head 1.22; access; symbols netbsd-8-3-RELEASE:1.18 netbsd-9-4-RELEASE:1.18 netbsd-10-0-RELEASE:1.21 netbsd-10-0-RC6:1.21 netbsd-10-0-RC5:1.21 netbsd-10-0-RC4:1.21 netbsd-10-0-RC3:1.21 netbsd-10-0-RC2:1.21 netbsd-10-0-RC1:1.21 openresolv-3_13_2:1.1.1.18 netbsd-10:1.21.0.6 netbsd-10-base:1.21 netbsd-9-3-RELEASE:1.18 cjep_sun2x-base1:1.21 cjep_sun2x:1.21.0.4 cjep_sun2x-base:1.21 cjep_staticlib_x-base1:1.21 netbsd-9-2-RELEASE:1.18 cjep_staticlib_x:1.21.0.2 cjep_staticlib_x-base:1.21 openresolv-3_12_0:1.1.1.17 netbsd-9-1-RELEASE:1.18 openresolv-3_11_0:1.1.1.16 phil-wifi-20200421:1.20 phil-wifi-20200411:1.20 is-mlppp:1.20.0.2 is-mlppp-base:1.20 phil-wifi-20200406:1.20 netbsd-8-2-RELEASE:1.18 netbsd-9-0-RELEASE:1.18 netbsd-9-0-RC2:1.18 openresolv-3_10_0:1.1.1.16 netbsd-9-0-RC1:1.18 phil-wifi-20191119:1.19 openresolv-3_9_2a:1.1.1.15 ROY:1.1.1 openresolv-3-9-2:1.1.1.15 netbsd-9:1.18.0.14 netbsd-9-base:1.18 openresolv-3-9-1:1.1.1.14 phil-wifi-20190609:1.18 netbsd-8-1-RELEASE:1.18 netbsd-8-1-RC1:1.18 pgoyette-compat-merge-20190127:1.18 pgoyette-compat-20190127:1.18 pgoyette-compat-20190118:1.18 pgoyette-compat-1226:1.18 pgoyette-compat-1126:1.18 pgoyette-compat-1020:1.18 pgoyette-compat-0930:1.18 pgoyette-compat-0906:1.18 netbsd-7-2-RELEASE:1.9.4.1 pgoyette-compat-0728:1.18 netbsd-8-0-RELEASE:1.18 phil-wifi:1.18.0.12 phil-wifi-base:1.18 pgoyette-compat-0625:1.18 netbsd-8-0-RC2:1.18 pgoyette-compat-0521:1.18 pgoyette-compat-0502:1.18 pgoyette-compat-0422:1.18 netbsd-8-0-RC1:1.18 pgoyette-compat-0415:1.18 pgoyette-compat-0407:1.18 pgoyette-compat-0330:1.18 pgoyette-compat-0322:1.18 pgoyette-compat-0315:1.18 netbsd-7-1-2-RELEASE:1.9.4.1 pgoyette-compat:1.18.0.10 pgoyette-compat-base:1.18 netbsd-7-1-1-RELEASE:1.9.4.1 matt-nb8-mediatek:1.18.0.8 matt-nb8-mediatek-base:1.18 perseant-stdc-iso10646:1.18.0.6 perseant-stdc-iso10646-base:1.18 netbsd-8:1.18.0.4 netbsd-8-base:1.18 prg-localcount2-base3:1.18 prg-localcount2-base2:1.18 prg-localcount2-base1:1.18 prg-localcount2:1.18.0.2 prg-localcount2-base:1.18 pgoyette-localcount-20170426:1.18 bouyer-socketcan-base1:1.18 pgoyette-localcount-20170320:1.18 netbsd-7-1:1.9.4.1.0.6 netbsd-7-1-RELEASE:1.9.4.1 netbsd-7-1-RC2:1.9.4.1 netbsd-7-nhusb-base-20170116:1.9.4.1 bouyer-socketcan:1.17.0.2 bouyer-socketcan-base:1.17 pgoyette-localcount-20170107:1.17 netbsd-7-1-RC1:1.9.4.1 openresolv-3-9-0:1.1.1.13 pgoyette-localcount-20161104:1.16 netbsd-7-0-2-RELEASE:1.9.4.1 localcount-20160914:1.16 netbsd-7-nhusb:1.9.4.1.0.4 netbsd-7-nhusb-base:1.9.4.1 pgoyette-localcount-20160806:1.16 pgoyette-localcount-20160726:1.16 pgoyette-localcount:1.16.0.2 pgoyette-localcount-base:1.16 netbsd-7-0-1-RELEASE:1.9.4.1 openresolv-3-8-0:1.1.1.12 openresolv-3-7-3:1.1.1.11 netbsd-7-0:1.9.4.1.0.2 openresolv-3-7-1:1.1.1.10 netbsd-7-0-RELEASE:1.9.4.1 netbsd-7-0-RC3:1.9.4.1 netbsd-7-0-RC2:1.9.4.1 netbsd-7-0-RC1:1.9.4.1 openresolv-3-7-0:1.1.1.9 openresolv-3-6-1:1.1.1.8 openresolv-3-6-0:1.1.1.7 netbsd-6-0-6-RELEASE:1.4 netbsd-6-1-5-RELEASE:1.4 netbsd-7:1.9.0.4 netbsd-7-base:1.9 yamt-pagecache-base9:1.9 yamt-pagecache-tag8:1.3.2.2 netbsd-6-1-4-RELEASE:1.4 netbsd-6-0-5-RELEASE:1.4 tls-earlyentropy:1.9.0.2 tls-earlyentropy-base:1.9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.9 riastradh-drm2-base3:1.9 netbsd-6-1-3-RELEASE:1.4 netbsd-6-0-4-RELEASE:1.4 netbsd-6-1-2-RELEASE:1.4 netbsd-6-0-3-RELEASE:1.4 netbsd-6-1-1-RELEASE:1.4 riastradh-drm2-base2:1.9 riastradh-drm2-base1:1.9 riastradh-drm2:1.8.0.2 riastradh-drm2-base:1.8 openresolv-3-5-6:1.1.1.6 openresolv-3-5-5:1.1.1.6 netbsd-6-1:1.4.0.8 netbsd-6-0-2-RELEASE:1.4 netbsd-6-1-RELEASE:1.4 khorben-n900:1.7.0.4 netbsd-6-1-RC4:1.4 netbsd-6-1-RC3:1.4 agc-symver:1.7.0.2 agc-symver-base:1.7 netbsd-6-1-RC2:1.4 netbsd-6-1-RC1:1.4 yamt-pagecache-base8:1.6 netbsd-6-0-1-RELEASE:1.4 yamt-pagecache-base7:1.6 openresolv-3-5-3:1.1.1.5 matt-nb6-plus-nbase:1.4 yamt-pagecache-base6:1.5 netbsd-6-0:1.4.0.6 netbsd-6-0-RELEASE:1.4 netbsd-6-0-RC2:1.4 tls-maxphys:1.5.0.2 tls-maxphys-base:1.9 matt-nb6-plus:1.4.0.4 matt-nb6-plus-base:1.4 netbsd-6-0-RC1:1.4 yamt-pagecache-base5:1.5 yamt-pagecache-base4:1.5 openresolv-3-5-1:1.1.1.4 openresolv-3-5-0:1.1.1.4 netbsd-6:1.4.0.2 netbsd-6-base:1.4 openresolv-3-4-6:1.1.1.3 openresolv-3-4-5:1.1.1.3 yamt-pagecache-base3:1.3 yamt-pagecache-base2:1.3 yamt-pagecache:1.3.0.2 yamt-pagecache-base:1.3 openresolv-3-4-2:1.1.1.2 cherry-xenmp:1.2.0.4 cherry-xenmp-base:1.2 bouyer-quota2-nbase:1.2 bouyer-quota2:1.2.0.2 bouyer-quota2-base:1.2 matt-mips64-premerge-20101231:1.2 matt-premerge-20091211:1.1.1.1 openresolv-3-3-4:1.1.1.1 openresolv-3-3-3:1.1.1.1 roy:1.1.1; locks; strict; comment @# @; 1.22 date 2023.06.27.17.07.53; author roy; state Exp; branches; next 1.21; commitid 2p1TPgRzvEQjLBuE; 1.21 date 2020.12.27.18.26.50; author roy; state Exp; branches; next 1.20; commitid mLnTQASzduUVvpBC; 1.20 date 2020.01.27.21.13.05; author roy; state Exp; branches; next 1.19; commitid uHx530BTk7MAcnUB; 1.19 date 2019.09.08.20.48.50; author roy; state Exp; branches; next 1.18; commitid H8vmwN1TWojhBfCB; 1.18 date 2017.01.31.21.25.58; author abhinav; state Exp; branches 1.18.12.1; next 1.17; commitid aZBEJS7DZhVQkaEz; 1.17 date 2016.12.30.19.43.36; author roy; state Exp; branches 1.17.2.1; next 1.16; commitid 22A3WwNcJheUN2Az; 1.16 date 2016.04.28.08.17.04; author wiz; state Exp; branches 1.16.2.1; next 1.15; commitid WGsQJZZ4hDsDUm4z; 1.15 date 2016.04.11.10.41.51; author roy; state Exp; branches; next 1.14; commitid nRuvgtPGaHmcgc2z; 1.14 date 2016.02.22.10.09.06; author roy; state Exp; branches; next 1.13; commitid x4It8ZOfDwmCETVy; 1.13 date 2015.09.29.09.11.47; author roy; state Exp; branches; next 1.12; commitid zpQ5vy5wG4IU18Dy; 1.12 date 2015.05.01.18.23.11; author roy; state Exp; branches; next 1.11; commitid qVNroop8dDHZVLjy; 1.11 date 2014.10.28.22.39.25; author roy; state Exp; branches; next 1.10; commitid j5sin4nO0t2Bi1Wx; 1.10 date 2014.10.20.09.11.35; author roy; state Exp; branches; next 1.9; commitid cXxqgWwSu77p5VUx; 1.9 date 2013.07.20.21.40.04; author wiz; state Exp; branches 1.9.4.1; next 1.8; commitid VZsNcbAcdhMJUfYw; 1.8 date 2013.06.04.09.40.12; author roy; state Exp; branches 1.8.2.1; next 1.7; commitid p38s2iH3p0EAphSw; 1.7 date 2013.03.21.04.57.38; author joerg; state Exp; branches; next 1.6; 1.6 date 2012.12.06.11.41.07; author roy; state Exp; branches; next 1.5; 1.5 date 2012.03.26.14.43.01; author roy; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2011.11.24.00.37.40; author roy; state Exp; branches; next 1.3; 1.3 date 2011.06.13.11.07.50; author roy; state Exp; branches 1.3.2.1; next 1.2; 1.2 date 2010.06.16.22.26.56; author joerg; state Exp; branches 1.2.4.1; next 1.1; 1.1 date 2009.11.21.02.40.55; author roy; state Exp; branches 1.1.1.1; next ; 1.18.12.1 date 2020.04.13.07.56.27; author martin; state Exp; branches; next ; commitid X01YhRUPVUDaec4C; 1.17.2.1 date 2017.04.21.16.52.33; author bouyer; state Exp; branches; next ; commitid dUG7nkTKALCadqOz; 1.16.2.1 date 2017.01.07.08.54.10; author pgoyette; state Exp; branches; next 1.16.2.2; commitid uEL0C1YuiJrlV0Bz; 1.16.2.2 date 2017.03.20.06.56.21; author pgoyette; state Exp; branches; next ; commitid jjw7cAwgyKq7RfKz; 1.9.4.1 date 2014.11.12.13.36.40; author martin; state Exp; branches; next ; commitid T0RGwVMnmDn6OTXx; 1.8.2.1 date 2013.07.23.21.07.23; author riastradh; state Exp; branches; next ; commitid rochtllMBJfBDDYw; 1.5.2.1 date 2013.02.25.00.26.44; author tls; state Exp; branches; next 1.5.2.2; 1.5.2.2 date 2013.06.23.06.28.28; author tls; state Exp; branches; next 1.5.2.3; commitid OnlO1cBgtQRcIHUw; 1.5.2.3 date 2014.08.19.23.52.07; author tls; state Exp; branches; next ; commitid jTnpym9Qu0o4R1Nx; 1.3.2.1 date 2012.04.17.00.04.02; author yamt; state Exp; branches; next 1.3.2.2; 1.3.2.2 date 2013.01.16.05.28.00; author yamt; state Exp; branches; next 1.3.2.3; 1.3.2.3 date 2014.05.22.15.50.52; author yamt; state Exp; branches; next ; commitid TxcZ1Vndpkoj9yBx; 1.2.4.1 date 2011.06.23.14.18.32; author cherry; state Exp; branches; next ; 1.1.1.1 date 2009.11.21.02.40.55; author roy; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2011.06.13.11.05.19; author roy; state Exp; branches; next 1.1.1.3; 1.1.1.3 date 2011.11.24.00.36.05; author roy; state Exp; branches; next 1.1.1.4; 1.1.1.4 date 2012.03.26.14.41.33; author roy; state Exp; branches; next 1.1.1.5; 1.1.1.5 date 2012.12.06.11.38.17; author roy; state Exp; branches; next 1.1.1.6; 1.1.1.6 date 2013.06.04.09.37.21; author roy; state Exp; branches; next 1.1.1.7; commitid H4LmMMKY15p8ohSw; 1.1.1.7 date 2014.10.20.09.09.53; author roy; state Exp; branches; next 1.1.1.8; commitid MdCzdyhMXoYy4VUx; 1.1.1.8 date 2014.10.28.22.37.59; author roy; state Exp; branches; next 1.1.1.9; commitid 4YFEdBi5jWFXg1Wx; 1.1.1.9 date 2015.05.01.18.21.17; author roy; state Exp; branches; next 1.1.1.10; commitid CAnIfqUqW71LULjy; 1.1.1.10 date 2015.09.29.09.10.07; author roy; state Exp; branches; next 1.1.1.11; commitid lK0rKbaUadY018Dy; 1.1.1.11 date 2016.02.22.10.07.27; author roy; state Exp; branches; next 1.1.1.12; commitid KiJBcsI6kTLJDTVy; 1.1.1.12 date 2016.04.11.10.40.21; author roy; state Exp; branches; next 1.1.1.13; commitid 5L5ymQ7w2w5sfc2z; 1.1.1.13 date 2016.12.30.19.42.05; author roy; state Exp; branches; next 1.1.1.14; commitid 98WtyF8Gyy2HM2Az; 1.1.1.14 date 2019.07.17.18.24.24; author roy; state Exp; branches; next 1.1.1.15; commitid QEvEWpLxLAN9vqvB; 1.1.1.15 date 2019.09.08.20.46.17; author roy; state Exp; branches; next 1.1.1.16; commitid 7qurtMgM51sbAfCB; 1.1.1.16 date 2020.01.27.21.11.13; author roy; state Exp; branches; next 1.1.1.17; commitid EqEiwYUTsqmCbnUB; 1.1.1.17 date 2020.12.27.18.25.08; author roy; state Exp; branches; next 1.1.1.18; commitid bQmXcv44fWl5vpBC; 1.1.1.18 date 2023.06.27.17.04.19; author roy; state Exp; branches; next ; commitid zEjGvpVhaFweJBuE; desc @@ 1.22 log @Sync with openresolv-3.13.2 @ text @.\" Copyright (c) 2009-2023 Roy Marples .\" All rights reserved .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .Dd May 23, 2023 .Dt RESOLVCONF.CONF 5 .Os .Sh NAME .Nm resolvconf.conf .Nd resolvconf configuration file .Sh DESCRIPTION .Nm is the configuration file for .Xr resolvconf 8 . The .Nm file is a shell script that is sourced by .Xr resolvconf 8 , meaning that .Nm must contain valid shell commands. Listed below are the standard .Nm variables that may be set. If the values contain whitespace, wildcards or other special shell characters, ensure they are quoted and escaped correctly. See the .Sy replace variable for an example on quoting. .Pp After updating this file, you may wish to run .Nm resolvconf -u to apply the new configuration. .Pp When a dynamically generated list is appended or prepended to, the whole is made unique where left-most wins. .Sh RESOLVCONF OPTIONS .Bl -tag -width indent .It Sy resolvconf Set to NO to disable .Nm resolvconf from running any subscribers. Defaults to YES. .It Sy allow_interfaces If set, only these interfaces will be processed. .It Sy deny_interfaces If set, these interfaces will not be processed. .It Sy interface_order These interfaces will always be processed first. If unset, defaults to the following:- .Bd -compact -literal -offset indent lo lo[0-9]* .Ed .It Sy dynamic_order These interfaces will be processed next, unless they have a metric. If unset, defaults to the following:- .Bd -compact -literal -offset indent tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]* .Ed .It Sy inclusive_interfaces Ignore any exclusive marking for these interfaces. This is handy when 3rd party integrations force the .Nm resolvconf -x option and you want to disable it easily. .It Sy local_nameservers If unset, defaults to the following:- .Bd -compact -literal -offset indent 127.* 0.0.0.0 255.255.255.255 ::1 .Ed .It Sy search_domains Prepend search domains to the dynamically generated list. .It Sy search_domains_append Append search domains to the dynamically generated list. .It Sy domain_blacklist A list of domains to be removed from consideration. To remove a domain, you can use foo.* To remove a sub domain, you can use *.bar .It Sy name_servers Prepend name servers to the dynamically generated list. You should set this to 127.0.0.1 if you use a local name server other than libc. .It Sy name_servers_append Append name servers to the dynamically generated list. .It Sy name_server_blacklist A list of name servers to be removed from consideration. The default is 0.0.0.0 as some faulty routers send it via DHCP. To remove a block, you can use 192.168.* .It Sy private_interfaces These interfaces name servers will only be queried for the domains listed in their resolv.conf. Useful for VPN domains. Setting .Sy private_interfaces Ns ="*" will stop the forwarding of the root zone and allows the local resolver to recursively query the root servers directly. Requires a local nameserver other than libc. This is equivalent to the .Nm resolvconf -p option. .It Sy public_interfaces Force these interface to be public, overriding the private marking. This is handy when 3rd party integrations force the .Nm resolvconf -p option and you want to disable it easily. .It Sy replace Is a space separated list of replacement keywords. The syntax is this: .Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement .Pp Example, given this resolv.conf: .Bd -compact -literal -offset indent domain foo.org search foo.org dead.beef nameserver 1.2.3.4 nameserver 2.3.4.5 .Ed and this configuration: .Bd -compact -literal -offset indent replace="search/foo*/bar.com" replace="$replace nameserver/1.2.3.4/5.6.7.8" replace="$replace nameserver/2.3.4.5/" .Ed you would get this resolv.conf instead: .Bd -compact -literal -offset indent domain foo.org search bar.com nameserver 5.6.7.8 .Ed .It Sy replace_sub Works the same way as .Sy replace except it works on each space separated value rather than the whole line, so it's useful for the replacing a single domain within the search directive. Using the same example resolv.conf and changing .Sy replace to .Sy replace_sub , you would get this resolv.conf instead: .Bd -compact -literal -offset indent domain foo.org search bar.com dead.beef nameserver 5.6.7.8 .Ed .It Sy state_dir Override the default state directory of .Pa @@VARDIR@@ . This should not be changed once .Nm resolvconf is in use unless the old directory is copied to the new one. .El .Sh LIBC OPTIONS The following variables affect .Xr resolv.conf 5 directly:- .Bl -tag -width indent .It Sy resolv_conf Defaults to .Pa /etc/resolv.conf if not set. .It Sy resolv_conf_options A list of libc resolver options, as specified in .Xr resolv.conf 5 . .It Sy resolv_conf_passthrough When set to YES the latest resolv.conf is written to .Sy resolv_conf without any alteration. When set to /dev/null or NULL, .Sy resolv_conf_local_only is defaulted to NO, .Sy local_nameservers is unset unless overridden and only the information set in .Nm is written to .Sy resolv_conf . .It Sy resolv_conf_sortlist A libc resolver sortlist, as specified in .Xr resolv.conf 5 . .It Sy resolv_conf_local_only If a local name server is configured then the default is just to specify that and ignore all other entries as they will be configured for the local name server. Set this to NO to also list non-local nameservers. This will give you working DNS even if the local nameserver stops functioning at the expense of duplicated server queries. .It Sy append_nameservers Append name servers to the dynamically generated list. .It Sy prepend_nameservers Prepend name servers to the dynamically generated list. .It Sy append_search Append search domains to the dynamically generated list. .It Sy prepend_search Prepend search domains to the dynamically generated list. .It Sy resolv_conf_mv Defaults to NO. Defines if .Pa /etc/resolv.conf is updated by writing to a temporary file and then moving it vs writing directly to it. .El .Sh SUBSCRIBER OPTIONS openresolv ships with subscribers for the name servers .Xr dnsmasq 8 , .Xr named 8 , .Xr pdnsd 8 , .Xr pdns_recursor 1 , and .Xr unbound 8 . Each subscriber can create configuration files which should be included in the subscribers main configuration file. .Pp To disable a subscriber, simply set its name to NO. For example, to disable the libc subscriber you would set: .Bd -compact -literal -offset indent libc=NO .Ed .Bl -tag -width indent .It Sy dnsmasq_conf This file tells dnsmasq which name servers to use for specific domains. .It Sy dnsmasq_resolv This file tells dnsmasq which name servers to use for global lookups. .Pp Example resolvconf.conf for dnsmasq: .Bd -compact -literal -offset indent name_servers=127.0.0.1 dnsmasq_conf=/etc/dnsmasq-conf.conf dnsmasq_resolv=/etc/dnsmasq-resolv.conf .Ed .Pp Example dnsmasq.conf: .Bd -compact -literal -offset indent listen-address=127.0.0.1 # If dnsmasq is compiled for DBus then we can take # advantage of not having to restart dnsmasq. enable-dbus conf-file=/etc/dnsmasq-conf.conf resolv-file=/etc/dnsmasq-resolv.conf .Ed .It Sy named_options Include this file in the named options block. This file tells named which name servers to use for global lookups. .It Sy named_zones Include this file in the named global scope, after the options block. This file tells named which name servers to use for specific domains. .Pp Example resolvconf.conf for named: .Bd -compact -literal -offset indent name_servers=127.0.0.1 named_options=/etc/named-options.conf named_zones=/etc/named-zones.conf .Ed .Pp Example named.conf: .Bd -compact -literal -offset indent options { listen-on { 127.0.0.1; }; include "/etc/named-options.conf"; }; include "/etc/named-zones.conf"; .Ed .It Sy pdnsd_conf This is the main pdnsd configuration file which we modify to add our forward domains to. If this variable is not set then we rely on the pdnsd configuration file setup to read .Pa pdnsd_resolv as documented below. .It Sy pdnsd_resolv This file tells pdnsd about global name servers. If this variable is not set then it's written to .Pa pdnsd_conf . .Pp Example resolvconf.conf for pdnsd: .Bd -compact -literal -offset indent name_servers=127.0.0.1 pdnsd_conf=/etc/pdnsd.conf # pdnsd_resolv=/etc/pdnsd-resolv.conf .Ed .Pp Example pdnsd.conf: .Bd -compact -literal -offset indent global { server_ip = 127.0.0.1; status_ctl = on; } server { # A server definition is required, even if empty. label="empty"; proxy_only=on; # file="/etc/pdnsd-resolv.conf"; } .Ed .It Sy pdns_zones This file tells pdns_recursor about specific and global name servers. .Pp Example resolvconf.conf for pdns_recursor: .Bd -compact -literal -offset indent name_servers=127.0.0.1 pdns_zones=/etc/pdns/recursor-zones.conf .Ed .Pp Example recursor.conf: .Bd -compact -literal -offset indent allow-from=127.0.0.0/8, ::1/128 forward-zones-file=/etc/pdns/recursor-zones.conf .Ed .It Sy unbound_conf This file tells unbound about specific and global name servers. .It Sy unbound_insecure When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC. .It Sy unbound_forward_zone_options Options appended to each forward zone. Each option should be separated by an embedded new line. .Pp Example resolvconf.conf for unbound: .Bd -compact -literal -offset indent name_servers=127.0.0.1 unbound_conf=/etc/unbound-resolvconf.conf .Ed .Pp Example unbound.conf: .Bd -compact -literal -offset indent include: /etc/unbound-resolvconf.conf .Ed .El .Sh SUBSCRIBER INTEGRATION Not all distributions store the files the subscribers need in the same locations. For example, named service scripts have been called named, bind and rc.bind and they could be located in a directory called /etc/rc.d, /etc/init.d or similar. Each subscriber attempts to automatically configure itself, but not every distribution has been catered for. Also, users could equally want to use a different version from the one installed by default, such as bind8 and bind9. To accommodate this, the subscribers have these files in configurable variables, documented below. .Bl -tag -width indent .It Sy dnsmasq_service Name of the dnsmasq service. .It Sy dnsmasq_restart Command to restart the dnsmasq service. .It Sy dnsmasq_pid Location of the dnsmasq pidfile. .It Sy libc_service Name of the libc service. .It Sy libc_restart Command to restart the libc service. .It Sy named_service Name of the named service. .It Sy named_restart Command to restart the named service. .It Sy pdnsd_restart Command to restart the pdnsd service. .It Sy pdns_service Command to restart the pdns_recursor service. .It Sy pdns_restart Command to restart the pdns_recursor service. .It Sy unbound_service Name of the unbound service. .It Sy unbound_restart Command to restart the unbound service. .It Sy unbound_pid Location of the unbound pidfile. .El .Sh SEE ALSO .Xr sh 1 , .Xr resolv.conf 5 , .Xr resolvconf 8 .Sh AUTHORS .An Roy Marples Aq Mt roy@@marples.name .Sh BUGS Each distribution is a special snowflake and likes to name the same thing differently, namely the named service script. .Pp Please report them to .Lk https://roy.marples.name/projects/openresolv @ 1.21 log @Sync with openresolv-3.12.0 @ text @d1 1 a1 1 .\" Copyright (c) 2009-2020 Roy Marples d25 1 a25 1 .Dd October 1, 2020 d137 1 a137 1 and this configuaration: d213 6 d231 1 a231 1 To disable a subscriber, simply set it's name to NO. d331 3 d397 1 a397 1 .Lk http://roy.marples.name/projects/openresolv @ 1.20 log @Sync @ text @d25 1 a25 1 .Dd September 8, 2019 d223 1 a223 1 in the subscribers main configuration file. @ 1.19 log @Sync @ text @d1 1 a1 1 .\" Copyright (c) 2009-2016 Roy Marples d64 4 d78 1 a78 1 tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]* d219 1 a219 1 .Xr pdns_recursor 8 , @ 1.18 log @Fix spelling of exclusive. @ text @d25 1 a25 1 .Dd December 29, 2016 d67 3 a69 1 .D1 lo lo[0-9]* d73 3 a75 1 .D1 tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]* d83 3 a85 1 .D1 127.* 0.0.0.0 255.255.255.255 ::1 d127 6 a132 4 .D1 domain foo.org .D1 search foo.org dead.beef .D1 nameserver 1.2.3.4 .D1 nameserver 2.3.4.5 d134 5 a138 1 .D1 replace="search/foo*/bar.com nameserver/1.2.3.4/5.6.7.8 nameserver/2.3.4.5/" d140 5 a144 3 .D1 domain foo.org .D1 search bar.com .D1 nameserver 5.6.7.8 d155 5 a159 3 .D1 domain foo.org .D1 search bar.com dead.beef .D1 nameserver 5.6.7.8 d214 2 a215 1 .Xr pdnsd 8 d223 3 a225 1 .D1 libc=NO d233 5 a237 3 .D1 name_servers=127.0.0.1 .D1 dnsmasq_conf=/etc/dnsmasq-conf.conf .D1 dnsmasq_resolv=/etc/dnsmasq-resolv.conf d240 8 a247 6 .D1 listen-address=127.0.0.1 .D1 # If dnsmasq is compiled for DBus then we can take .D1 # advantage of not having to restart dnsmasq. .D1 enable-dbus .D1 conf-file=/etc/dnsmasq-conf.conf .D1 resolv-file=/etc/dnsmasq-resolv.conf d256 5 a260 3 .D1 name_servers=127.0.0.1 .D1 named_options=/etc/named-options.conf .D1 named_zones=/etc/named-zones.conf d263 8 a270 5 .D1 options { .D1 listen-on { 127.0.0.1; }; .D1 include "/etc/named-options.conf"; .D1 }; .D1 include "/etc/named-zones.conf"; d284 5 a288 3 .D1 name_servers=127.0.0.1 .D1 pdnsd_conf=/etc/pdnsd.conf .D1 # pdnsd_resolv=/etc/pdnsd-resolv.conf d291 26 a316 10 .D1 global { .D1 server_ip = 127.0.0.1; .D1 status_ctl = on; .D1 } .D1 server { .D1 # A server definition is required, even if emtpy. .D1 label="empty"; .D1 proxy_only=on; .D1 # file="/etc/pdnsd-resolv.conf"; .D1 } d323 4 a326 2 .D1 name_servers=127.0.0.1 .D1 unbound_conf=/etc/unbound-resolvconf.conf d329 3 a331 1 .D1 include: /etc/unbound-resolvconf.conf a344 1 .Pp d362 4 @ 1.18.12.1 log @Mostly merge changes from HEAD upto 20200411 @ text @d1 1 a1 1 .\" Copyright (c) 2009-2020 Roy Marples d25 1 a25 1 .Dd September 8, 2019 a63 4 .It Sy allow_interfaces If set, only these interfaces will be processed. .It Sy deny_interfaces If set, these interfaces will not be processed. d67 1 a67 3 .Bd -compact -literal -offset indent lo lo[0-9]* .Ed d71 1 a71 3 .Bd -compact -literal -offset indent tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]* .Ed d79 1 a79 3 .Bd -compact -literal -offset indent 127.* 0.0.0.0 255.255.255.255 ::1 .Ed d121 4 a124 6 .Bd -compact -literal -offset indent domain foo.org search foo.org dead.beef nameserver 1.2.3.4 nameserver 2.3.4.5 .Ed d126 1 a126 5 .Bd -compact -literal -offset indent replace="search/foo*/bar.com" replace="$replace nameserver/1.2.3.4/5.6.7.8" replace="$replace nameserver/2.3.4.5/" .Ed d128 3 a130 5 .Bd -compact -literal -offset indent domain foo.org search bar.com nameserver 5.6.7.8 .Ed d141 3 a143 5 .Bd -compact -literal -offset indent domain foo.org search bar.com dead.beef nameserver 5.6.7.8 .Ed d198 1 a198 2 .Xr pdnsd 8 , .Xr pdns_recursor 1 , d206 1 a206 3 .Bd -compact -literal -offset indent libc=NO .Ed d214 3 a216 5 .Bd -compact -literal -offset indent name_servers=127.0.0.1 dnsmasq_conf=/etc/dnsmasq-conf.conf dnsmasq_resolv=/etc/dnsmasq-resolv.conf .Ed d219 6 a224 8 .Bd -compact -literal -offset indent listen-address=127.0.0.1 # If dnsmasq is compiled for DBus then we can take # advantage of not having to restart dnsmasq. enable-dbus conf-file=/etc/dnsmasq-conf.conf resolv-file=/etc/dnsmasq-resolv.conf .Ed d233 3 a235 5 .Bd -compact -literal -offset indent name_servers=127.0.0.1 named_options=/etc/named-options.conf named_zones=/etc/named-zones.conf .Ed d238 5 a242 8 .Bd -compact -literal -offset indent options { listen-on { 127.0.0.1; }; include "/etc/named-options.conf"; }; include "/etc/named-zones.conf"; .Ed d256 3 a258 5 .Bd -compact -literal -offset indent name_servers=127.0.0.1 pdnsd_conf=/etc/pdnsd.conf # pdnsd_resolv=/etc/pdnsd-resolv.conf .Ed d261 10 a270 26 .Bd -compact -literal -offset indent global { server_ip = 127.0.0.1; status_ctl = on; } server { # A server definition is required, even if empty. label="empty"; proxy_only=on; # file="/etc/pdnsd-resolv.conf"; } .Ed .It Sy pdns_zones This file tells pdns_recursor about specific and global name servers. .Pp Example resolvconf.conf for pdns_recursor: .Bd -compact -literal -offset indent name_servers=127.0.0.1 pdns_zones=/etc/pdns/recursor-zones.conf .Ed .Pp Example recursor.conf: .Bd -compact -literal -offset indent allow-from=127.0.0.0/8, ::1/128 forward-zones-file=/etc/pdns/recursor-zones.conf .Ed d277 2 a278 4 .Bd -compact -literal -offset indent name_servers=127.0.0.1 unbound_conf=/etc/unbound-resolvconf.conf .Ed d281 1 a281 3 .Bd -compact -literal -offset indent include: /etc/unbound-resolvconf.conf .Ed d295 1 a312 4 .It Sy pdns_service Command to restart the pdns_recursor service. .It Sy pdns_restart Command to restart the pdns_recursor service. @ 1.17 log @Sync @ text @d73 1 a73 1 Ignore any exlcusive marking for these interfaces. @ 1.17.2.1 log @Sync with HEAD @ text @d73 1 a73 1 Ignore any exclusive marking for these interfaces. @ 1.16 log @Sort SEE ALSO. New sentence, new line. @ text @d25 1 a25 1 .Dd February 23, 2016 d72 5 d110 5 @ 1.16.2.1 log @Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.) @ text @d25 1 a25 1 .Dd December 29, 2016 a71 5 .It Sy inclusive_interfaces Ignore any exlcusive marking for these interfaces. This is handy when 3rd party integrations force the .Nm resolvconf -x option and you want to disable it easily. a104 5 .It Sy public_interfaces Force these interface to be public, overriding the private marking. This is handy when 3rd party integrations force the .Nm resolvconf -p option and you want to disable it easily. @ 1.16.2.2 log @Sync with HEAD @ text @d73 1 a73 1 Ignore any exclusive marking for these interfaces. @ 1.15 log @Sync @ text @d106 2 a107 1 Is a space separated list of replacement keywords. The syntax is this: d311 1 a313 2 and .Xr sh 1 . @ 1.14 log @Sync @ text @d25 1 a25 1 .Dd February 21, 2016 d287 1 a287 1 Location of the dnsmasq service. d293 1 a293 1 Location of the libc service. d297 1 a297 1 Location of the named service. d303 1 a303 1 Location of the unbound service. @ 1.13 log @Sync @ text @d1 1 a1 1 .\" Copyright (c) 2009-2015 Roy Marples d25 1 a25 1 .Dd May 14, 2015 d45 1 a45 1 If the values contain white space for special shell characters, d47 3 @ 1.12 log @Sync @ text @d25 1 a25 1 .Dd March 20, 2015 d94 5 d157 1 a157 1 is unset unless overriden and only the information set in d279 1 a279 1 To accomodate this, the subscribers have these files in configurable @ 1.11 log @Sync @ text @d1 1 a1 1 .\" Copyright (c) 2009-2014 Roy Marples d25 2 a26 2 .Dd October 28, 2014 .Dt RESOLVCONF.CONF 5 SMM d52 1 a52 1 When a dynmically generated list is appended or prepended to, the whole @ 1.10 log @Sync @ text @d25 1 a25 1 .Dd October 20, 2014 d51 3 d97 28 d166 8 @ 1.9 log @Use Mt for email addresses. @ text @d1 1 a1 1 .\" Copyright (c) 2009-2013 Roy Marples d25 1 a25 1 .Dd April 27, 2013 d45 2 d53 5 d66 3 d117 8 d145 4 d215 2 d263 2 a264 1 .Xr resolv.conf 5 d266 1 a266 1 .Xr resolvconf 8 . @ 1.9.4.1 log @Pull up the import of version 3.6.1 of openresolv, via patch, requested by roy in ticket #208. @ text @d1 1 a1 1 .\" Copyright (c) 2009-2014 Roy Marples d25 1 a25 1 .Dd October 28, 2014 a44 2 If the values contain white space for special shell characters, ensure they are quoted and escaped correctly. a48 3 .Pp When a dynmically generated list is appended or prepended to, the whole is made unique where left-most wins. a50 5 .It Sy resolvconf Set to NO to disable .Nm resolvconf from running any subscribers. Defaults to YES. a58 3 .It Sy local_nameservers If unset, defaults to the following:- .D1 127.* 0.0.0.0 255.255.255.255 ::1 a83 28 .It Sy replace Is a space separated list of replacement keywords. The syntax is this: .Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement .Pp Example, given this resolv.conf: .D1 domain foo.org .D1 search foo.org dead.beef .D1 nameserver 1.2.3.4 .D1 nameserver 2.3.4.5 and this configuaration: .D1 replace="search/foo*/bar.com nameserver/1.2.3.4/5.6.7.8 nameserver/2.3.4.5/" you would get this resolv.conf instead: .D1 domain foo.org .D1 search bar.com .D1 nameserver 5.6.7.8 .It Sy replace_sub Works the same way as .Sy replace except it works on each space separated value rather than the whole line, so it's useful for the replacing a single domain within the search directive. Using the same example resolv.conf and changing .Sy replace to .Sy replace_sub , you would get this resolv.conf instead: .D1 domain foo.org .D1 search bar.com dead.beef .D1 nameserver 5.6.7.8 a106 8 When set to /dev/null or NULL, .Sy resolv_conf_local_only is defaulted to NO, .Sy local_nameservers is unset unless overriden and only the information set in .Nm is written to .Sy resolv_conf . a116 8 .It Sy append_nameservers Append name servers to the dynamically generated list. .It Sy prepend_nameservers Prepend name servers to the dynamically generated list. .It Sy append_search Append search domains to the dynamically generated list. .It Sy prepend_search Prepend search domains to the dynamically generated list. a126 4 .Pp To disable a subscriber, simply set it's name to NO. For example, to disable the libc subscriber you would set: .D1 libc=NO a192 2 .It Sy unbound_insecure When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC. d239 1 a239 2 .Xr resolv.conf 5 , .Xr resolvconf 8 d241 1 a241 1 .Xr sh 1 . @ 1.8 log @Sync @ text @d243 1 a243 1 .An Roy Marples Aq roy@@marples.name @ 1.8.2.1 log @sync with HEAD @ text @d243 1 a243 1 .An Roy Marples Aq Mt roy@@marples.name @ 1.7 log @Add missing .El. @ text @d1 1 a1 1 .\" Copyright (c) 2009-2012 Roy Marples d25 1 a25 1 .Dd October 2, 2012 d111 1 a111 1 If a local nameserver is configured then the default is just to specify that d113 4 a116 3 nameserver. Set this to YES to list them instead, if you need working DNS and the local nameserver stops functioning at the expense of duplicated server queries. d129 1 a129 1 This file tells dnsmasq which nameservers to use for specific domains. d131 1 a131 1 This file tells dnsmasq which nameservers to use for global lookups. d134 1 a134 1 .D1 nameservers=127.0.0.1 d140 3 d147 1 a147 1 This file tells named which nameservers to use for global lookups. d150 1 a150 1 This file tells named which nameservers to use for specific domains. d153 1 a153 1 .D1 nameservers=127.0.0.1 d171 1 a171 1 This file tells pdnsd about global nameservers. d176 1 a176 1 .D1 nameservers=127.0.0.1 d192 1 a192 1 This file tells unbound about specific and global nameservers. d195 1 a195 1 .D1 nameservers=127.0.0.1 a214 2 .It Sy dbus_pid Locaiton of the dbus pidfile. d246 1 a246 1 differently, namely the named service script and the dbus pidfile location. @ 1.6 log @Sync @ text @d235 1 @ 1.5 log @Sync @ text @d25 1 a25 1 .Dd March 19, 2012 d197 38 d242 3 @ 1.5.2.1 log @resync with head @ text @d25 1 a25 1 .Dd October 2, 2012 a196 38 .Sh SUBSCRIBER INTEGRATION Not all distributions store the files the subscribers need in the same locations. For example, named service scripts have been called named, bind and rc.bind and they could be located in a directory called /etc/rc.d, /etc/init.d or similar. Each subscriber attempts to automatically configure itself, but not every distribution has been catered for. Also, users could equally want to use a different version from the one installed by default, such as bind8 and bind9. To accomodate this, the subscribers have these files in configurable variables, documented below. .Pp .Bl -tag -width indent .It Sy dbus_pid Locaiton of the dbus pidfile. .It Sy dnsmasq_service Location of the dnsmasq service. .It Sy dnsmasq_restart Command to restart the dnsmasq service. .It Sy dnsmasq_pid Location of the dnsmasq pidfile. .It Sy libc_service Location of the libc service. .It Sy libc_restart Command to restart the libc service. .It Sy named_service Location of the named service. .It Sy named_restart Command to restart the named service. .It Sy pdnsd_restart Command to restart the pdnsd service. .It Sy unbound_service Location of the unbound service. .It Sy unbound_restart Command to restart the unbound service. .It Sy unbound_pid Location of the unbound pidfile. a203 3 Each distribution is a special snowflake and likes to name the same thing differently, namely the named service script and the dbus pidfile location. .Pp @ 1.5.2.2 log @resync from head @ text @d1 1 a1 1 .\" Copyright (c) 2009-2013 Roy Marples d25 1 a25 1 .Dd April 27, 2013 d111 1 a111 1 If a local name server is configured then the default is just to specify that d113 3 a115 4 name server. Set this to NO to also list non-local nameservers. This will give you working DNS even if the local nameserver stops functioning at the expense of duplicated server queries. d128 1 a128 1 This file tells dnsmasq which name servers to use for specific domains. d130 1 a130 1 This file tells dnsmasq which name servers to use for global lookups. d133 1 a133 1 .D1 name_servers=127.0.0.1 a138 3 .D1 # If dnsmasq is compiled for DBus then we can take .D1 # advantage of not having to restart dnsmasq. .D1 enable-dbus d143 1 a143 1 This file tells named which name servers to use for global lookups. d146 1 a146 1 This file tells named which name servers to use for specific domains. d149 1 a149 1 .D1 name_servers=127.0.0.1 d167 1 a167 1 This file tells pdnsd about global name servers. d172 1 a172 1 .D1 name_servers=127.0.0.1 d188 1 a188 1 This file tells unbound about specific and global name servers. d191 1 a191 1 .D1 name_servers=127.0.0.1 d211 2 a234 1 .El d243 1 a243 1 differently, namely the named service script. @ 1.5.2.3 log @Rebase to HEAD as of a few days ago. @ text @d243 1 a243 1 .An Roy Marples Aq Mt roy@@marples.name @ 1.4 log @sync @ text @d1 1 a1 1 .\" Copyright (c) 2009-2011 Roy Marples d25 1 a25 1 .Dd August 11, 2011 d63 4 d73 4 d110 6 d204 2 a205 1 Please report them to http://roy.marples.name/projects/openresolv @ 1.3 log @Sync @ text @d25 1 a25 1 .Dd April 21, 2011 d99 3 @ 1.3.2.1 log @sync with head @ text @d1 1 a1 1 .\" Copyright (c) 2009-2012 Roy Marples d25 1 a25 1 .Dd March 19, 2012 a62 4 .It Sy domain_blacklist A list of domains to be removed from consideration. To remove a domain, you can use foo.* To remove a sub domain, you can use *.bar a68 4 .It Sy name_server_blacklist A list of name servers to be removed from consideration. The default is 0.0.0.0 as some faulty routers send it via DHCP. To remove a block, you can use 192.168.* a98 9 .It Sy resolv_conf_sortlist A libc resolver sortlist, as specified in .Xr resolv.conf 5 . .It Sy resolv_conf_local_only If a local nameserver is configured then the default is just to specify that and ignore all other entries as they will be configured for the local nameserver. Set this to YES to list them instead, if you need working DNS and the local nameserver stops functioning at the expense of duplicated server queries. d187 1 a187 2 Please report them to .Lk http://roy.marples.name/projects/openresolv @ 1.3.2.2 log @sync with (a bit old) head @ text @d25 1 a25 1 .Dd October 2, 2012 a196 38 .Sh SUBSCRIBER INTEGRATION Not all distributions store the files the subscribers need in the same locations. For example, named service scripts have been called named, bind and rc.bind and they could be located in a directory called /etc/rc.d, /etc/init.d or similar. Each subscriber attempts to automatically configure itself, but not every distribution has been catered for. Also, users could equally want to use a different version from the one installed by default, such as bind8 and bind9. To accomodate this, the subscribers have these files in configurable variables, documented below. .Pp .Bl -tag -width indent .It Sy dbus_pid Locaiton of the dbus pidfile. .It Sy dnsmasq_service Location of the dnsmasq service. .It Sy dnsmasq_restart Command to restart the dnsmasq service. .It Sy dnsmasq_pid Location of the dnsmasq pidfile. .It Sy libc_service Location of the libc service. .It Sy libc_restart Command to restart the libc service. .It Sy named_service Location of the named service. .It Sy named_restart Command to restart the named service. .It Sy pdnsd_restart Command to restart the pdnsd service. .It Sy unbound_service Location of the unbound service. .It Sy unbound_restart Command to restart the unbound service. .It Sy unbound_pid Location of the unbound pidfile. a203 3 Each distribution is a special snowflake and likes to name the same thing differently, namely the named service script and the dbus pidfile location. .Pp @ 1.3.2.3 log @sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments") @ text @d1 1 a1 1 .\" Copyright (c) 2009-2013 Roy Marples d25 1 a25 1 .Dd April 27, 2013 d111 1 a111 1 If a local name server is configured then the default is just to specify that d113 3 a115 4 name server. Set this to NO to also list non-local nameservers. This will give you working DNS even if the local nameserver stops functioning at the expense of duplicated server queries. d128 1 a128 1 This file tells dnsmasq which name servers to use for specific domains. d130 1 a130 1 This file tells dnsmasq which name servers to use for global lookups. d133 1 a133 1 .D1 name_servers=127.0.0.1 a138 3 .D1 # If dnsmasq is compiled for DBus then we can take .D1 # advantage of not having to restart dnsmasq. .D1 enable-dbus d143 1 a143 1 This file tells named which name servers to use for global lookups. d146 1 a146 1 This file tells named which name servers to use for specific domains. d149 1 a149 1 .D1 name_servers=127.0.0.1 d167 1 a167 1 This file tells pdnsd about global name servers. d172 1 a172 1 .D1 name_servers=127.0.0.1 d188 1 a188 1 This file tells unbound about specific and global name servers. d191 1 a191 1 .D1 name_servers=127.0.0.1 d211 2 a234 1 .El d240 1 a240 1 .An Roy Marples Aq Mt roy@@marples.name d243 1 a243 1 differently, namely the named service script. @ 1.2 log @Do not abuse .Ta, but use a real tabulator. @ text @d1 1 a1 1 .\" Copyright (c) 2009 Roy Marples d25 1 a25 1 .Dd November 20, 2009 d46 1 a46 1 After updaing this file, you may wish to run d59 10 a94 6 .It Sy search_domains Prepend search domains to the dynamically generated list. .It Sy name_servers Prepend name servers to the dynamically generated list. You should set this to 127.0.0.1 if you use a local name server other than libc. d103 2 a104 1 .Xr named 8 d142 28 @ 1.2.4.1 log @Catchup with rmind-uvmplock merge. @ text @d1 1 a1 1 .\" Copyright (c) 2009-2011 Roy Marples d25 1 a25 1 .Dd April 21, 2011 d46 1 a46 1 After updating this file, you may wish to run a58 10 .It Sy search_domains Prepend search domains to the dynamically generated list. .It Sy search_domains_append Append search domains to the dynamically generated list. .It Sy name_servers Prepend name servers to the dynamically generated list. You should set this to 127.0.0.1 if you use a local name server other than libc. .It Sy name_servers_append Append name servers to the dynamically generated list. d85 6 d99 1 a99 2 .Xr named 8 , .Xr pdnsd 8 a136 28 .It Sy pdnsd_conf This is the main pdnsd configuration file which we modify to add our forward domains to. If this variable is not set then we rely on the pdnsd configuration file setup to read .Pa pdnsd_resolv as documented below. .It Sy pdnsd_resolv This file tells pdnsd about global nameservers. If this variable is not set then it's written to .Pa pdnsd_conf . .Pp Example resolvconf.conf for pdnsd: .D1 nameservers=127.0.0.1 .D1 pdnsd_conf=/etc/pdnsd.conf .D1 # pdnsd_resolv=/etc/pdnsd-resolv.conf .Pp Example pdnsd.conf: .D1 global { .D1 server_ip = 127.0.0.1; .D1 status_ctl = on; .D1 } .D1 server { .D1 # A server definition is required, even if emtpy. .D1 label="empty"; .D1 proxy_only=on; .D1 # file="/etc/pdnsd-resolv.conf"; .D1 } @ 1.1 log @Initial revision @ text @d133 2 a134 2 .D1 Ta listen-on { 127.0.0.1; }; .D1 Ta include "/etc/named-options.conf"; @ 1.1.1.1 log @Import openresolv-3.3.3 OK: core@@, joerg@@ @ text @@ 1.1.1.2 log @Import openresolv-3.4.2 with the following fix: * Use printf(1) correctly @ text @d1 1 a1 1 .\" Copyright (c) 2009-2011 Roy Marples d25 1 a25 1 .Dd April 21, 2011 d46 1 a46 1 After updating this file, you may wish to run a58 10 .It Sy search_domains Prepend search domains to the dynamically generated list. .It Sy search_domains_append Append search domains to the dynamically generated list. .It Sy name_servers Prepend name servers to the dynamically generated list. You should set this to 127.0.0.1 if you use a local name server other than libc. .It Sy name_servers_append Append name servers to the dynamically generated list. d85 6 d99 1 a99 2 .Xr named 8 , .Xr pdnsd 8 d133 2 a134 2 .D1 listen-on { 127.0.0.1; }; .D1 include "/etc/named-options.conf"; a136 28 .It Sy pdnsd_conf This is the main pdnsd configuration file which we modify to add our forward domains to. If this variable is not set then we rely on the pdnsd configuration file setup to read .Pa pdnsd_resolv as documented below. .It Sy pdnsd_resolv This file tells pdnsd about global nameservers. If this variable is not set then it's written to .Pa pdnsd_conf . .Pp Example resolvconf.conf for pdnsd: .D1 nameservers=127.0.0.1 .D1 pdnsd_conf=/etc/pdnsd.conf .D1 # pdnsd_resolv=/etc/pdnsd-resolv.conf .Pp Example pdnsd.conf: .D1 global { .D1 server_ip = 127.0.0.1; .D1 status_ctl = on; .D1 } .D1 server { .D1 # A server definition is required, even if emtpy. .D1 label="empty"; .D1 proxy_only=on; .D1 # file="/etc/pdnsd-resolv.conf"; .D1 } @ 1.1.1.3 log @Import openresolv-3.4.5 with the following changes since the last version: * More printf portabitiy fixes. * Use read -r to avoid backslash problems. * If we have a valid domain, put that in resolv.conf as well as search. This does not fix a technical problem, just stops me getting bug reports. * Update metric and privacy even if resolv.conf didn't change. * sortlist is now supported. * Ensure subscriber config directories exist before writing the configs * Don't create pdnsd.conf if it doesn't exist or is not writeable. @ text @d25 1 a25 1 .Dd August 11, 2011 a98 3 .It Sy resolv_conf_sortlist A libc resolver sortlist, as specified in .Xr resolv.conf 5 . @ 1.1.1.4 log @Import openresolv-3.5.0 with the following changes: * Added resolv_conf_local_only which defaults to true. This means that if you configure a local nameserver we don't add any other nameservers to resolv.conf to avoid duplicate queries. * Add domain_blacklist and name_server_blacklist variables. We default name_server_blacklist to 0.0.0.0 to handle some faulty routers. * Add .Lk macro to URLs. * Fix IPv6 parsing on domains which include an IPv4 server for dnsmasq. @ text @d1 1 a1 1 .\" Copyright (c) 2009-2012 Roy Marples d25 1 a25 1 .Dd March 19, 2012 a62 4 .It Sy domain_blacklist A list of domains to be removed from consideration. To remove a domain, you can use foo.* To remove a sub domain, you can use *.bar a68 4 .It Sy name_server_blacklist A list of name servers to be removed from consideration. The default is 0.0.0.0 as some faulty routers send it via DHCP. To remove a block, you can use 192.168.* a101 6 .It Sy resolv_conf_local_only If a local nameserver is configured then the default is just to specify that and ignore all other entries as they will be configured for the local nameserver. Set this to YES to list them instead, if you need working DNS and the local nameserver stops functioning at the expense of duplicated server queries. d190 1 a190 2 Please report them to .Lk http://roy.marples.name/projects/openresolv @ 1.1.1.5 log @Import openresolv-3.5.3 with the following changes: * man page improvements * dnsmasq + dbus + IPv6 linklocal support (requires dnsmasq-2.64) * sort interface protocols as well as interface (bge0, bge0:ra, bge0:dhcp6) @ text @d25 1 a25 1 .Dd October 2, 2012 a196 38 .Sh SUBSCRIBER INTEGRATION Not all distributions store the files the subscribers need in the same locations. For example, named service scripts have been called named, bind and rc.bind and they could be located in a directory called /etc/rc.d, /etc/init.d or similar. Each subscriber attempts to automatically configure itself, but not every distribution has been catered for. Also, users could equally want to use a different version from the one installed by default, such as bind8 and bind9. To accomodate this, the subscribers have these files in configurable variables, documented below. .Pp .Bl -tag -width indent .It Sy dbus_pid Locaiton of the dbus pidfile. .It Sy dnsmasq_service Location of the dnsmasq service. .It Sy dnsmasq_restart Command to restart the dnsmasq service. .It Sy dnsmasq_pid Location of the dnsmasq pidfile. .It Sy libc_service Location of the libc service. .It Sy libc_restart Command to restart the libc service. .It Sy named_service Location of the named service. .It Sy named_restart Command to restart the named service. .It Sy pdnsd_restart Command to restart the pdnsd service. .It Sy unbound_service Location of the unbound service. .It Sy unbound_restart Command to restart the unbound service. .It Sy unbound_pid Location of the unbound pidfile. a203 3 Each distribution is a special snowflake and likes to name the same thing differently, namely the named service script and the dbus pidfile location. .Pp @ 1.1.1.6 log @Import openresolv-3.5.5 with the following changes from 3.5.3 * Fix setting IPv6 namservers over DBus to dnsmasq * Fix pdnsd config file generation * Man page fixes @ text @d1 1 a1 1 .\" Copyright (c) 2009-2013 Roy Marples d25 1 a25 1 .Dd April 27, 2013 d111 1 a111 1 If a local name server is configured then the default is just to specify that d113 3 a115 4 name server. Set this to NO to also list non-local nameservers. This will give you working DNS even if the local nameserver stops functioning at the expense of duplicated server queries. d128 1 a128 1 This file tells dnsmasq which name servers to use for specific domains. d130 1 a130 1 This file tells dnsmasq which name servers to use for global lookups. d133 1 a133 1 .D1 name_servers=127.0.0.1 a138 3 .D1 # If dnsmasq is compiled for DBus then we can take .D1 # advantage of not having to restart dnsmasq. .D1 enable-dbus d143 1 a143 1 This file tells named which name servers to use for global lookups. d146 1 a146 1 This file tells named which name servers to use for specific domains. d149 1 a149 1 .D1 name_servers=127.0.0.1 d167 1 a167 1 This file tells pdnsd about global name servers. d172 1 a172 1 .D1 name_servers=127.0.0.1 d188 1 a188 1 This file tells unbound about specific and global name servers. d191 1 a191 1 .D1 name_servers=127.0.0.1 d211 2 d243 1 a243 1 differently, namely the named service script. @ 1.1.1.7 log @Import openresolv-3.6.0 with the following changes: * dnsmasq subscriber no longer moans if it hasn't written a pidfile * Ensure that name_server_blacklist works for more than one option. Thanks to Frederic Barthelery. * unbound_insecure can disable DNSSEC for all domains processed. * local_nameservers now defaults to 127.* 0.0.0.0 255.255.255.255 ::1 and is used instead of a hard coded list. * Allow the disabling of resolvconf or optionally an individual subscriber. * Don't wait around trying to create a lock if we don't have permission. * resolv_conf_passthrough=NULL will update resolv.conf to match only what is configured in resolvconf.conf and ignore any interface configuration. @ text @d1 1 a1 1 .\" Copyright (c) 2009-2014 Roy Marples d25 1 a25 1 .Dd October 20, 2014 a44 2 If the values contain white space for special shell characters, ensure they are quoted and escaped correctly. a50 5 .It Sy resolvconf Set to NO to disable .Nm resolvconf from running any subscribers. Defaults to YES. a58 3 .It Sy local_nameservers If unset, defaults to the following:- .D1 127.* 0.0.0.0 255.255.255.255 ::1 a106 8 When set to /dev/null or NULL, .Sy resolv_conf_local_only is defaulted to NO, .Sy local_nameservers is unset unless overriden and only the information set in .Nm is written to .Sy resolv_conf . a126 4 .Pp To disable a subscriber, simply set it's name to NO. For example, to disable the libc subscriber you would set: .D1 libc=NO a192 2 .It Sy unbound_insecure When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC. a236 1 .El d238 1 a238 2 .Xr resolv.conf 5 , .Xr resolvconf 8 d240 1 a240 1 .Xr sh 1 . d242 1 a242 1 .An Roy Marples Aq Mt roy@@marples.name @ 1.1.1.8 log @Import openresolv-3.6.1 with the following changes: * Don't update when nothing has been deleted * Backup resolv.conf to resolv.conf.bak when it doesn't have an openresolv signature Restore it when the new resolv.conf only has the openresolv signature * Document prepend_search and prepend_nameservers * Implement append_search and append_nameservers * Implement replace and replace_sub to allow for keyword/value/replacement @ text @d25 1 a25 1 .Dd October 28, 2014 a50 3 .Pp When a dynmically generated list is appended or prepended to, the whole is made unique where left-most wins. a93 28 .It Sy replace Is a space separated list of replacement keywords. The syntax is this: .Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement .Pp Example, given this resolv.conf: .D1 domain foo.org .D1 search foo.org dead.beef .D1 nameserver 1.2.3.4 .D1 nameserver 2.3.4.5 and this configuaration: .D1 replace="search/foo*/bar.com nameserver/1.2.3.4/5.6.7.8 nameserver/2.3.4.5/" you would get this resolv.conf instead: .D1 domain foo.org .D1 search bar.com .D1 nameserver 5.6.7.8 .It Sy replace_sub Works the same way as .Sy replace except it works on each space separated value rather than the whole line, so it's useful for the replacing a single domain within the search directive. Using the same example resolv.conf and changing .Sy replace to .Sy replace_sub , you would get this resolv.conf instead: .D1 domain foo.org .D1 search bar.com dead.beef .D1 nameserver 5.6.7.8 a134 8 .It Sy append_nameservers Append name servers to the dynamically generated list. .It Sy prepend_nameservers Prepend name servers to the dynamically generated list. .It Sy append_search Append search domains to the dynamically generated list. .It Sy prepend_search Prepend search domains to the dynamically generated list. @ 1.1.1.9 log @Import openresolv-3.7.0 with the following change: * -x marks the resolv.conf as exclusive. Only the latest resolv.conf will be processed, if none then as normal. @ text @d1 1 a1 1 .\" Copyright (c) 2009-2015 Roy Marples d25 2 a26 2 .Dd March 20, 2015 .Dt RESOLVCONF.CONF 5 d52 1 a52 1 When a dynamically generated list is appended or prepended to, the whole @ 1.1.1.10 log @Import openresolv-3.7.1 with the following changes: * Typo's, thanks to Herbert Parentes Fortes Neto * Clarify that private_interfaces="*" will not forward the root zone * ensure that domain-insecure always appears in a server clause for the unbound subscriber @ text @d25 1 a25 1 .Dd May 14, 2015 a93 5 Setting .Sy private_interfaces Ns ="*" will stop the forwarding of the root zone and allows the local resolver to recursively query the root servers directly. Requires a local nameserver other than libc. d152 1 a152 1 is unset unless overridden and only the information set in d274 1 a274 1 To accommodate this, the subscribers have these files in configurable @ 1.1.1.11 log @Import openresolv-3.7.3 with the following changes: * Save the initial working directory and change to it just before running any scripts. This avoids scripts putting files accidently where they shouldn't. * Strip trailing dot from search and domain names. * man page improvements. @ text @d1 1 a1 1 .\" Copyright (c) 2009-2016 Roy Marples d25 1 a25 1 .Dd February 21, 2016 d45 1 a45 1 If the values contain whitespace, wildcards or other special shell characters, a46 3 See the .Sy replace variable for an example on quoting. @ 1.1.1.12 log @Import openresolv-3.8.0 with the following changes: * init system detection moved from configure into resolvconf. * Fixed multiple domains not bein separated correctly. @ text @d25 1 a25 1 .Dd February 23, 2016 d287 1 a287 1 Name of the dnsmasq service. d293 1 a293 1 Name of the libc service. d297 1 a297 1 Name of the named service. d303 1 a303 1 Name of the unbound service. @ 1.1.1.13 log @Import openresolv-3.9.0 with the following changes: * Added --version option * Fix pdns_recursor restart command * Append a newline when restoring resolv.conf * public_interfaces overrides private interface markings * Fix runit support * inclusive_interfaces overrides exclusive interface markings @ text @d25 1 a25 1 .Dd December 29, 2016 a71 5 .It Sy inclusive_interfaces Ignore any exlcusive marking for these interfaces. This is handy when 3rd party integrations force the .Nm resolvconf -x option and you want to disable it easily. a104 5 .It Sy public_interfaces Force these interface to be public, overriding the private marking. This is handy when 3rd party integrations force the .Nm resolvconf -p option and you want to disable it easily. d106 1 a106 2 Is a space separated list of replacement keywords. The syntax is this: a309 1 .Xr sh 1 , d312 2 @ 1.1.1.14 log @Import openresolv-3.9.1 with the following changes: * More strict POSIX shell support * Interfaces have an implicit metric of 0 unless specified * Inline comments are stripped from nameserver and domain entries @ text @d73 1 a73 1 Ignore any exclusive marking for these interfaces. @ 1.1.1.15 log @Import openresolv-3.9.2 with the following changes: * dnsmasq: clear cache after updating servers via dbus * pdns_recursor: Fix global forwards (thus now installed by default) * man: layout and misc fixes @ text @d25 1 a25 1 .Dd September 8, 2019 d67 1 a67 3 .Bd -compact -literal -offset indent lo lo[0-9]* .Ed d71 1 a71 3 .Bd -compact -literal -offset indent tap[0-9]* tun[0-9]* vpn vpn[0-9]* ppp[0-9]* ippp[0-9]* .Ed d79 1 a79 3 .Bd -compact -literal -offset indent 127.* 0.0.0.0 255.255.255.255 ::1 .Ed d121 4 a124 6 .Bd -compact -literal -offset indent domain foo.org search foo.org dead.beef nameserver 1.2.3.4 nameserver 2.3.4.5 .Ed d126 1 a126 5 .Bd -compact -literal -offset indent replace="search/foo*/bar.com" replace="$replace nameserver/1.2.3.4/5.6.7.8" replace="$replace nameserver/2.3.4.5/" .Ed d128 3 a130 5 .Bd -compact -literal -offset indent domain foo.org search bar.com nameserver 5.6.7.8 .Ed d141 3 a143 5 .Bd -compact -literal -offset indent domain foo.org search bar.com dead.beef nameserver 5.6.7.8 .Ed d198 1 a198 2 .Xr pdnsd 8 , .Xr pdns_recursor 8 , d206 1 a206 3 .Bd -compact -literal -offset indent libc=NO .Ed d214 3 a216 5 .Bd -compact -literal -offset indent name_servers=127.0.0.1 dnsmasq_conf=/etc/dnsmasq-conf.conf dnsmasq_resolv=/etc/dnsmasq-resolv.conf .Ed d219 6 a224 8 .Bd -compact -literal -offset indent listen-address=127.0.0.1 # If dnsmasq is compiled for DBus then we can take # advantage of not having to restart dnsmasq. enable-dbus conf-file=/etc/dnsmasq-conf.conf resolv-file=/etc/dnsmasq-resolv.conf .Ed d233 3 a235 5 .Bd -compact -literal -offset indent name_servers=127.0.0.1 named_options=/etc/named-options.conf named_zones=/etc/named-zones.conf .Ed d238 5 a242 8 .Bd -compact -literal -offset indent options { listen-on { 127.0.0.1; }; include "/etc/named-options.conf"; }; include "/etc/named-zones.conf"; .Ed d256 3 a258 5 .Bd -compact -literal -offset indent name_servers=127.0.0.1 pdnsd_conf=/etc/pdnsd.conf # pdnsd_resolv=/etc/pdnsd-resolv.conf .Ed d261 10 a270 26 .Bd -compact -literal -offset indent global { server_ip = 127.0.0.1; status_ctl = on; } server { # A server definition is required, even if empty. label="empty"; proxy_only=on; # file="/etc/pdnsd-resolv.conf"; } .Ed .It Sy pdns_zones This file tells pdns_recursor about specific and global name servers. .Pp Example resolvconf.conf for pdns_recursor: .Bd -compact -literal -offset indent name_servers=127.0.0.1 pdns_zones=/etc/pdns/recursor-zones.conf .Ed .Pp Example recursor.conf: .Bd -compact -literal -offset indent allow-from=127.0.0.0/8, ::1/128 forward-zones-file=/etc/pdns/recursor-zones.conf .Ed d277 2 a278 4 .Bd -compact -literal -offset indent name_servers=127.0.0.1 unbound_conf=/etc/unbound-resolvconf.conf .Ed d281 1 a281 3 .Bd -compact -literal -offset indent include: /etc/unbound-resolvconf.conf .Ed d295 1 a312 4 .It Sy pdns_service Command to restart the pdns_recursor service. .It Sy pdns_restart Command to restart the pdns_recursor service. @ 1.1.1.16 log @Update to openresolv-3.10.0 with the following change: Add allow_interfaces and deny_interfaces configuration knobs @ text @d1 1 a1 1 .\" Copyright (c) 2009-2020 Roy Marples a63 4 .It Sy allow_interfaces If set, only these interfaces will be processed. .It Sy deny_interfaces If set, these interfaces will not be processed. d74 1 a74 1 tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]* d215 1 a215 1 .Xr pdns_recursor 1 , @ 1.1.1.17 log @Update to openresolv-3.12.0 with the following changes: * Allow configurations to be marked as Deprecated and Acivtated * Harden resolvconf lock detection @ text @d25 1 a25 1 .Dd October 1, 2020 d223 1 a223 1 the subscribers main configuration file. @ 1.1.1.18 log @openresolv: Update to 3.13.2 with the following changes: * Do not return error from -i when no interfaces are configured * unbound can now add generic options to forward zones @ text @d1 1 a1 1 .\" Copyright (c) 2009-2023 Roy Marples d25 1 a25 1 .Dd May 23, 2023 d137 1 a137 1 and this configuration: a212 6 .It Sy resolv_conf_mv Defaults to NO. Defines if .Pa /etc/resolv.conf is updated by writing to a temporary file and then moving it vs writing directly to it. d225 1 a225 1 To disable a subscriber, simply set its name to NO. a324 3 .It Sy unbound_forward_zone_options Options appended to each forward zone. Each option should be separated by an embedded new line. d388 1 a388 1 .Lk https://roy.marples.name/projects/openresolv @