Resolvconf




Resolvconf-type utilities manage the contents of a system's DNS system resolver (provided by libc on Linux systems) configuration file, /etc/resolv.conf, that specifies DNS-resolution ground rules such as the IP addresses of DNS nameservers the system will use for host/domain-name resolution, the default domain name to append to unqualified hostnames, etc. Note that on DHCP-client systems, the resolvconf utility must also contend with changes to /etc/resolv.conf the DHCP client and similar software wants to make (ppp and pppconfig, dhcp3-client, dhcpcd, pump, laptop-net, etc.), serving as an intermediary between the DHCP client software (if any) and sources of DNS information such as recursive nameservers. A resolvconf implementation is thus often called upon to manage information about currently available DNS nameservers


1. Thomas Hood's Resolvconf

Rationale: Several programs modify /etc/resolv.conf as network interfaces are brought up and down. This situation is undesirable not only because it stands in the way of a read-only rootfs but also because it prevents the user from running more than one configurer at a time: the second process would overwrite the first process's changes to resolv.conf. The latter problem could be addressed by making configurers cooperate somehow; but this would not meet another major need: the need to supply resolver information to DNS cache programs such as BIND9, dnsmasq, dnscache, Deadwood, Unbound, and pdns-recursor. Various packages have addressed these issues, but only partially and idiosyncratically. Resolvconf aims to solve the problem simply and completely.

Packages resolvconf consists of a short Bourne shell script (/sbin/resolvconf) with some "hook" scripts (in /etc/resolvconf/update.d/), designed to mediate between programs that supply resolver information (mainly interface configurers) and those that consume resolver information (the libc resolver and DNS caches). The intended /etc/resolv.conf file is constructed and managed by those "hook" scripts, as is the forwarder information used by BIND9, dnsmasq, etc. /etc/resolv.conf is made to be a symlink, linked to /var/run/resolvconf/resolv.conf .

Developer site: https://gitlab.com/jdthood/resolvconf




2. Roy Marples's Openresolv

Openresolv is a BSD-ish second implementation, one that is command-line compatible with Thomas Hood's original implementation. It mediates multiple pieces of software's attempts to control the contents of /etc/resolv.conf, e.g., if you have wired and wireless interfaces to different subnets and run a VPN or two on top of that. Openresolv's resolvconf is a script to store, remove and list a full resolv.conf generated for the interface. It then calls all the helper scripts it knows about, so it can configure the real /etc/resolv.conf and optionally any local nameservers (BIND9, dnsmasq, pdns-recursor, and Unbound).

It is init-agnostic, doesn't require awk, grep, or sed, works without GNU extensions to the shell and userland, and configures zones for local recursive resolvers (the last being particularly important for VPN-using systems).

Developer site: https://roy.marples.name/projects/openresolv




3. Tweaking Your DHCP Client's Operation without Resolvconf

For one extremely common scenario (running a local recursive resolver nameserver daemon, and wanting the system to use it), meeting one very simple requirement can initially seem very frustrating: making sure "nameserver 127.0.0.1" continues to be the first nameserver line in /etc/resolv.conf even though DHCP overwrites /etc/resolv.conf completely every time it gets a new IP lease. Some sysadmins in frustration use the big-hammer approach: "chattr +i /etc/resolv.conf". However, there's a better way:

If using ISC dhclient, place into dhclient.conf in the relevant interface-specific (e.g., en0) stanza, either

  supersede domain-name-servers ip-address [, ip-address... ];

or

  prepend domain-name-servers ip-address [, ip-address... ];

('supersede' means ignore what the DHCPd sends for resolv.conf namserver IPs entirely. 'prepend' means accept them, but put the indicated IPs as a line above any received from the DHCPd, so as to be used in preference if available.)

Or, a different way, create a 'hook' file to signal that updates to /etc/resolv.conf should be ignored: Create 'hook' shell script /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate to contain

#!/bin/sh
make_resolv_conf(){
    :
}

Then, make executable by doing

# chmod +x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate

The above replaces dhclient's make_resolv_conf() function with a NO-OP function.

If using dhcpcd, create a static profile in /etc/dhcpcd.conf as described in the ArchLinux wiki.

If using the "pump" DHCP client, alter the script or accompanying configuration used to run the "pump" utility to include the --no-dns command-line option, which has the effect of preventing pump from overwriting the /etc/resolv.conf file.

For each of the three clients, the provided link furnishes more detail.




4. More information

Debian's wiki has useful details.