-resolv.conf";
.D1 }
.Bd -compact -literal -offset indent
global {
server_ip = 127.0.0.1;
status_ctl = on;
}
server {
# A server definition is required, even if empty.
label="empty";
proxy_only=on;
# file="/etc/pdnsd-resolv.conf";
}
.Ed
.It Sy pdns_zones
This file tells pdns_recursor about specific and global name servers.
.Pp
Example resolvconf.conf for pdns_recursor:
.Bd -compact -literal -offset indent
name_servers=127.0.0.1
pdns_zones=/etc/pdns/recursor-zones.conf
.Ed
.Pp
Example recursor.conf:
.Bd -compact -literal -offset indent
allow-from=127.0.0.0/8, ::1/128
forward-zones-file=/etc/pdns/recursor-zones.conf
.Ed
.It Sy unbound_conf
This file tells unbound about specific and global name servers.
.It Sy unbound_insecure
When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC.
.Pp
Example resolvconf.conf for unbound:
.D1 name_servers=127.0.0.1
.D1 unbound_conf=/etc/unbound-resolvconf.conf
.Bd -compact -literal -offset indent
name_servers=127.0.0.1
unbound_conf=/etc/unbound-resolvconf.conf
.Ed
.Pp
Example unbound.conf:
.D1 include: /etc/unbound-resolvconf.conf
.Bd -compact -literal -offset indent
include: /etc/unbound-resolvconf.conf
.Ed
.El
.Sh SUBSCRIBER INTEGRATION
Not all distributions store the files the subscribers need in the same
@ -292,7 +342,6 @@ Also, users could equally want to use a different version from the one
installed by default, such as bind8 and bind9.
To accommodate this, the subscribers have these files in configurable
variables, documented below.
.Pp
.Bl -tag -width indent
.It Sy dnsmasq_service
Name of the dnsmasq service.
@ -310,6 +359,10 @@ Name of the named service.
Command to restart the named service.
.It Sy pdnsd_restart
Command to restart the pdnsd service.
.It Sy pdns_service
Command to restart the pdns_recursor service.
.It Sy pdns_restart
Command to restart the pdns_recursor service.
.It Sy unbound_service
Name of the unbound service.
.It Sy unbound_restart

View File

@ -1,5 +1,5 @@
#!/bin/sh
# Copyright (c) 2007-2016 Roy Marples
# Copyright (c) 2007-2019 Roy Marples
# All rights reserved
# Redistribution and use in source and binary forms, with or without
@ -25,7 +25,7 @@
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
RESOLVCONF="$0"
OPENRESOLV_VERSION="3.9.0"
OPENRESOLV_VERSION="3.9.2"
SYSCONFDIR=@SYSCONFDIR@
LIBEXECDIR=@LIBEXECDIR@
VARDIR=@VARDIR@
@ -125,21 +125,22 @@ usage()
# If you think otherwise, capture a DNS trace and you'll see libc
# will strip it regardless.
# This also solves setting up duplicate zones in our subscribers.
strip_trailing_dots()
# Also strip any comments denoted by #.
resolv_strip()
{
local n= d=
for n; do
printf "$d%s" "${n%.}"
d=" "
space=
for word; do
case "$word" in
\#*) break;;
esac
printf "%s%s" "$space${word%.}"
space=" "
done
printf "\n"
}
private_iface()
{
local p
# Allow expansion
cd "$IFACEDIR"
@ -168,12 +169,15 @@ private_iface()
# for domain name servers, search name servers and global nameservers
parse_resolv()
{
local line= ns= ds= search= d= n= newns=
local new=true iface= private=false p= domain= l= islocal=
domain=
new=true
newns=
ns=
private=false
search=
while read -r line; do
stripped_line="$(resolv_strip ${line#* })"
case "$line" in
"# resolv.conf from "*)
if ${new}; then
@ -189,29 +193,32 @@ parse_resolv()
"nameserver "*)
islocal=false
for l in $local_nameservers; do
case "${line#* }" in
case "$stripped_line" in
$l)
islocal=true
echo "LOCALNAMESERVERS=\"\$LOCALNAMESERVERS ${line#* }\""
break
;;
esac
done
$islocal || ns="$ns${line#* } "
if $islocal; then
echo "LOCALNAMESERVERS=\"\$LOCALNAMESERVERS $stripped_line\""
else
ns="$ns$stripped_line "
fi
;;
"domain "*)
search="$(strip_trailing_dots ${line#* })"
search="$stripped_line"
if [ -z "$domain" ]; then
domain="$search"
echo "DOMAIN=\"$domain\""
fi
;;
"search "*)
search="$(strip_trailing_dots ${line#* })"
search="$stripped_line"
;;
*)
[ -n "$line" ] && continue
if [ -n "$ns" -a -n "$search" ]; then
if [ -n "$ns" ] && [ -n "$search" ]; then
newns=
for n in $ns; do
newns="$newns${newns:+,}$n"
@ -236,7 +243,7 @@ parse_resolv()
uniqify()
{
local result=
result=
while [ -n "$1" ]; do
case " $result " in
*" $1 "*);;
@ -249,8 +256,8 @@ uniqify()
dirname()
{
local dir= OIFS="$IFS"
local IFS=/
OIFS="$IFS"
IFS=/
set -- $@
IFS="$OIFS"
if [ -n "$1" ]; then
@ -267,7 +274,7 @@ dirname()
config_mkdirs()
{
local e=0 f d
e=0
for f; do
[ -n "$f" ] || continue
d="$(dirname "$f")"
@ -295,66 +302,86 @@ detect_init()
# Detect the running init system.
# As systemd and OpenRC can be installed on top of legacy init
# systems we try to detect them first.
local status="@STATUSARG@"
status="@STATUSARG@"
: ${status:=status}
if [ -x /bin/systemctl -a -S /run/systemd/private ]; then
RESTARTCMD="if /bin/systemctl --quiet is-active \$1.service; then
/bin/systemctl restart \$1.service;
fi"
elif [ -x /usr/bin/systemctl -a -S /run/systemd/private ]; then
RESTARTCMD="if /usr/bin/systemctl --quiet is-active \$1.service; then
/usr/bin/systemctl restart \$1.service;
fi"
elif [ -x /sbin/rc-service -a \
-s /libexec/rc/init.d/softlevel -o -s /run/openrc/softlevel ]
if [ -x /bin/systemctl ] && [ -S /run/systemd/private ]; then
RESTARTCMD='
if /bin/systemctl --quiet is-active $1.service
then
/bin/systemctl restart $1.service
fi'
elif [ -x /usr/bin/systemctl ] && [ -S /run/systemd/private ]; then
RESTARTCMD='
if /usr/bin/systemctl --quiet is-active $1.service
then
/usr/bin/systemctl restart $1.service
fi'
elif [ -x /sbin/rc-service ] &&
{ [ -s /libexec/rc/init.d/softlevel ] ||
[ -s /run/openrc/softlevel ]; }
then
RESTARTCMD="/sbin/rc-service -i \$1 -- -Ds restart"
RESTARTCMD='/sbin/rc-service -i $1 -- -Ds restart'
elif [ -x /usr/sbin/invoke-rc.d ]; then
RCDIR=/etc/init.d
RESTARTCMD="if /usr/sbin/invoke-rc.d --quiet \$1 status 1>/dev/null 2>&1; then
/usr/sbin/invoke-rc.d \$1 restart;
fi"
RESTARTCMD='
if /usr/sbin/invoke-rc.d --quiet $1 status >/dev/null 2>&1
then
/usr/sbin/invoke-rc.d $1 restart
fi'
elif [ -x /sbin/service ]; then
# Old RedHat
RCDIR=/etc/init.d
RESTARTCMD="if /sbin/service \$1; then
/sbin/service \$1 restart;
fi"
RESTARTCMD='
if /sbin/service $1; then
/sbin/service $1 restart
fi'
elif [ -x /usr/sbin/service ]; then
# Could be FreeBSD
RESTARTCMD="if /usr/sbin/service \$1 $status 1>/dev/null 2>&1; then
/usr/sbin/service \$1 restart;
fi"
RESTARTCMD="
if /usr/sbin/service \$1 $status >/dev/null 2>&1
then
/usr/sbin/service \$1 restart
fi"
elif [ -x /bin/sv ]; then
RESTARTCMD="/bin/sv status \$1 >/dev/null 2>&1 && /bin/sv try-restart \$1"
RESTARTCMD='/bin/sv status $1 >/dev/null 2>&1 &&
/bin/sv try-restart $1'
elif [ -x /usr/bin/sv ]; then
RESTARTCMD="/usr/bin/sv status \$1 >/dev/null 2>&1 && /usr/bin/sv try-restart \$1"
elif [ -e /etc/arch-release -a -d /etc/rc.d ]; then
RESTARTCMD='/usr/bin/sv status $1 >/dev/null 2>&1 &&
/usr/bin/sv try-restart $1'
elif [ -e /etc/arch-release ] && [ -d /etc/rc.d ]; then
RCDIR=/etc/rc.d
RESTARTCMD="if [ -e /var/run/daemons/\$1 ]; then
/etc/rc.d/\$1 restart;
fi"
elif [ -e /etc/slackware-version -a -d /etc/rc.d ]; then
RESTARTCMD="if /etc/rc.d/rc.\$1 status 1>/dev/null 2>&1; then
/etc/rc.d/rc.\$1 restart;
fi"
elif [ -e /etc/rc.d/rc.subr -a -d /etc/rc.d ]; then
RESTARTCMD='
if [ -e /var/run/daemons/$1 ]
then
/etc/rc.d/$1 restart
fi'
elif [ -e /etc/slackware-version ] && [ -d /etc/rc.d ]; then
RESTARTCMD='
if /etc/rc.d/rc.$1 status >/dev/null 2>&1
then
/etc/rc.d/rc.$1 restart
fi'
elif [ -e /etc/rc.d/rc.subr ] && [ -d /etc/rc.d ]; then
# OpenBSD
RESTARTCMD="if /etc/rc.d/\$1 check 1>/dev/null 2>&1; then
/etc/rc.d/\$1 restart;
fi"
RESTARTCMD='
if /etc/rc.d/$1 check >/dev/null 2>&1
then
/etc/rc.d/$1 restart
fi'
else
for x in /etc/init.d/rc.d /etc/rc.d /etc/init.d; do
[ -d $x ] || continue
RESTARTCMD="if $x/\$1 $status 1>/dev/null 2>&1; then
$x/\$1 restart;
fi"
RESTARTCMD="
if $x/\$1 $status >/dev/null 2>&1
then
$x/\$1 restart
fi"
break
done
fi
if [ -z "$RESTARTCMD" ]; then
if [ "$NOINIT_WARNED" != true ]; then
if [ "$_NOINIT_WARNED" != true ]; then
warn "could not detect a useable init system"
_NOINIT_WARNED=true
fi
@ -366,9 +393,9 @@ fi"
echo_resolv()
{
local line= OIFS="$IFS"
OIFS="$IFS"
[ -n "$1" -a -f "$IFACEDIR/$1" ] || return 1
[ -n "$1" ] && [ -f "$IFACEDIR/$1" ] || return 1
echo "# resolv.conf from $1"
# Our variable maker works of the fact each resolv.conf per interface
# is separated by blank lines.
@ -388,11 +415,16 @@ list_resolv()
{
[ -d "$IFACEDIR" ] || return 0
local report=false list= retval=0 cmd="$1" excl=
cmd="$1"
shift
excl=false
list=
report=false
retval=0
case "$IF_EXCLUSIVE" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
excl=true
if [ -d "$EXCLUSIVEDIR" ]; then
cd "$EXCLUSIVEDIR"
for i in *; do
@ -402,19 +434,15 @@ list_resolv()
fi
done
fi
excl=true
cd "$IFACEDIR"
for i in $inclusive_interfaces; do
if [ -f "$i" -a "$list" = "$i" ]; then
if [ -f "$i" ] && [ "$list" = "$i" ]; then
list=
excl=false
break
fi
done
;;
*)
excl=false
;;
esac
# If we have an interface ordering list, then use that.
@ -431,22 +459,28 @@ list_resolv()
done
done
for i in $dynamic_order; do
if [ -e "$i" -a ! -e "$METRICDIR/"*" $i" ]; then
if [ -e "$i" ] && ! [ -e "$METRICDIR/"*" $i" ]; then
list="$list $i"
fi
for ii in "$i":* "$i".*; do
if [ -f "$ii" -a ! -e "$METRICDIR/"*" $ii" ]; then
if [ -f "$ii" ] && ! [ -e "$METRICDIR/"*" $ii" ]
then
list="$list $ii"
fi
done
done
# Interfaces have an implicit metric of 0 if not specified.
for i in *; do
if [ -f "$i" ] && ! [ -e "$METRICDIR/"*" $i" ]; then
list="$list $i"
fi
done
if [ -d "$METRICDIR" ]; then
cd "$METRICDIR"
for i in *; do
[ -f "$i" ] && list="$list ${i#* }"
done
fi
list="$list *"
fi
cd "$IFACEDIR"
@ -461,23 +495,24 @@ list_resolv()
continue
fi
if [ "$cmd" = i -o "$cmd" = "-i" ]; then
if [ "$cmd" = i ] || [ "$cmd" = "-i" ]; then
printf %s "$i "
else
echo_resolv "$i" && echo
fi
[ $? = 0 -a "$retval" = 1 ] && retval=0
[ $? = 0 ] && [ "$retval" = 1 ] && retval=0
done
[ "$cmd" = i -o "$cmd" = "-i" ] && echo
[ "$cmd" = i ] || [ "$cmd" = "-i" ] && echo
return $retval
}
list_remove() {
local list= e= l= result= found= retval=0
list_remove()
{
[ -z "$2" ] && return 0
eval list=\"\$$1\"
shift
result=
retval=0
set -f
for e; do
@ -525,8 +560,6 @@ echo_append()
replace()
{
local r= k= f= v= val= sub=
while read -r keyword value; do
for r in $replace; do
k="${r%%/*}"
@ -566,8 +599,6 @@ replace()
make_vars()
{
local newdomains= d= dn= newns= ns=
# Clear variables
DOMAIN=
DOMAINS=
@ -575,7 +606,7 @@ make_vars()
NAMESERVERS=
LOCALNAMESERVERS=
if [ -n "$name_servers" -o -n "$search_domains" ]; then
if [ -n "${name_servers}${search_domains}" ]; then
eval "$(echo_prepend | parse_resolv)"
fi
if [ -z "$VFLAG" ]; then
@ -583,11 +614,12 @@ make_vars()
list_resolv -i "$@" >/dev/null || IF_EXCLUSIVE=0
eval "$(list_resolv -l "$@" | replace | parse_resolv)"
fi
if [ -n "$name_servers_append" -o -n "$search_domains_append" ]; then
if [ -n "${name_servers_append}${search_domains_append}" ]; then
eval "$(echo_append | parse_resolv)"
fi
# Ensure that we only list each domain once
newdomains=
for d in $DOMAINS; do
dn="${d%%:*}"
list_remove domain_blacklist "$dn" >/dev/null || continue
@ -667,36 +699,37 @@ if [ "$cmd" = D ]; then
fi
# -l lists our resolv files, optionally for a specific interface
if [ "$cmd" = l -o "$cmd" = i ]; then
if [ "$cmd" = l ] || [ "$cmd" = i ]; then
list_resolv "$cmd" "$args"
exit $?
fi
# Restart a service or echo the command to restart a service
if [ "$cmd" = r -o "$cmd" = R ]; then
if [ "$cmd" = r ] || [ "$cmd" = R ]; then
detect_init || exit 1
if [ "$cmd" = r ]; then
set -- $args
eval $RESTARTCMD
eval "$RESTARTCMD"
else
echo "$RESTARTCMD"
echo "$RESTARTCMD" |
sed -e '/^$/d' -e 's/^ //g'
fi
exit $?
fi
# Not normally needed, but subscribers should be able to run independently
if [ "$cmd" = v -o -n "$VFLAG" ]; then
if [ "$cmd" = v ] || [ -n "$VFLAG" ]; then
make_vars "$iface"
exit $?
fi
# Test that we have valid options
if [ "$cmd" = a -o "$cmd" = d ]; then
if [ "$cmd" = a ] || [ "$cmd" = d ]; then
if [ -z "$iface" ]; then
usage "Interface not specified"
fi
elif [ "$cmd" != u ]; then
[ -n "$cmd" -a "$cmd" != h ] && usage "Unknown option $cmd"
[ -n "$cmd" ] && [ "$cmd" != h ] && usage "Unknown option $cmd"
usage
fi
@ -712,7 +745,7 @@ if [ "$cmd" = a ]; then
"$x not allowed at start of interface name";;
esac
done
[ "$cmd" = a -a -t 0 ] && error_exit "No file given via stdin"
[ "$cmd" = a ] && [ -t 0 ] && error_exit "No file given via stdin"
fi
if [ ! -d "$VARDIR" ]; then
@ -808,8 +841,8 @@ a)
newmetric="$METRICDIR/$IF_METRIC $iface"
fi
rm -f "$METRICDIR/"*" $iface"
[ "$oldmetric" != "$newmetric" -a \
"$oldmetric" != "$METRICDIR/* $iface" ] &&
[ "$oldmetric" != "$newmetric" ] &&
[ "$oldmetric" != "$METRICDIR/* $iface" ] &&
changed=true
[ -n "$newmetric" ] && echo " " >"$newmetric"

View File

@ -76,7 +76,7 @@ restart_unbound()
eval $unbound_restart
elif [ -n "$RESTARTCMD" ]; then
set -- ${unbound_service}
eval $RESTARTCMD
eval "$RESTARTCMD"
else
@SBINDIR@/resolvconf -r ${unbound_service}
fi