RESOLVCONF(8) | System Manager's Manual | RESOLVCONF(8) |
resolvconf
— a
framework for managing multiple DNS configurations
resolvconf |
-I |
resolvconf |
[-m metric]
[-p ] [-x ]
-a key
<file |
resolvconf |
-C pattern |
resolvconf |
-c pattern |
resolvconf |
[-f ] -d
key |
resolvconf |
[-x ] -iLlp
pattern |
resolvconf |
-u |
resolvconf |
--version |
resolvconf
manages
resolv.conf(5) files from
multiple sources, such as DHCP and VPN clients. Traditionally, the host runs
just one client and that updates /etc/resolv.conf.
More modern systems frequently have wired and wireless interfaces and there
is no guarantee both are on the same network. With the advent of VPN and
other types of networking daemons, many things now contend for the contents
of /etc/resolv.conf.
resolvconf
solves this by letting the
daemon send their
resolv.conf(5) file to
resolvconf
via
stdin(4) with the argument
-a
key instead of the
filesystem. resolvconf
then updates
/etc/resolv.conf as it thinks best. When a local
resolver other than libc is installed, such as
dnsmasq(8) or
named(8), then
resolvconf
will supply files that the resolver
should be configured to include.
At it's heart,
resolvconf
is a key/value store for
resolv.conf files. Each entry must have a unique
key and should be expressed as
interface.protocol
so that it's easy to tell from where the resolv.conf
file came from. This also allows using pattern matching such as
interface.*
to match all protocols running on the interface. For example, a modern
system will likely run DHCP, RA and DHCPv6 which could be from separate
programs or one program running many protocols. However, this is not a fixed
requirement, resolvconf
will work with any key name
and it should be treated as an opaque value outside of
resolvconf
.
resolvconf
assumes it has
a job to do. In some situations resolvconf
needs to
act as a deterrent to writing to /etc/resolv.conf.
Where this file cannot be made immutable or you just need to toggle this
behaviour, resolvconf
can be disabled by adding
resolvconf=NO
to
resolvconf.conf(5).
resolvconf
can mark a
resolv.conf as private and optionally
non-searchable. This means that the name servers listed in that
resolv.conf are only used for queries against the
domain/search listed in the same file and if non-searchable then the
domain/search listed are excluded from the global search list defined in
/etc/resolv.conf. This only works when a local
resolver other than libc is installed. See
resolvconf.conf(5)
for how to configure resolvconf
to use a local name
server and how to remove the private marking.
resolvconf
can mark a
resolv.conf as exclusive. Only the latest exclusive
key is used for processing, otherwise all are.
When a configuration source goes away, such as an interface going
down or a VPN stopping, it should then call
resolvconf
with -d
key arguments to clean up the
resol.conf it added previously. For systems that
support the concept of persisting configuration when the source is
suspended, such as the carrier going down, then it should instead call
resolvconf
with -C
key arguments to deprecate the entry
-c
key to activate the entry
when it comes back again. This only affects the order in which the
resolv.conf entries are processed.
Here are some options for the above commands:-
-f
-m
metric-p
[pattern]-a
command is given, otherwise
resolv.conf entries having their key matching
pattern are listed. If an extra
-p
is given then the
resolv.conf is marked as non-searchable as
well.-x
resolvconf
has some more commands for
general usage:-
-i
[pattern]-L
option is given first, then the keys will be
list post-processed.-L
[pattern]-l
[pattern]-u
resolvconf
to update all its subscribers.
resolvconf
does not update the subscribers when
adding a resolv.conf that matches what it already has for that key.--version
resolvconf
also has some commands designed
to be used by its subscribers and system startup:-
-I
resolvconf
is used to add entries.-R
-r
service-v
-V
-v
except that only the information
configured in
resolvconf.conf(5)
is set.For resolvconf
to work effectively, it has
to process the resolv.conf entries in the correct
order. resolvconf
first processes keys from the
key_order
list, then entries without a metric and that match the
dynamic_order
list, then entries with a metric in order and finally the rest in the
operating systems lexical order. See
resolvconf.conf(5)
for details on these lists.
Here are some suggested protocol tags to use for each resolv.conf
If a subscriber has the executable bit then it is executed otherwise it is assumed to be a shell script and sourced into the current environment in a subshell. This is done so that subscribers can remain fast, but are also not limited to the shell language.
Portable subscribers should not use anything outside of /bin and /sbin because /usr and others may not be available when booting. Also, it would be unwise to assume any shell specific features.
-m
option is not present then we use
IF_METRIC for the metric.resolvconf
.resolvconf
adds, deletes or updates.resolvconf
.Domain labels are assumed to be in ASCII and are converted to lower case to avoid duplicate zones when given differing case from different sources.
When running a local resolver other than libc, you will need to
configure it to include files that resolvconf
will
generate. You should consult
resolvconf.conf(5)
for instructions on how to configure your resolver.
This implementation of resolvconf
is
called openresolv and is fully command line compatible with Debian's
resolvconf, as written by Thomas Hood.
Roy Marples <roy@marples.name>
Please report them to http://roy.marples.name/projects/openresolv
April 30, 2025 | NetBSD 10.99 |