pax_global_header00006660000000000000000000000064150107316720014514gustar00rootroot0000000000000052 comment=1e326f7e7f21b7929d9cee23c0f54ffb7c293e27 NetworkConfiguration-openresolv-1db84a0/000077500000000000000000000000001501073167200204745ustar00rootroot00000000000000NetworkConfiguration-openresolv-1db84a0/.gitignore000066400000000000000000000002251501073167200224630ustar00rootroot00000000000000config.mk resolvconf resolvconf.8 resolvconf.conf.5 dnsmasq libc named pdnsd pdns_recursor resolvectl systemd-resolved unbound avahi-daemon mdnsd NetworkConfiguration-openresolv-1db84a0/GNUmakefile000066400000000000000000000002431501073167200225450ustar00rootroot00000000000000# Nasty hack so that make clean works without configure being run CONFIG_MK?=$(shell test -e config.mk && echo config.mk || echo config-null.mk) include Makefile NetworkConfiguration-openresolv-1db84a0/LICENSE000066400000000000000000000024261501073167200215050ustar00rootroot00000000000000Copyright (c) 2007-2020 Roy Marples All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. NetworkConfiguration-openresolv-1db84a0/Makefile000066400000000000000000000075171501073167200221460ustar00rootroot00000000000000PKG= openresolv # Nasty hack so that make clean works without configure being run _CONFIG_MK!= test -e config.mk && echo config.mk || echo config-null.mk CONFIG_MK?= ${_CONFIG_MK} include ${CONFIG_MK} DIST!= if test -d .git; then echo "dist-git"; \ else echo "dist-inst"; fi SBINDIR?= /sbin SYSCONFDIR?= /etc LIBEXECDIR?= /libexec/resolvconf VARDIR?= /var/run/resolvconf ECHO?= echo INSTALL?= install SED?= sed VERSION!= ${SED} -n 's/OPENRESOLV_VERSION="\(.*\)".*/\1/p' resolvconf.in BINMODE?= 0755 DOCMODE?= 0644 MANMODE?= 0444 RESOLVCONF= resolvconf resolvconf.8 resolvconf.conf.5 SUBSCRIBERS= libc dnsmasq named pdnsd pdns_recursor unbound SUBSCRIBERS+= systemd-resolved resolvectl LIBC_SUBSCRIBERS= avahi-daemon mdnsd TARGET= ${RESOLVCONF} ${SUBSCRIBERS} ${LIBC_SUBSCRIBERS} SRCS= ${TARGET:C,$,.in,} # pmake SRCS:= ${TARGET:=.in} # gmake SED_SBINDIR= -e 's:@SBINDIR@:${SBINDIR}:g' SED_SYSCONFDIR= -e 's:@SYSCONFDIR@:${SYSCONFDIR}:g' SED_LIBEXECDIR= -e 's:@LIBEXECDIR@:${LIBEXECDIR}:g' SED_VARDIR= -e 's:@VARDIR@:${VARDIR}:g' SED_RCDIR= -e 's:@RCDIR@:${RCDIR}:g' SED_RESTARTCMD= -e 's:@RESTARTCMD@:${RESTARTCMD}:g' SED_RCDIR= -e 's:@RCDIR@:${RCDIR}:g' SED_STATUSARG= -e 's:@STATUSARG@:${STATUSARG}:g' DISTPREFIX?= ${PKG}-${VERSION} DISTFILE?= ${DISTPREFIX}.tar.xz DISTINFO= ${DISTFILE}.distinfo DISTINFOMD= ${DISTINFO}.md DISTSIGN= ${DISTFILE}.asc SHA256?= sha256 PGP?= gpg2 GITREF?= HEAD .SUFFIXES: .in all: ${TARGET} .in: Makefile ${CONFIG_MK} ${SED} ${SED_SBINDIR} ${SED_SYSCONFDIR} ${SED_LIBEXECDIR} \ ${SED_VARDIR} \ ${SED_RCDIR} ${SED_RESTARTCMD} ${SED_RCDIR} ${SED_STATUSARG} \ $< > $@ clean: rm -f ${TARGET} distclean: clean rm -f config.mk ${DISTFILE} ${DISTINFO} ${DISTINFOMD} ${DISTSIGN} installdirs: proginstall: ${TARGET} ${INSTALL} -d ${DESTDIR}${SBINDIR} ${INSTALL} -m ${BINMODE} resolvconf ${DESTDIR}${SBINDIR} ${INSTALL} -d ${DESTDIR}${SYSCONFDIR} test -e ${DESTDIR}${SYSCONFDIR}/resolvconf.conf || \ ${INSTALL} -m ${DOCMODE} resolvconf.conf ${DESTDIR}${SYSCONFDIR} ${INSTALL} -d ${DESTDIR}${LIBEXECDIR} ${INSTALL} -m ${DOCMODE} ${SUBSCRIBERS} ${DESTDIR}${LIBEXECDIR} ${INSTALL} -d ${DESTDIR}${LIBEXECDIR}/libc.d ${INSTALL} -m ${DOCMODE} ${LIBC_SUBSCRIBERS} \ ${DESTDIR}${LIBEXECDIR}/libc.d maninstall: ${INSTALL} -d ${DESTDIR}${MANDIR}/man8 ${INSTALL} -m ${MANMODE} resolvconf.8 ${DESTDIR}${MANDIR}/man8 ${INSTALL} -d ${DESTDIR}${MANDIR}/man5 ${INSTALL} -m ${MANMODE} resolvconf.conf.5 ${DESTDIR}${MANDIR}/man5 install: proginstall maninstall dist-git: git archive --prefix=${DISTPREFIX}/ ${GITREF} | xz >${DISTFILE} dist-inst: mkdir /tmp/${DISTPREFIX} cp -RPp * /tmp/${DISTPREFIX} (cd /tmp/${DISTPREFIX}; make clean) tar -cvJpf ${DISTFILE} -C /tmp ${DISTPREFIX} rm -rf /tmp/${DISTPREFIX} dist: ${DIST} distinfo: dist rm -f ${DISTINFO} ${DISTSIGN} ${SHA256} ${DISTFILE} >${DISTINFO} wc -c <${DISTFILE} \ | xargs printf 'Size (${DISTFILE}) = %s\n' >>${DISTINFO} ${PGP} --sign --armour --detach ${DISTFILE} chmod 644 ${DISTSIGN} ls -l ${DISTFILE} ${DISTINFO} ${DISTSIGN} ${DISTINFOMD}: ${DISTINFO} echo '```' >${DISTINFOMD} cat ${DISTINFO} >>${DISTINFOMD} echo '```' >>${DISTINFOMD} release: distinfo ${DISTINFOMD} gh release create v${VERSION} \ --title "openresolv ${VERSION}" --draft --generate-notes \ --notes-file ${DISTINFOMD} \ ${DISTFILE} ${DISTSIGN} import: dist rm -rf /tmp/${DISTPREFIX} ${INSTALL} -d /tmp/${DISTPREFIX} tar xvJpf ${DISTFILE} -C /tmp _import-src: rm -rf ${DESTDIR}/* ${INSTALL} -d ${DESTDIR} cp LICENSE README.md ${SRCS} resolvconf.conf ${DESTDIR}; cp resolvconf.8.in resolvconf.conf.5.in ${DESTDIR}; @${ECHO} @${ECHO} "=============================================================" @${ECHO} "openresolv-${VERSION} imported to ${DESTDIR}" import-src: ${MAKE} _import-src DESTDIR=`if [ -n "${DESTDIR}" ]; then echo "${DESTDIR}"; else echo /tmp/${DISTPREFIX}; fi` NetworkConfiguration-openresolv-1db84a0/README.md000066400000000000000000000055301501073167200217560ustar00rootroot00000000000000# openresolv openresolv is a [resolvconf](https://en.wikipedia.org/wiki/Resolvconf) implementation which manages `/etc/resolv.conf`. `/etc/resolv.conf` is a file that holds the configuration for the local resolution of domain names. Normally this file is either static or maintained by a local daemon, normally a DHCP daemon. But what happens if more than one thing wants to control the file? Say you have wired and wireless interfaces to different subnets and run a VPN or two on top of that, how do you say which one controls the file? It's also not as easy as just adding and removing the nameservers each client knows about as different clients could add the same nameservers. Enter resolvconf, the middleman between the network configuration services and `/etc/resolv.conf`. resolvconf itself is just a script that stores, removes and lists a full `resolv.conf` generated for the interface. It then calls all the helper scripts it knows about so it can configure the real `/etc/resolv.conf` and optionally any local nameservers other than libc. ## Reasons for using openresolv Why openresolv over the [Debian implementation](http://qref.sourceforge.net/Debian/reference/ch-gateway.en.html#s-dns-resolvconf)? Here's some reasons: * Works with [POSIX shell and userland](http://www.opengroup.org/onlinepubs/009695399) * Does not need awk, grep or sed which means we can work without `/usr` mounted * Works with other init systems than Debians' out of the box * Available as a 2 clause [BSD license](http://www.freebsd.org/copyright/freebsd-license.html) * Prefer configs via IF_METRIC for dynamic ordering * Configures zones for local resolvers other than libc The last point is quite important, especially when running VPN systems. Take the following resolv.conf files which have been generated by a [DHCP client](https://github.com/NetworkConfiguration/dhcpcd) and sent to resolvconf: ``` # resolv.conf from bge0 search foo.com nameserver 1.2.3.4 # resolv.conf from tap0 domain bar.org nameserver 5.6.7.8 ``` In this instance, queries for foo.com will go to 1.2.3.4 and queries for bar.org will go to 5.6.7.8. This does require the resolvers to be configured to pickup the resolvconf generated configuration for them though. openresolv ships with helpers for: * [unbound](http://www.unbound.net/) * [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) * [ISC BIND](http://www.isc.org/software/bind) * [PowerDNS Recursor](http://wiki.powerdns.com/trac) * [systemd-resolved](https://www.freedesktop.org/software/systemd/man/latest/systemd-resolved.service.html) See the [configuration section](https://roy.marples.name/projects/openresolv/configuration) for more details. If openresolv updates `/etc/resolv.conf` it can notify the following of this: * [Bonjour (mdnsd)](https://developer.apple.com/bonjour/) * [avahi](http://www.avahi.org/) NetworkConfiguration-openresolv-1db84a0/avahi-daemon.in000066400000000000000000000030421501073167200233540ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2007-2023 Roy Marples # All rights reserved # avahi-daemon notifier for resolvconf libc subscriber # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. : ${avahi_daemon_pidfile:=/var/run/avahi-daemon/pid} if [ -s "$avahi_daemon_pidfile" ]; then kill -HUP $(cat "$avahi_daemon_pidfile") fi NetworkConfiguration-openresolv-1db84a0/config-null.mk000066400000000000000000000000461501073167200232420ustar00rootroot00000000000000# This space left intentionally blank NetworkConfiguration-openresolv-1db84a0/configure000077500000000000000000000072061501073167200224100ustar00rootroot00000000000000#!/bin/sh # Try and be like autotools configure, but without autotools # Ensure that we do not inherit these from env OS= BUILD= HOST= TARGET= RESTARTCMD= RCDIR= STATUSARG= for x do opt=${x%%=*} var=${x#*=} case "$opt" in --os|OS) OS=$var;; --with-cc|CC) CC=$var;; --debug) DEBUG=$var;; --disable-debug) DEBUG=no;; --enable-debug) DEBUG=yes;; --prefix) PREFIX=$var;; --sysconfdir) SYSCONFDIR=$var;; --bindir|--sbindir) SBINDIR=$var;; --libexecdir) LIBEXECDIR=$var;; --statedir|--localstatedir) STATEDIR=$var;; --dbdir) DBDIR=$var;; --rundir) RUNDIR=$var;; --mandir) MANDIR=$var;; --with-ccopts|CFLAGS) CFLAGS=$var;; CPPFLAGS) CPPFLAGS=$var;; --build) BUILD=$var;; --host) HOST=$var;; --target) TARGET=$var;; --libdir) LIBDIR=$var;; --restartcmd) RESTARTCMD=$var;; --rcdir) RCDIR=$var;; --statusarg) STATUSARG=$var;; --includedir) eval INCLUDEDIR="$INCLUDEDIR${INCLUDEDIR:+ }$var";; --datadir|--infodir) ;; # ignore autotools --disable-maintainer-mode|--disable-dependency-tracking) ;; --help) echo "See the source for available options"; exit 0;; *) echo "$0: WARNING: unknown option $opt" >&2;; esac done : ${SED:=sed} CONFIG_MK=config.mk if [ -z "$BUILD" ]; then # autoconf target triplet: cpu-vendor-os BUILD=$(uname -m)-unknown-$(uname -s | tr '[:upper:]' '[:lower:]') fi : ${HOST:=$BUILD} if [ -z "$OS" ]; then echo "Deriving operating system from ... $HOST" # Derive OS from cpu-vendor-[kernel-]os CPU=${HOST%%-*} REST=${HOST#*-} if [ "$CPU" != "$REST" ]; then VENDOR=${REST%%-*} REST=${REST#*-} if [ "$VENDOR" != "$REST" ]; then # Use kernel if given, otherwise os OS=${REST%%-*} else # 2 tupple OS=$VENDOR VENDOR= fi fi # Work with cpu-kernel-os, ie Debian case "$VENDOR" in linux*|kfreebsd*) OS=$VENDOR; VENDOR= ;; esac # Special case case "$OS" in gnu*) OS=hurd;; # No HURD support as yet esac fi echo "Configuring openresolv for ... $OS" rm -rf $CONFIG_MK echo "# $OS" >$CONFIG_MK case "$OS" in dragonfly*) # This means /usr HAS to be mounted not via dhcpcd : ${LIBEXECDIR:=${PREFIX:-/usr}/libexec/resolvconf} ;; linux*) # cksum doesn't support -a and netpgp is rare echo "CKSUM= sha256sum --tag" >>$CONFIG_MK echo "PGP= gpg2" >>$CONFIG_MK ;; esac case "$OS" in dragonfly*|freebsd*) # On FreeBSD, /etc/init.d/foo status returns 0 if foo is not enabled # regardless of if it's not running. # So we force onestatus to work around this silly bug. if [ -z "$STATUSARG" ]; then STATUSARG="onestatus" fi ;; esac if [ -z "$LIBEXECDIR" ]; then printf "Checking for directory /libexec ... " if [ -d /libexec ]; then echo "yes" LIBEXECDIR=$PREFIX/libexec/resolvconf else echo "no" LIBEXECDIR=$PREFIX/lib/resolvconf fi fi if [ -z "$RUNDIR" ]; then printf "Checking for directory /run ... " if [ -d /run ]; then echo "yes" RUNDIR=/run else echo "no" RUNDIR=/var/run fi fi : ${SYSCONFDIR:=$PREFIX/etc} : ${SBINDIR:=$PREFIX/sbin} : ${LIBEXECDIR:=$PREFIX/libexec/resolvconf} : ${STATEDIR:=/var} : ${RUNDIR:=$STATEDIR/run} : ${MANDIR:=${PREFIX:-/usr}/share/man} eval SYSCONFDIR="$SYSCONFDIR" eval SBINDIR="$SBINDIR" eval LIBEXECDIR="$LIBEXECDIR" eval VARDIR="$RUNDIR/resolvconf" eval MANDIR="$MANDIR" for x in SYSCONFDIR SBINDIR LIBEXECDIR VARDIR MANDIR RESTARTCMD RCDIR STATUSARG do eval v=\$$x # Make files look nice for import l=$((10 - ${#x})) unset t [ $l -gt 3 ] && t=" " echo "$x=$t $v" >>$CONFIG_MK done echo echo " SYSCONFDIR = $SYSCONFDIR" echo " SBINDIR = $SBINDIR" echo " LIBEXECDIR = $LIBEXECDIR" echo " VARDIR = $RUNDIR" echo " MANDIR = $MANDIR" echo echo " RESTARTCMD = $RESTARTCMD" echo " RCDIR = $RCDIR" echo " STATUSARG = $STATUSARG" echo NetworkConfiguration-openresolv-1db84a0/dnsmasq.in000066400000000000000000000133031501073167200224720ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2007-2023 Roy Marples # All rights reserved # dnsmasq subscriber for resolvconf # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 [ -z "${dnsmasq_conf}${dnsmasq_resolv}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " : ${dnsmasq_pid:=/var/run/dnsmasq.pid} [ -s "$dnsmasq_pid" ] || dnsmasq_pid=/var/run/dnsmasq/dnsmasq.pid [ -s "$dnsmasq_pid" ] || unset dnsmasq_pid : ${dnsmasq_service:=dnsmasq} newconf="# Generated by resolvconf$NL" newresolv="$newconf" # Using dbus means that we never have to restart the daemon # This is important as it means we should not drop DNS queries # whilst changing DNS options around. However, dbus support is optional # so we need to validate a few things first. # Check for DBus support in the binary dbus=false dbus_ex=false dbus_introspect=$(dbus-send --print-reply --system \ --dest=uk.org.thekelleys.dnsmasq \ /uk/org/thekelleys/dnsmasq \ org.freedesktop.DBus.Introspectable.Introspect \ 2>/dev/null) if [ $? = 0 ]; then dbus=true if printf %s "$dbus_introspect" | \ grep -q '' then dbus_ex=true fi fi for n in $NAMESERVERS; do newresolv="${newresolv}nameserver $n$NL" done dbusdest= dbusdest_ex= conf= for d in $DOMAINS; do dn="${d%%:*}" ns="${d#*:}" while [ -n "$ns" ]; do n="${ns%%,*}" if $dbus && ! $dbus_ex; then case "$n" in *.*.*.*) SIFS=${IFS-y} OIFS=$IFS IFS=. set -- $n num="0x$(printf %02x $1 $2 $3 $4)" if [ "$SIFS" = y ]; then unset IFS else IFS=$OIFS fi dbusdest="$dbusdest uint32:$(printf %u $num)" dbusdest="$dbusdest string:$dn" ;; *:*%*) # This version of dnsmasq won't accept # scoped IPv6 addresses dbus=false ;; *:*) SIFS=${IFS-y} OIFS=$IFS bytes= front= back= empty=false i=0 IFS=: set -- $n while [ -n "$1" ] || [ -n "$2" ]; do addr="$1" shift if [ -z "$addr" ]; then empty=true continue fi i=$((i + 1)) while [ ${#addr} -lt 4 ]; do addr="0${addr}" done byte1="$(printf %d 0x${addr%??})" byte2="$(printf %d 0x${addr#??})" if $empty; then back="$back byte:$byte1 byte:$byte2" else front="$front byte:$byte1 byte:$byte2" fi done while [ $i != 8 ]; do i=$((i + 1)) front="$front byte:0 byte:0" done front="${front}$back" if [ "$SIFS" = y ]; then unset IFS else IFS=$OIFS fi dbusdest="${dbusdest}$front string:$dn" ;; *) if ! $dbus_ex; then dbus=false fi ;; esac fi dbusdest_ex="$dbusdest_ex${dbusdest_ex:+,}/$dn/$n" conf="${conf}server=/$dn/$n$NL" [ "$ns" = "${ns#*,}" ] && break ns="${ns#*,}" done done if $dbus; then newconf="$newconf$NL# Domain specific servers will" newconf="$newconf be sent over dbus${NL}" else newconf="$newconf$conf" fi # Try to ensure that config dirs exist if command -v config_mkdirs >/dev/null 2>&1; then config_mkdirs "$dnsmasq_conf" "$dnsmasq_resolv" else @SBINDIR@/resolvconf -D "$dnsmasq_conf" "$dnsmasq_resolv" fi changed=false if [ -n "$dnsmasq_conf" ]; then if [ ! -f "$dnsmasq_conf" ] || \ [ "$(cat "$dnsmasq_conf")" != "$(printf %s "$newconf")" ] then changed=true printf %s "$newconf" >"$dnsmasq_conf" fi fi if [ -n "$dnsmasq_resolv" ]; then # dnsmasq polls this file so no need to set changed=true if [ -f "$dnsmasq_resolv" ]; then if [ "$(cat "$dnsmasq_resolv")" != "$(printf %s "$newresolv")" ] then printf %s "$newresolv" >"$dnsmasq_resolv" fi else printf %s "$newresolv" >"$dnsmasq_resolv" fi fi if $changed; then # dnsmasq does not re-read the configuration file on SIGHUP if [ -n "$dnsmasq_restart" ]; then eval $dnsmasq_restart elif [ -n "$RESTARTCMD" ]; then set -- ${dnsmasq_service} eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${dnsmasq_service} fi fi if $dbus; then if [ -s "$dnsmasq_pid" ]; then $changed || kill -HUP $(cat "$dnsmasq_pid") fi # Send even if empty so old servers are cleared if $dbus_ex; then method=SetDomainServers if [ -n "$dbusdest_ex" ]; then dbusdest_ex="array:string:$dbusdest_ex" fi dbusdest="$dbusdest_ex" else method=SetServers fi dbus-send --system --dest=uk.org.thekelleys.dnsmasq \ /uk/org/thekelleys/dnsmasq uk.org.thekelleys.$method \ $dbusdest dbus-send --system --dest=uk.org.thekelleys.dnsmasq \ /uk/org/thekelleys/dnsmasq uk.org.thekelleys.ClearCache fi NetworkConfiguration-openresolv-1db84a0/libc.in000066400000000000000000000170321501073167200217400ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2007-2025 Roy Marples # All rights reserved # libc subscriber for resolvconf # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. SYSCONFDIR=@SYSCONFDIR@ LIBEXECDIR=@LIBEXECDIR@ VARDIR=@VARDIR@ KEYDIR="$VARDIR/keys" # Compat if [ ! -d "$KEYDIR" ] && [ -d "$VARDIR/interfaces" ]; then KEYDIR="$VARDIR/interfaces" fi NL=" " # sed may not be available, and this is faster on small files key_get_value() { key="$1" shift if [ $# -eq 0 ]; then while read -r line; do case "$line" in "$key"*) echo "${line##$key}";; esac done else for x do while read -r line; do case "$line" in "$key"*) echo "${line##$key}";; esac done < "$x" done fi } keys_remove() { while read -r line; do found=false for key do case "$line" in "$key"*|"#"*|" "*|" "*|"") found=true;; esac $found && break done $found || echo "$line" done } local_nameservers="127.* 0.0.0.0 255.255.255.255 ::1" # Support original resolvconf configuration layout # as well as the openresolv config file if [ -f "$SYSCONFDIR"/resolvconf.conf ]; then . "$SYSCONFDIR"/resolvconf.conf elif [ -d "$SYSCONFDIR"/resolvconf ]; then SYSCONFDIR="$SYSCONFDIR/resolvconf" base="$SYSCONFDIR/resolv.conf.d/base" if [ -f "$base" ]; then prepend_nameservers="$(key_get_value "nameserver " "$base")" domain="$(key_get_value "domain " "$base")" prepend_search="$(key_get_value "search " "$base")" resolv_conf_options="$(key_get_value "options " "$base")" resolv_conf_sortlist="$(key_get_value "sortlist " "$base")" fi if [ -f "$SYSCONFDIR"/resolv.conf.d/head ]; then resolv_conf_head="$(cat "${SYSCONFDIR}"/resolv.conf.d/head)" fi if [ -f "$SYSCONFDIR"/resolv.conf.d/tail ]; then resolv_conf_tail="$(cat "$SYSCONFDIR"/resolv.conf.d/tail)" fi fi : ${resolv_conf:=/etc/resolv.conf} if [ "$resolv_conf" = "/dev/null" ]; then exit 0 fi : ${resolv_conf_tmp:="$resolv_conf.$$.openresolv"} : ${libc_service:=nscd} : ${list_resolv:=@SBINDIR@/resolvconf -L} if [ "${resolv_conf_head-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.head ] then resolv_conf_head="$(cat "${SYSCONFDIR}"/resolv.conf.head)" fi if [ "${resolv_conf_tail-x}" = x ] && [ -f "$SYSCONFDIR"/resolv.conf.tail ] then resolv_conf_tail="$(cat "$SYSCONFDIR"/resolv.conf.tail)" fi backup=true signature="# Generated by resolvconf" uniqify() { result= while [ -n "$1" ]; do case " $result " in *" $1 "*);; *) result="$result $1";; esac shift done echo "${result# *}" } case "${resolv_conf_passthrough:-NO}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) backup=false newest= for conf in "$KEYDIR"/*; do if [ -z "$newest" ] || [ "$conf" -nt "$newest" ]; then newest="$conf" fi done [ -z "$newest" ] && exit 0 newconf="$(cat "$newest")$NL" ;; /dev/null|[Nn][Uu][Ll][Ll]) : ${resolv_conf_local_only:=NO} if [ "$local_nameservers" = "127.* 0.0.0.0 255.255.255.255 ::1" ]; then local_nameservers= fi # Need to overwrite our variables. eval "$(@SBINDIR@/resolvconf -V)" ;; *) [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" ;; esac case "${resolv_conf_passthrough:-NO}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;; *) : ${domain:=$DOMAIN} newsearch="$(uniqify $prepend_search $SEARCH $append_search)" NS="$LOCALNAMESERVERS $NAMESERVERS" newns= gotlocal=false for n in $(uniqify $prepend_nameservers $NS $append_nameservers); do add=true islocal=false for l in $local_nameservers; do case "$n" in $l) islocal=true; gotlocal=true; break;; esac done if ! $islocal; then case "${resolv_conf_local_only:-YES}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) $gotlocal && add=false;; esac fi $add && newns="$newns $n" done # Hold our new resolv.conf in a variable to save on temporary files newconf="$signature$NL" if [ -n "$resolv_conf_head" ]; then newconf="$newconf$resolv_conf_head$NL" fi [ -n "$domain" ] && newconf="${newconf}domain $domain$NL" if [ -n "$newsearch" ] && [ "$newsearch" != "$domain" ]; then newconf="${newconf}search $newsearch$NL" fi for n in $newns; do newconf="${newconf}nameserver $n$NL" done # Now add anything we don't care about such as sortlist and options stuff="$($list_resolv | keys_remove nameserver domain search)" if [ -n "$stuff" ]; then newconf="$newconf$stuff$NL" fi # Append any user defined ones if [ -n "$resolv_conf_options" ]; then newconf="${newconf}options $resolv_conf_options$NL" fi if [ -n "$resolv_conf_sortlist" ]; then newconf="${newconf}sortlist $resolv_conf_sortlist$NL" fi if [ -n "$resolv_conf_tail" ]; then newconf="$newconf$resolv_conf_tail$NL" fi ;; esac # Check if the file has actually changed or not if [ -e "$resolv_conf" ]; then [ "$(cat "$resolv_conf")" = "$(printf %s "$newconf")" ] && exit 0 fi # Change is good. # If the old file does not have our signature, back it up. # If the new file just has our signature, restore the backup. if $backup; then if [ "$newconf" = "$signature$NL" ]; then case "${resolv_conf_restore:=YES}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ -e "$resolv_conf.bak" ]; then newconf="$(cat "$resolv_conf.bak")$NL" fi ;; esac elif [ -e "$resolv_conf" ]; then read line <"$resolv_conf" if [ "$line" != "$signature" ]; then cp "$resolv_conf" "$resolv_conf.bak" fi fi fi # There are pros and cons for writing directly to resolv.conf # instead of a temporary file and then moving it over. # The default is to write to resolv.conf as it has the least # issues and has been the long standing default behaviour. case "${resolv_conf_mv:-NO}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) # Protect against symlink attack, ensure new file does not exist rm -f "$resolv_conf_tmp" # Keep original file owner, group and mode [ -r "$resolv_conf" ] && cp -p "$resolv_conf" "$resolv_conf_tmp" # Create our resolv.conf now if (umask 022; printf %s "$newconf" >"$resolv_conf_tmp"); then mv "$resolv_conf_tmp" "$resolv_conf" fi ;; *) (umask 022; printf %s "$newconf" >"$resolv_conf") ;; esac if [ -n "$libc_restart" ]; then eval $libc_restart elif [ -n "$RESTARTCMD" ]; then set -- ${libc_service} eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${libc_service} fi retval=0 # Notify users of the resolver for script in "$LIBEXECDIR"/libc.d/*; do if [ -f "$script" ]; then if [ -x "$script" ]; then "$script" "$@" else (. "$script") fi retval=$(($retval + $?)) fi done exit $retval NetworkConfiguration-openresolv-1db84a0/mdnsd.in000066400000000000000000000030051501073167200221270ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2007-2023 Roy Marples # All rights reserved # mdnsd notifier for resolvconf libc subscriber # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. : ${mdnsd_pidfile:=/var/run/mdnsd/mdnsd.pid} if [ -s "$mdnsd_pidfile" ]; then kill -HUP $(cat "$mdnsd_pidfile") fi NetworkConfiguration-openresolv-1db84a0/named.in000066400000000000000000000071401501073167200221120ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2007-2023 Roy Marples # All rights reserved # named subscriber for resolvconf # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 [ -z "${named_zones}${named_options}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " # Platform specific kludges if [ -z "${named_service}${named_restart}" ] && [ -d "$RCDIR" ] && ! [ -x "$RCDIR"/named ] then if [ -x "$RCDIR"/bind9 ]; then # Debian and derivatives named_service=bind9 elif [ -x "$RCDIR"/rc.bind ]; then # Slackware named_service=rc.bind fi fi : ${named_service:=named} : ${named_pid:=/var/run/$named_service.pid} [ -s "$named_pid" ] || named_pid=/var/run/$named_service/$named_service.pid [ -s "$named_pid" ] || unset named_pid newoptions="# Generated by resolvconf$NL" newzones="$newoptions" forward= for n in $NAMESERVERS; do case "$forward" in *"$NL $n;"*);; *) forward="$forward$NL $n;";; esac done if [ -n "$forward" ]; then newoptions="${newoptions}forward first;${NL}forwarders {$forward${NL}};$NL" fi for d in $DOMAINS; do newzones="${newzones}zone \"${d%%:*}\" {$NL" newzones="$newzones type forward;$NL" newzones="$newzones forward first;$NL forwarders {$NL" ns="${d#*:}" while [ -n "$ns" ]; do newzones="$newzones ${ns%%,*};$NL" [ "$ns" = "${ns#*,}" ] && break ns="${ns#*,}" done newzones="$newzones };$NL};$NL" done # Try to ensure that config dirs exist if command -v config_mkdirs >/dev/null 2>&1; then config_mkdirs "$named_options" "$named_zones" else @SBINDIR@/resolvconf -D "$named_options" "$named_zones" fi # No point in changing files or reloading bind if the end result has not # changed changed=false if [ -n "$named_options" ]; then if [ ! -f "$named_options" ] || \ [ "$(cat "$named_options")" != "$(printf %s "$newoptions")" ] then printf %s "$newoptions" >"$named_options" changed=true fi fi if [ -n "$named_zones" ]; then if [ ! -f "$named_zones" ] || \ [ "$(cat "$named_zones")" != "$(printf %s "$newzones")" ] then printf %s "$newzones" >"$named_zones" changed=true fi fi # named does not seem to work with SIGHUP which is a same if $changed; then if [ -n "$named_restart" ]; then eval $named_restart elif [ -n "$RESTARTCMD" ]; then set -- ${named_service} eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${named_service} fi fi NetworkConfiguration-openresolv-1db84a0/pdns_recursor.in000066400000000000000000000046711501073167200237240ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2009-2023 Roy Marples # All rights reserved # PowerDNS Recursor subscriber for resolvconf # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 [ -z "$pdns_zones" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " : ${pdns_service:=pdns-recursor} newzones= for n in $NAMESERVERS; do newzones="$newzones${newzones:+,}$n" done [ -n "$newzones" ] && newzones="+.=$newzones$NL" for d in $DOMAINS; do newns= ns="${d#*:}" while [ -n "$ns" ]; do newns="$newns${newns:+,}${ns%%,*}" [ "$ns" = "${ns#*,}" ] && break ns="${ns#*,}" done [ -n "$newns" ] && newzones="$newzones${d%%:*}=$newns$NL" done # Try to ensure that config dirs exist if command -v config_mkdirs >/dev/null 2>&1; then config_mkdirs "$pdnsd_zones" else @SBINDIR@/resolvconf -D "$pdnsd_zones" fi if [ ! -f "$pdns_zones" ] || \ [ "$(cat "$pdns_zones")" != "$(printf %s "$newzones")" ] then printf %s "$newzones" >"$pdns_zones" if [ -n "$pdns_restart" ]; then eval $pdns_restart elif [ -n "$RESTARTCMD" ]; then set -- ${pdns_service} eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${pdns_service} fi fi NetworkConfiguration-openresolv-1db84a0/pdnsd.in000066400000000000000000000105111501073167200221320ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2010-2023 Roy Marples # All rights reserved # pdnsd subscriber for resolvconf # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 [ -z "${pdnsd_conf}${pdnsd_resolv}" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " : ${pdnsd_restart:=pdnsd-ctl config $pdnsd_conf} signature="# Generated by resolvconf" signature_end="# End of resolvconf" # We normally use sed to remove markers from a configuration file # but sed may not always be available at the time. remove_markers() { m1="$1" m2="$2" in_marker=0 shift; shift if command -v sed >/dev/null 2>&1; then sed "/^$m1/,/^$m2/d" $@ else for x do while read line; do case "$line" in "$m1"*) in_marker=1;; "$m2"*) in_marker=0;; *) [ $in_marker = 0 ] && echo "$line";; esac done < "$x" done fi } # Compare two files # If different, replace first with second otherwise remove second change_file() { if [ -e "$1" ]; then if command -v cmp >/dev/null 2>&1; then cmp -s "$1" "$2" elif command -v diff >/dev/null 2>&1; then diff -q "$1" "$2" >/dev/null else # Hopefully we're only working on small text files ... [ "$(cat "$1")" = "$(cat "$2")" ] fi if [ $? -eq 0 ]; then rm -f "$2" return 1 fi fi cat "$2" > "$1" rm -f "$2" return 0 } newresolv="# Generated by resolvconf$NL" changed=false # Try to ensure that config dirs exist if command -v config_mkdirs >/dev/null 2>&1; then config_mkdirs "$pdnsd_resolv" "$pdnsd_conf" else @SBINDIR@/resolvconf -D "$pdnsd_resolv" "$pdnsd_conf" fi if [ -n "$pdnsd_resolv" ]; then for n in $NAMESERVERS; do newresolv="${newresolv}nameserver $n$NL" done fi # Only modify the configuration if it exists and we can write to it if [ -w "$pdnsd_conf" ]; then cf="$pdnsd_conf.new" newconf= if [ -z "$pdnsd_resolv" ]; then newconf="${newconf}server {$NL" newconf="${newconf} label=resolvconf;$NL" if [ -n "$NAMESERVERS" ]; then newconf="${newconf} ip=" first=true for n in $NAMESERVERS; do if $first; then first=false else newconf="${newconf}," fi newconf="$newconf$n" done newconf="${newconf};$NL" fi newconf="${newconf}}$NL" fi for d in $DOMAINS; do newconf="${newconf}server {$NL" newconf="${newconf} include=.${d%%:*}.;$NL" newconf="${newconf} policy=excluded;$NL" newconf="${newconf} ip=" ns="${d#*:}" while [ -n "$ns" ]; do newconf="${newconf}${ns%%,*}" [ "$ns" = "${ns#*,}" ] && break ns="${ns#*,}" newconf="${newconf}," done newconf="${newconf};$NL}$NL" done rm -f "$cf" remove_markers "$signature" "$signature_end" "$pdnsd_conf" > "$cf" if [ -n "$newconf" ]; then echo "$signature" >> "$cf" printf %s "$newconf" >> "$cf" echo "$signature_end" >> "$cf" fi if change_file "$pdnsd_conf" "$cf"; then changed=true fi fi if [ -n "$pdnsd_resolv" ]; then if [ ! -f "$pdnsd_resolv" ] || \ [ "$(cat "$pdnsd_resolv")" != "$(printf %s "$newresolv")" ] then changed=true printf %s "$newresolv" >"$pdnsd_resolv" fi fi if $changed; then eval $pdnsd_restart fi NetworkConfiguration-openresolv-1db84a0/resolvconf.8.in000066400000000000000000000231011501073167200233470ustar00rootroot00000000000000.\" Copyright (c) 2007-2025 Roy Marples .\" All rights reserved .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .Dd May 13, 2025 .Dt RESOLVCONF 8 .Os .Sh NAME .Nm resolvconf .Nd a framework for managing multiple DNS configurations .Sh SYNOPSIS .Nm .Fl I .Nm .Op Fl m Ar metric .Op Fl p .Op Fl x .Fl a Ar key .No < Ns Pa file .Nm .Fl C Ar pattern .Nm .Fl c Ar pattern .Nm .Op Fl f .Fl d Ar key .Nm .Op Fl x .Fl iLlp Ar pattern .Nm .Fl u .Nm .Fl Fl version .Sh DESCRIPTION .Nm manages .Xr resolv.conf 5 files from multiple sources, such as DHCP and VPN clients. Traditionally, the host runs just one client and that updates .Pa /etc/resolv.conf . More modern systems frequently have wired and wireless interfaces and there is no guarantee both are on the same network. With the advent of VPN and other types of networking daemons, many things now contend for the contents of .Pa /etc/resolv.conf . .Pp .Nm solves this by letting the daemon send their .Xr resolv.conf 5 file to .Nm via .Xr stdin 4 with the argument .Fl a Ar key instead of the filesystem. .Nm then updates .Pa /etc/resolv.conf as it thinks best. When a local resolver other than libc is installed, such as .Xr dnsmasq 8 or .Xr named 8 , then .Nm will supply files that the resolver should be configured to include. .Pp At it's heart, .Nm is a key/value store for .Pa resolv.conf files. Each entry must have a unique .Ar key and should be expressed as .Sy interface.protocol so that it's easy to tell from where the .Pa resolv.conf file came from. This also allows using pattern matching such as .Sy interface.* to match all protocols running on the interface. For example, a modern system will likely run DHCP, RA and DHCPv6 which could be from separate programs or one program running many protocols. However, this is not a fixed requirement, .Nm will work with any key name and it should be treated as an opaque value outside of .Nm . .Pp .Nm assumes it has a job to do. In some situations .Nm needs to act as a deterrent to writing to .Pa /etc/resolv.conf . Where this file cannot be made immutable or you just need to toggle this behaviour, .Nm can be disabled by adding .Sy resolvconf Ns = Ns NO to .Xr resolvconf.conf 5 . .Pp .Nm can mark a .Pa resolv.conf as private and optionally non-searchable. This means that the name servers listed in that .Pa resolv.conf are only used for queries against the domain/search listed in the same file and if non-searchable then the domain/search listed are excluded from the global search list defined in .Pa /etc/resolv.conf . This only works when a local resolver other than libc is installed. See .Xr resolvconf.conf 5 for how to configure .Nm to use a local name server and how to remove the private marking. .Pp .Nm can mark a .Pa resolv.conf as exclusive. Only the latest exclusive key is used for processing, otherwise all are. .Pp When a configuration source goes away, such as an interface going down or a VPN stopping, it should then call .Nm with .Fl d Ar key arguments to clean up the .Pa resolv.conf it added previously. For systems that support the concept of persisting configuration when the source is suspended, such as the carrier going down, then it should instead call .Nm with .Fl C Ar key arguments to deprecate the entry .Fl c Ar key to activate the entry when it comes back again. This only affects the order in which the .Pa resolv.conf entries are processed. .Pp Here are some options for the above commands: .Bl -tag -width pattern_opt .It Fl f Ignore non existent .Pa resolv.conf entries. Only really useful for deleting. .It Fl m Ar metric Set the metric of the .Pa resolv.conf entry when adding it, default of 0. Lower metrics take precedence. This affects the default order of entires when listed. .It Fl p Op Ar pattern Marks the .Pa resolv.conf as private if the .Fl a command is given, otherwise .Pa resolv.conf entries having their key matching .Ar pattern are listed. If an extra .Fl p is given then the .Pa resolv.conf is marked as non-searchable as well. .It Fl x Mark the .Pa resolv.conf as exclusive when adding, otherwise only use the latest exclusive key. .El .Pp .Nm has some more commands for general usage: .Bl -tag -width pattern_opt .It Fl i Op Ar pattern List the keys stored, optionally matching .Ar pattern , we have .Pa resolv.conf files for. If the .Fl L option is given first, then the keys will be list post-processed. .It Fl L Op Ar pattern List the .Pa resolv.conf files we have, post-processed by the .Xr resolvconf.conf 5 configuration. If .Ar pattern is specified then we list the files for the keys which match it. .It Fl l Op Ar pattern List the .Pa resolv.conf files we have. If .Ar pattern is specified then we list the files for the keys which match it. that match it. .It Fl u Force .Nm to update all its subscribers. .Nm does not update the subscribers when adding a resolv.conf that matches what it already has for that key. .It Fl Fl version Echo the resolvconf version to .Em stdout . .El .Pp .Nm also has some commands designed to be used by its subscribers and system startup: .Bl -tag -width pattern_opt .It Fl I Initialise the state directory .Pa @VARDIR@ . This only needs to be called if the initial system boot sequence does not automatically clean it out; for example the state directory is moved somewhere other than .Pa /var/run . If used, it should only be called once as early in the system boot sequence as possible and before .Nm is used to add entries. .It Fl R Echo the command used to restart a service. .It Fl r Ar service If the .Ar service is running then restart it. If the service does not exist or is not running then zero is returned, otherwise the result of restarting the service. .It Fl v Echo variables DOMAINS, SEARCH and NAMESERVERS so that the subscriber can configure the resolver easily. .It Fl V Same as .Fl v except that only the information configured in .Xr resolvconf.conf 5 is set. .El .Sh RESOLV.CONF ORDERING For .Nm to work effectively, it has to process the .Pa resolv.conf entries in the correct order. .Nm first processes keys from the .Sy key_order list, then entries without a metric and that match the .Sy dynamic_order list, then entries with a metric in order and finally the rest in the operating systems lexical order. See .Xr resolvconf.conf 5 for details on these lists. .Sh PROTOCOLS Here are some suggested protocol tags to use for each .Pa resolv.conf .Bl -tag -width pattern_opt .It dhcp Dynamic Host Configuration Protocol. .It ppp Point-to-Point Protocol. .It ra IPv6 Router Advertisement. .It dhcp6 Dynamic Host Configuration Protocol, version 6. .El .Sh IMPLEMENTATION NOTES If a subscriber has the executable bit then it is executed otherwise it is assumed to be a shell script and sourced into the current environment in a subshell. This is done so that subscribers can remain fast, but are also not limited to the shell language. .Pp Portable subscribers should not use anything outside of .Pa /bin and .Pa /sbin because .Pa /usr and others may not be available when booting. Also, it would be unwise to assume any shell specific features. .Sh ENVIRONMENT .Bl -ohang .It Va IF_METRIC If the .Fl m option is not present then we use .Va IF_METRIC for the metric. .It Va IF_PRIVATE Marks the .Pa resolv.conf as private. .It Va IF_NOSEARCH Marks the .Pa resolv.conf as non-searchable. .It Va IF_EXCLUSIVE Marks the .Pa resolv.conf as exclusive. .El .Sh FILES .Bl -ohang .It Pa /etc/resolv.conf.bak Backup file of the original resolv.conf. .It Pa @SYSCONFDIR@/resolvconf.conf Configuration file for .Nm . .It Pa @LIBEXECDIR@ Directory of subscribers which are run every time .Nm adds, deletes or updates. .It Pa @LIBEXECDIR@/libc.d Directory of subscribers which are run after the libc subscriber is run. .It Pa @VARDIR@ State directory for .Nm . .El .Sh NOTES Domain labels are assumed to be in ASCII and are converted to lower case to avoid duplicate zones when given differing case from different sources. .Pp When running a local resolver other than libc, you will need to configure it to include files that .Nm will generate. You should consult .Xr resolvconf.conf 5 for instructions on how to configure your resolver. .Sh SEE ALSO .Xr resolver 3 , .Xr stdin 4 , .Xr resolv.conf 5 , .Xr resolvconf.conf 5 .Sh HISTORY This implementation of .Nm is called openresolv and is fully command line compatible with Debian's resolvconf, as written by Thomas Hood. .Sh AUTHORS .An Roy Marples Aq Mt roy@marples.name .Sh BUGS Please report them to .Lk http://roy.marples.name/projects/openresolv NetworkConfiguration-openresolv-1db84a0/resolvconf.conf000066400000000000000000000003771501073167200235320ustar00rootroot00000000000000# Configuration for resolvconf(8) # See resolvconf.conf(5) for details resolv_conf=/etc/resolv.conf # If you run a local name server, you should uncomment the below line and # configure your subscribers configuration files below. #name_servers=127.0.0.1 NetworkConfiguration-openresolv-1db84a0/resolvconf.conf.5.in000066400000000000000000000352611501073167200243020ustar00rootroot00000000000000.\" Copyright (c) 2009-2025 Roy Marples .\" All rights reserved .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .Dd May 13, 2025 .Dt RESOLVCONF.CONF 5 .Os .Sh NAME .Nm resolvconf.conf .Nd resolvconf configuration file .Sh DESCRIPTION .Nm is the configuration file for .Xr resolvconf 8 . The .Nm file is a shell script that is sourced by .Xr resolvconf 8 , meaning that .Nm must contain valid shell commands. Listed below are the standard .Nm variables that may be set. If the values contain whitespace, wildcards or other special shell characters, ensure they are quoted and escaped correctly. See the .Sy replace variable for an example on quoting. .Pp After updating this file, you may wish to run .Nm resolvconf -u to apply the new configuration. .Pp When a dynamically generated list is appended or prepended to, the whole is made unique where left-most wins. .Sh RESOLVCONF OPTIONS .Bl -tag -width indent .It Sy resolvconf Set to NO to disable .Nm resolvconf from running any subscribers. Defaults to YES. .It Sy allow_keys If set, only these keys will be processed. .It Sy deny_keys If set, these keys will not be processed. .It Sy exclude Is a space separated list of key/value pairs to match. If all key/value pairs in one element can be found in the file, then the whole file will be excluded from processing. The syntax is this: .Va $keyword Ns / Ns Va $match Ns Op / Ns Va $keyword Ns / Ns Va $match .Pp For example given this configuration: .Bd -literal -compact -offset indent exclude="search/foo*/nameserver/1.2.3.4 search/bar.org" .Ed .Pp Then any resolv.conf with both a search option starting with foo with a nameserver of 1.2.3.4 OR a search option of bar.org would be excluded. .It Sy key_order These keys will always be processed first. If unset, defaults to the following: .Bd -literal -compact -offset indent lo lo[0-9]* .Ed .It Sy dynamic_order These keys will be processed next, unless they have a metric. If unset, defaults to the following: .Bd -literal -compact -offset indent tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]* .Ed .It Sy inclusive_keys Ignore any exclusive marking for these keys. This is handy when 3rd party integrations force the .Nm resolvconf -x option and you want to disable it easily. .It Sy local_nameservers If unset, defaults to the following: .Bd -literal -compact -offset indent 127.* 0.0.0.0 255.255.255.255 ::1 .Ed .It Sy search_domains Prepend search domains to the dynamically generated list. .It Sy search_domains_append Append search domains to the dynamically generated list. .It Sy domain_blacklist A list of domains to be removed from consideration. To remove a domain, you can use foo.* To remove a sub domain, you can use *.bar .It Sy name_servers Prepend name servers to the dynamically generated list. You should set this to 127.0.0.1 if you use a local name server other than libc. .It Sy name_servers_append Append name servers to the dynamically generated list. .It Sy name_server_blacklist A list of name servers to be removed from consideration. The default is 0.0.0.0 as some faulty routers send it via DHCP. To remove a block, you can use 192.168.* .It Sy private_keys These keys name servers will only be queried for the domains listed in their resolv.conf. Useful for VPN domains. Setting .Sy private_keys Ns ="*" will stop the forwarding of the root zone and allows the local resolver to recursively query the root servers directly. Requires a local nameserver other than libc. This is equivalent to the .Nm resolvconf -p option. .It Sy nosearch_keys These keys domains/search won't be added to the global search list in .Pa /etc/resolv.conf . .It Sy public_keys Force these keys to be public, overriding the private and nosearch markings. This is handy when 3rd party integrations force the .Nm resolvconf -p option and you want to disable it easily. .It Sy replace Is a space separated list of replacement keywords. The syntax is this: .Va $keyword Ns / Ns Va $match Ns / Ns Va $replacement .Pp Example, given this resolv.conf: .Bd -literal -compact -offset indent domain foo.org search foo.org dead.beef nameserver 1.2.3.4 nameserver 2.3.4.5 .Ed .Pp and this configuration: .Bd -literal -compact -offset indent replace="search/foo*/bar.com" replace="$replace nameserver/1.2.3.4/5.6.7.8" replace="$replace nameserver/2.3.4.5/" .Ed .Pp you would get this resolv.conf instead: .Bd -literal -compact -offset indent domain foo.org search bar.com nameserver 5.6.7.8 .Ed .Pp .It Sy replace_sub Works the same way as .Sy replace except it works on each space separated value rather than the whole line, so it's useful for the replacing a single domain within the search directive. Using the same example resolv.conf and changing .Sy replace to .Sy replace_sub , you would get this resolv.conf instead: .Bd -literal -compact -offset indent domain foo.org search bar.com dead.beef nameserver 5.6.7.8 .Ed .Pp .It Sy state_dir Override the default state directory of .Pa @VARDIR@ . This should not be changed once .Nm resolvconf is in use unless the old directory is copied to the new one. .El .Sh LIBC OPTIONS The following variables affect .Xr resolv.conf 5 directly: .Bl -tag -width indent .It Sy resolv_conf Defaults to .Pa /etc/resolv.conf if not set. Set to .Pa /dev/null to stop .Xr resolvconf 8 from changing it. .It Sy resolv_conf_options A list of libc resolver options, as specified in .Xr resolv.conf 5 . .It Sy resolv_conf_passthrough When set to YES the latest resolv.conf is written to .Sy resolv_conf without any alteration. When set to /dev/null or NULL, .Sy resolv_conf_local_only is defaulted to NO, .Sy local_nameservers is unset unless overridden and only the information set in .Nm is written to .Sy resolv_conf . .It Sy resolv_conf_restore When set to YES and and an empty .Pa resolv.conf would be written, restore .Pa resolv.conf.bak instead if it exists. Defaults to YES if not set. .It Sy resolv_conf_sortlist A libc resolver sortlist, as specified in .Xr resolv.conf 5 . .It Sy resolv_conf_local_only If a local name server is configured then the default is just to specify that and ignore all other entries as they will be configured for the local name server. Set this to NO to also list non-local nameservers. This will give you working DNS even if the local nameserver stops functioning at the expense of duplicated server queries. .It Sy append_nameservers Append name servers to the dynamically generated list. .It Sy prepend_nameservers Prepend name servers to the dynamically generated list. .It Sy append_search Append search domains to the dynamically generated list. .It Sy prepend_search Prepend search domains to the dynamically generated list. .It Sy resolv_conf_mv Defaults to NO. Defines if .Pa /etc/resolv.conf is updated by writing to a temporary file and then moving it vs writing directly to it. .El .Sh SUBSCRIBER OPTIONS openresolv ships with subscribers for the name servers .Xr dnsmasq 8 , .Xr named 8 , .Xr pdnsd 8 , .Xr pdns_recursor 1 , and .Xr unbound 8 . Each subscriber can create configuration files which should be included in the subscribers main configuration file. .Pp To disable a subscriber, simply set its name to NO. If the subscriber name has a dash in it, then replace it with an underscore. For example, to disable the libc subscriber you would set: .Bd -literal -compact -offset indent libc=NO .Ed .Bl -tag -width indent .It Sy dnsmasq_conf This file tells dnsmasq which name servers to use for specific domains. .It Sy dnsmasq_resolv This file tells dnsmasq which name servers to use for global lookups. .Pp Example resolvconf.conf for dnsmasq: .Bd -literal -compact -offset indent name_servers=127.0.0.1 dnsmasq_conf=/etc/dnsmasq-conf.conf dnsmasq_resolv=/etc/dnsmasq-resolv.conf .Ed .Pp Example dnsmasq.conf: .Bd -literal -compact -offset indent listen-address=127.0.0.1 # If dnsmasq is compiled for DBus then we can take # advantage of not having to restart dnsmasq. enable-dbus conf-file=/etc/dnsmasq-conf.conf resolv-file=/etc/dnsmasq-resolv.conf .Ed .It Sy named_options Include this file in the named options block. This file tells named which name servers to use for global lookups. .It Sy named_zones Include this file in the named global scope, after the options block. This file tells named which name servers to use for specific domains. .Pp Example resolvconf.conf for named: .Bd -literal -compact -offset indent name_servers=127.0.0.1 named_options=/etc/named-options.conf named_zones=/etc/named-zones.conf .Ed .Pp Example named.conf: .Bd -literal -compact -offset indent options { listen-on { 127.0.0.1; }; include "/etc/named-options.conf"; }; include "/etc/named-zones.conf"; .Ed .It Sy pdnsd_conf This is the main pdnsd configuration file which we modify to add our forward domains to. If this variable is not set then we rely on the pdnsd configuration file setup to read .Pa pdnsd_resolv as documented below. .It Sy pdnsd_resolv This file tells pdnsd about global name servers. If this variable is not set then it's written to .Pa pdnsd_conf . .Pp Example resolvconf.conf for pdnsd: .Bd -literal -compact -offset indent name_servers=127.0.0.1 pdnsd_conf=/etc/pdnsd.conf # pdnsd_resolv=/etc/pdnsd-resolv.conf .Ed .Pp Example pdnsd.conf: .Bd -literal -compact -offset indent global { server_ip = 127.0.0.1; status_ctl = on; } server { # A server definition is required, even if empty. label="empty"; proxy_only=on; # file="/etc/pdnsd-resolv.conf"; } .Ed .It Sy pdns_zones This file tells pdns_recursor about specific and global name servers. .Pp Example resolvconf.conf for pdns_recursor: .Bd -literal -compact -offset indent name_servers=127.0.0.1 pdns_zones=/etc/pdns/recursor-zones.conf .Ed .Pp Example recursor.conf: .Bd -literal -compact -offset indent allow-from=127.0.0.0/8, ::1/128 forward-zones-file=/etc/pdns/recursor-zones.conf .Ed .It Sy resolvectl When set to YES, .Xr resolvectl 1 will be used to write per interface entries from .Xr resolvconf 8 to .Xr systemd-resolved 8 . A warning is emitted for any entry that cannot be matched to an interface. .Pp This subscriber should only be used if your systemd-resolved does not support DNS delegates and you need private or non searchable .Xr resolvconf 8 entries, or you're really beholden to seeing DNS setup per interface via .Xr resolvectl 1 . The systemd-resolved subscriber documented below is the better option. .Pp Example resolvconf.conf for resolvectl: .Bd -literal -compact -offset indent # Keep /etc/resolv.conf as systemd-resolved wants it libc=NO resolvectl=YES .Ed .It Sy systemd_resolved When set to YES, global DNS will be written to the .Sy systemd_resolved_conf configuration file and DNS delegates will be written to the .Sy systemd_delegate_dir directory. .It Sy systemd_resolved_conf Defaults to .Pa /run/systemd/resolved.conf.d/60-resolvconf.conf . .It Sy systemd_delegate_dir Defaults to .Pa /run/systemd/dns-delegate.d . .Pp Example resolvconf.conf for systemd-resolved: .Bd -literal -compact -offset indent # Keep /etc/resolv.conf as systemd-resolved wants it libc=NO systemd_resolved=YES .Ed .It Sy unbound_conf This file tells unbound about specific and global name servers. .It Sy unbound_insecure When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC. .It Sy unbound_private When set to YES, unbound marks the domains as private, allowing it and its subdomains to contain private addresses. .It Sy unbound_forward_zone_options Options appended to each forward zone. Each option should be separated by an embedded new line. .Pp Example resolvconf.conf for unbound: .Bd -literal -compact -offset indent name_servers=127.0.0.1 unbound_conf=/etc/unbound-resolvconf.conf .Ed .Pp Example unbound.conf: .Bd -literal -compact -offset indent include: /etc/unbound-resolvconf.conf .Ed .El .Sh SUBSCRIBER INTEGRATION Not all distributions store the files the subscribers need in the same locations. For example, named service scripts have been called named, bind and rc.bind and they could be located in a directory called /etc/rc.d, /etc/init.d or similar. Each subscriber attempts to automatically configure itself, but not every distribution has been catered for. Also, users could equally want to use a different version from the one installed by default, such as bind8 and bind9. To accommodate this, the subscribers have these files in configurable variables, documented below. .Bl -tag -width indent .It Sy dnsmasq_service Name of the dnsmasq service. .It Sy dnsmasq_restart Command to restart the dnsmasq service. .It Sy dnsmasq_pid Location of the dnsmasq pidfile. .It Sy libc_service Name of the libc service. .It Sy libc_restart Command to restart the libc service. .It Sy named_service Name of the named service. .It Sy named_restart Command to restart the named service. .It Sy pdnsd_restart Command to restart the pdnsd service. .It Sy pdns_service Command to restart the pdns_recursor service. .It Sy pdns_restart Command to restart the pdns_recursor service. .It Sy unbound_service Name of the unbound service. .It Sy unbound_restart Command to restart the unbound service. .It Sy unbound_pid Location of the unbound pidfile. .El .Sh SEE ALSO .Xr sh 1 , .Xr resolv.conf 5 , .Xr resolvconf 8 .Sh AUTHORS .An Roy Marples Aq Mt roy@marples.name .Sh BUGS Each distribution is a special snowflake and likes to name the same thing differently, namely the named service script. .Pp Swapping between resolvectl and systemd-resolved subscribers at runtime is not supported. A reboot is recommended so that stale data is removed. While you could run them both at the same time, only using one is the recommended approach. .Pp systemd-resolved does not support the concept of a deprecated entry. .Pp Please report them to .Lk https://roy.marples.name/projects/openresolv NetworkConfiguration-openresolv-1db84a0/resolvconf.in000066400000000000000000000725661501073167200232240ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2007-2025 Roy Marples # All rights reserved # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. RESOLVCONF="$0" OPENRESOLV_VERSION="3.16.4" SYSCONFDIR=@SYSCONFDIR@ LIBEXECDIR=@LIBEXECDIR@ VARDIR=@VARDIR@ RCDIR=@RCDIR@ RESTARTCMD=@RESTARTCMD@ if [ "$1" = "--version" ]; then echo "openresolv $OPENRESOLV_VERSION" echo "Copyright (c) 2007-2025 Roy Marples" exit 0 fi # Disregard dhcpcd setting unset interface_order state_dir # If you change this, change the test in VFLAG and libc.in as well local_nameservers="127.* 0.0.0.0 255.255.255.255 ::1" dynamic_order="tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]*" interface_order="lo lo[0-9]*" name_server_blacklist="0.0.0.0" # Poor mans cat # /usr might not be available cat() { OIFS="$IFS" IFS='' if [ -n "$1" ]; then while read -r line; do printf "%s\n" "$line" done < "$1" else while read -r line; do printf "%s\n" "$line" done fi retval=$? IFS="$OIFS" return $retval } # Support original resolvconf configuration layout # as well as the openresolv config file if [ -f "$SYSCONFDIR"/resolvconf.conf ]; then . "$SYSCONFDIR"/resolvconf.conf [ -n "$state_dir" ] && VARDIR="$state_dir" elif [ -d "$SYSCONFDIR/resolvconf" ]; then SYSCONFDIR="$SYSCONFDIR/resolvconf" if [ -f "$SYSCONFDIR"/interface-order ]; then interface_order="$(cat "$SYSCONFDIR"/interface-order)" fi fi KEYDIR="$VARDIR/keys" METRICDIR="$VARDIR/metrics" PRIVATEDIR="$VARDIR/private" NOSEARCHDIR="$VARDIR/nosearch" EXCLUSIVEDIR="$VARDIR/exclusive" DEPRECATEDDIR="$VARDIR/deprecated" LOCKDIR="$VARDIR/lock" _PWD="$PWD" # Compat if [ ! -d "$KEYDIR" ] && [ -d "$VARDIR/interfaces" ]; then KEYDIR="$VARDIR/interfaces" fi : ${allow_keys:="$allow_interfaces"} : ${deny_keys:="$deny_interfaces"} : ${key_order:="$interface_order"} : ${inclusive_keys:="$inclusive_interfaces"} : ${exclusive_keys:="$exclusive_interfaces"} : ${private_keys:="$private_interfaces"} : ${public_keys:="$public_interfaces"} warn() { echo "$@" >&2 } error_exit() { echo "$@" >&2 exit 1 } usage() { cat <<-EOF Usage: ${RESOLVCONF##*/} [options] command [argument] Inform the system about any DNS updates. Commands: -a \$KEY Add DNS information to the specified key (DNS supplied via stdin in resolv.conf format) -C \$PATTERN Deprecate DNS information for matched key -c \$PATTERN Configure DNS information for matched key -d \$PATTERN Delete DNS information from the matched key -h Show this help cruft -i [\$PATTERN] Show keys that have supplied DNS information optionally from keys that match the specified pattern -l [\$PATTERN] Show DNS information, optionally from keys that match the specified pattern -L [\$PATTERN] Same as -l, but adjusted by our config -u Run updates from our current DNS information --version Echo the ${RESOLVCONF##*/} version Options: -f Ignore non existent keys -m metric Give the added DNS information a metric -p Mark the resolv.conf as private -x Mark the resolv.conf as exclusive Subscriber and System Init Commands: -I Init the state dir -r \$SERVICE Restart the system service (restarting a non-existent or non-running service should have no output and return 0) -R Show the system service restart command -v [\$PATTERN] echo NEWDOMAIN, NEWSEARCH and NEWNS variables to the console -V [\$PATTERN] Same as -v, but only uses configuration in $SYSCONFDIR/resolvconf.conf EOF [ -z "$1" ] && exit 0 echo error_exit "$@" } public_key() { key="$1" # Allow expansion cd "$KEYDIR" # Public keys override private ones. for p in $public_keys; do case "$key" in "$p"|"$p":*) return 0;; esac done return 1 } private_key() { key="$1" if public_key "$key"; then return 1 fi if [ -e "$PRIVATEDIR/$key" ]; then return 0 fi for p in $private_keys; do case "$key" in "$p"|"$p":*) return 0;; esac done # Not a private key return 1 } nosearch_key() { key="$1" if public_key "$key"; then return 1 fi if [ -e "$NOSEARCHDIR/$key" ]; then return 0 fi for p in $nosearch_keys; do case "$key" in "$p"|"$p":*) return 0;; esac done # Not a non searchable key return 1 } exclusive_key() { key="$1" for x in "$EXCLUSIVEDIR/"*" $key"; do if [ -f "$x" ]; then return 0 fi done # Not an exclusive key return 1 } # Parse resolv.conf's and make variables # for domain name servers, search name servers and global nameservers parse_resolv() { domain= new=true newns= ns= private=false nosearch=false search= while read -r line; do value="${line#* }" case "$line" in "# resolv.conf from "*) if ${new}; then key="${line#\# resolv.conf from *}" new=false if nosearch_key "$key"; then private=true nosearch=true elif private_key "$key"; then private=true nosearch=false else private=false nosearch=false fi fi ;; "nameserver "*) islocal=false for l in $local_nameservers; do case "$value" in $l) islocal=true break ;; esac done if $islocal; then echo "LOCALNAMESERVERS=\"\$LOCALNAMESERVERS $value\"" else ns="$ns${ns:+ }$value" fi ;; "domain "*) search="$value" if [ -z "$domain" ]; then domain="$search" if ! $nosearch; then echo "DOMAIN=\"$domain\"" fi fi ;; "search "*) search="$value" ;; *) [ -n "$line" ] && continue if [ -n "$ns" ] && [ -n "$search" ]; then newns= for n in $ns; do newns="$newns${newns:+,}$n" done ds= for d in $search; do ds="$ds${ds:+ }$d:$newns" done echo "DOMAINS=\"\$DOMAINS $ds\"" fi if ! $nosearch; then echo "SEARCH=\"\$SEARCH $search\"" fi if ! $private; then echo "NAMESERVERS=\"\$NAMESERVERS $ns\"" fi ns= search= new=true ;; esac done } uniqify() { result= while [ -n "$1" ]; do case " $result " in *" $1 "*);; *) result="$result $1";; esac shift done echo "${result# *}" } dirname() { OIFS="$IFS" IFS=/ set -- $@ IFS="$OIFS" if [ -n "$1" ]; then printf %s . else shift fi while [ -n "$2" ]; do printf "/%s" "$1" shift done printf "\n" } config_mkdirs() { for f; do [ -n "$f" ] || continue d="$(dirname "$f")" if [ ! -d "$d" ]; then mkdir -p "$d" || return $? fi done return 0 } # With the advent of alternative init systems, it's possible to have # more than one installed. So we need to try and guess what one we're # using unless overridden by configure. # Note that restarting a service is a last resort - the subscribers # should make a reasonable attempt to reconfigure the service via some # method, normally SIGHUP. detect_init() { [ -n "$RESTARTCMD" ] && return 0 # Detect the running init system. # As systemd and OpenRC can be installed on top of legacy init # systems we try to detect them first. status="@STATUSARG@" : ${status:=status} if [ -x /bin/systemctl ] && [ -S /run/systemd/private ]; then RESTARTCMD=' if /bin/systemctl --quiet is-active $1.service then /bin/systemctl restart $1.service fi' elif [ -x /usr/bin/systemctl ] && [ -S /run/systemd/private ]; then RESTARTCMD=' if /usr/bin/systemctl --quiet is-active $1.service then /usr/bin/systemctl restart $1.service fi' elif [ -x /sbin/rc-service ] && { [ -s /libexec/rc/init.d/softlevel ] || [ -s /run/openrc/softlevel ]; } then RESTARTCMD='/sbin/rc-service -i $1 -- -Ds restart' elif [ -x /usr/sbin/invoke-rc.d ]; then RCDIR=/etc/init.d RESTARTCMD=' if /usr/sbin/invoke-rc.d --quiet $1 status >/dev/null 2>&1 then /usr/sbin/invoke-rc.d $1 restart fi' elif [ -x /usr/bin/s6-rc ] && [ -x /usr/bin/s6-svc ]; then RESTARTCMD=' if s6-rc -a list 2>/dev/null | grep -qFx $1-srv then s6-svc -r /run/service/$1-srv fi' elif [ -x /sbin/service ]; then # Old RedHat RCDIR=/etc/init.d RESTARTCMD=' if /sbin/service $1; then /sbin/service $1 restart fi' elif [ -x /usr/sbin/service ]; then # Could be FreeBSD RESTARTCMD=" if /usr/sbin/service \$1 $status >/dev/null 2>&1 then /usr/sbin/service \$1 restart fi" elif [ -x /bin/sv ]; then RESTARTCMD='/bin/sv status $1 >/dev/null 2>&1 && /bin/sv try-restart $1' elif [ -x /usr/bin/sv ]; then RESTARTCMD='/usr/bin/sv status $1 >/dev/null 2>&1 && /usr/bin/sv try-restart $1' elif [ -e /etc/arch-release ] && [ -d /etc/rc.d ]; then RCDIR=/etc/rc.d RESTARTCMD=' if [ -e /var/run/daemons/$1 ] then /etc/rc.d/$1 restart fi' elif [ -e /etc/slackware-version ] && [ -d /etc/rc.d ]; then RESTARTCMD=' if /etc/rc.d/rc.$1 status >/dev/null 2>&1 then /etc/rc.d/rc.$1 restart fi' elif [ -e /etc/rc.d/rc.subr ] && [ -d /etc/rc.d ]; then # OpenBSD RESTARTCMD=' if /etc/rc.d/$1 check >/dev/null 2>&1 then /etc/rc.d/$1 restart fi' elif [ -d /etc/dinit.d ] && command -v dinitctl >/dev/null 2>&1; then RESTARTCMD='dinitctl --quiet restart --ignore-unstarted $1' else for x in /etc/init.d/rc.d /etc/rc.d /etc/init.d; do [ -d $x ] || continue RESTARTCMD=" if $x/\$1 $status >/dev/null 2>&1 then $x/\$1 restart fi" break done fi if [ -z "$RESTARTCMD" ]; then if [ "$_NOINIT_WARNED" != true ]; then warn "could not detect a useable init system" _NOINIT_WARNED=true fi return 1 fi _NOINIT_WARNED= return 0 } echo_resolv() { OIFS="$IFS" [ -n "$1" ] && [ -f "$KEYDIR/$1" ] || return 1 echo "# resolv.conf from $1" # Our variable maker works of the fact each resolv.conf per key # is separated by blank lines. # So we remove them when echoing them. while read -r line; do IFS="$OIFS" if [ -n "$line" ]; then # We need to set IFS here to preserve any whitespace IFS='' printf "%s\n" "$line" fi done < "$KEYDIR/$1" IFS="$OIFS" } deprecated_key() { [ -d "$DEPRECATEDDIR" ] || return 1 cd "$DEPRECATEDDIR" for da; do for daf in *; do [ -f "$daf" ] || continue case "$da" in $daf) return 0;; esac done done return 1 } match() { match="$1" file="$2" retval=1 count=0 while read -r keyword value; do new_match= for om in $match; do m="$om" keep= while [ -n "$m" ]; do k="${m%%/*}" r="${m#*/}" f="${r%%/*}" r="${r#*/}" # If the length of m is the same as k/f then # we know that we are done if [ ${#m} = $((${#k} + 1 + ${#f})) ]; then r= fi m="$r" matched=false case "$keyword" in $k) case "$value" in $f) matched=true ;; esac ;; esac if ! $matched; then keep="$keep${keep:+/}$k/$f" fi done if [ -n "$om" ] && [ -z "$keep" ]; then retval=0 break 2 fi new_match="${new_match}${new_match:+ }${keep}" done match="${new_match}" done < "$file" return $retval } list_keys() { list_cmd="$1" shift [ -d "$KEYDIR" ] || return 0 cd "$KEYDIR" [ -n "$1" ] || set -- "*" list= retval=0 if [ "$list_cmd" = -i ] || [ "$list_cmd" = -l ]; then for i in $@; do if [ ! -f "$i" ]; then if ! $force && [ "$i" != "*" ]; then echo "No resolv.conf for key $i" >&2 fi retval=2 continue fi list="$list $i" done [ -z "$list" ] || uniqify $list return $retval fi if [ "$list_cmd" != -I ] && [ "$list_cmd" != -L ]; then echo "list_keys: unknown command $list_cmd" >&2 return 1 fi if [ -d "$EXCLUSIVEDIR" ]; then cd "$EXCLUSIVEDIR" for i in $EXCLUSIVEDIR/*; do if [ -f "$i" ]; then cd "$KEYDIR" for ii in $inclusive_keys; do if [ -f "$ii" ] && [ "${i#* }" = "$ii" ]; then continue 2 fi done list="${i#* }" break fi done cd "$KEYDIR" if [ -n "$list" ]; then for i in $@; do # list will be one item due to the above if [ -f "$i" ] && [ "$i" = "$list" ]; then echo "$i" return 0 fi done return 0 fi fi for i in $key_order; do for ii in "$i" "$i":* "$i".*; do [ -f "$ii" ] && list="$list $ii" done done for i in $dynamic_order; do for ii in "$i" "$i":* "$i".*; do if [ -f "$ii" ] && ! [ -e "$METRICDIR/"*" $ii" ] then list="$list $ii" fi done done # Interfaces have an implicit metric of 0 if not specified. for i in *; do if [ -f "$i" ] && ! [ -e "$METRICDIR/"*" $i" ]; then list="$list $i" fi done if [ -d "$METRICDIR" ]; then cd "$METRICDIR" for i in *; do [ -f "$i" ] && list="$list ${i#* }" done cd "$KEYDIR" fi # Move deprecated keys to the back active= deprecated= for i in $list; do if deprecated_key "$i"; then deprecated="$deprecated $i" else active="$active $i" fi done list="$active $deprecated" retval=0 if [ "$1" != "*" ]; then cd "$KEYDIR" matched= for i in $@; do if ! [ -f "$i" ]; then if ! $force; then echo "No resolv.conf for key $i" >&2 fi retval=2 continue fi for ii in $list; do if [ "$i" = "$ii" ]; then matched="$matched${matched:+ }$i" break fi done done if [ -z "$matched" ]; then return $retval fi list="$matched" fi allowed= for i in $(uniqify $list); do if [ -n "$allow_keys" ]; then x=false for ii in $allow_keys; do if [ "$i" = "$ii" ]; then x=true break fi done $x || continue fi for ii in $deny_keys; do if [ "$i" = "$ii" ]; then continue 2 fi done if [ -n "$exclude" ] && match "$exclude" "$i"; then continue fi allowed="$allowed${allowed:+ }$i" done cd "$KEYDIR" for i in $exclusive_keys; do for ii in $allowed; do if [ "$i" = "$ii" ]; then echo "$i" return fi done done [ -z "$allowed" ] || echo "$allowed" } list_resolv() { keys="$(list_keys "$@")" retval=$? if [ "$retval" != 0 ]; then return $retval fi for i in $keys; do echo_resolv "$i" && echo done } list_private() { KEYS= cd "$KEYDIR" if [ -z "$1" ]; then set -- "*" fi for i in $@; do if private_key "$i"; then KEYS="${KEYS}${KEYS:+ }$i" fi done if [ -n "$KEYS" ]; then echo "$KEYS" fi } list_nosearch() { KEYS= cd "$KEYDIR" if [ -z "$1" ]; then set -- "*" fi for i in $@; do if nosearch_key "$i"; then KEYS="${KEYS}${KEYS:+ }$i" fi done if [ -n "$KEYS" ]; then echo "$KEYS" fi } list_exclusive() { KEYS= cd "$KEYDIR" if [ -z "$1" ]; then set -- "*" fi for i in $@; do if exclusive_key "$i"; then KEYS="${KEYS}${KEYS:+ }$i" fi done if [ -n "$KEYS" ]; then echo "$KEYS" fi } list_remove() { [ -z "$2" ] && return 0 eval list=\"\$$1\" shift result= retval=0 set -f for e; do found=false for l in $list; do case "$e" in $l) found=true;; esac $found && break done if $found; then retval=$(($retval + 1)) else result="$result $e" fi done set +f echo "${result# *}" return $retval } echo_prepend() { echo "# Generated by resolvconf" if [ -n "$search_domains" ]; then echo "search $search_domains" fi for n in $name_servers; do echo "nameserver $n" done echo } echo_append() { echo "# Generated by resolvconf" if [ -n "$search_domains_append" ]; then echo "search $search_domains_append" fi for n in $name_servers_append; do echo "nameserver $n" done echo } tolower() { # There is no good way of doing this portably in shell :( # Luckily we are only doing this for domain names which we # know have to be ASCII. # Non ASCII domains *should* be translated to ASCII *before* # we get to this stage. # We could use echo "$@" | tr '[:upper:]' '[:lower:]' but # tr is in /usr/bin and may not be available when data is fed # to resolvconf. # So it's the cost of a pipe + fork vs this slow loop # for word; do # Check if we have any upper to avoid looping per char case "$word" in *[A-Z]*) ;; *) printf "%s " "$word"; continue;; esac while [ -n "$word" ]; do # Remove everything except the first character afterchar="${word#?}" # Remove the afterchar to get the first character char="${word%%$afterchar}" # Assign afterchar back to word for looping word="$afterchar" # Now enforce lowercase a-z case "$char" in A) char=a;; B) char=b;; C) char=c;; D) char=d;; E) char=e;; F) char=f;; G) char=g;; H) char=h;; I) char=i;; J) char=j;; K) char=k;; L) char=l;; M) char=m;; N) char=n;; O) char=o;; P) char=p;; Q) char=q;; R) char=r;; S) char=s;; T) char=t;; U) char=u;; V) char=v;; W) char=w;; X) char=x;; Y) char=y;; Z) char=z;; esac printf %s "$char" done printf " " done printf "\n" } # Strip any trailing dot from each name as a FQDN does not belong # in resolv.conf(5). # While DNS is not case sensitive, our labels for building the zones # are, so ensure it's lower case. process_domain() { for word in $(tolower "$@"); do printf "%s " "${word%.}" done printf "\n" } process_resolv() { while read -r keyword value; do for r in $replace; do k="${r%%/*}" r="${r#*/}" f="${r%%/*}" r="${r#*/}" v="${r%%/*}" case "$keyword" in $k) case "$value" in $f) value="$v";; esac ;; esac done val= for sub in $value; do for r in $replace_sub; do k="${r%%/*}" r="${r#*/}" f="${r%%/*}" r="${r#*/}" v="${r%%/*}" case "$keyword" in $k) case "$sub" in $f) sub="$v";; esac ;; esac done val="$val${val:+ }$sub" done case "$keyword" in \#) case "$val" in "resolv.conf from "*) ;; *) continue;; esac ;; \#*) continue;; esac case "$keyword" in domain|search) val="$(process_domain $val)";; esac printf "%s %s\n" "$keyword" "$val" done } make_vars() { # Clear variables DOMAIN= DOMAINS= SEARCH= NAMESERVERS= LOCALNAMESERVERS= if [ -n "${name_servers}${search_domains}" ]; then eval "$(echo_prepend | parse_resolv)" fi if [ -z "$VFLAG" ]; then eval "$(list_resolv -L "$@" | process_resolv | parse_resolv)" fi if [ -n "${name_servers_append}${search_domains_append}" ]; then eval "$(echo_append | parse_resolv)" fi # Ensure that we only list each domain once newdomains= for d in $DOMAINS; do dn="${d%%:*}" list_remove domain_blacklist "$dn" >/dev/null || continue case " $newdomains" in *" ${dn}:"*) continue;; esac newns= for nd in $DOMAINS; do if [ "$dn" = "${nd%%:*}" ]; then ns="${nd#*:}" while [ -n "$ns" ]; do case ",$newns," in *,${ns%%,*},*) ;; *) list_remove name_server_blacklist \ "${ns%%,*}" >/dev/null \ && newns="$newns${newns:+,}${ns%%,*}";; esac [ "$ns" = "${ns#*,}" ] && break ns="${ns#*,}" done fi done if [ -n "$newns" ]; then newdomains="$newdomains${newdomains:+ }$dn:$newns" fi done DOMAIN="$(list_remove domain_blacklist $DOMAIN)" SEARCH="$(uniqify $SEARCH)" SEARCH="$(list_remove domain_blacklist $SEARCH)" NAMESERVERS="$(uniqify $NAMESERVERS)" NAMESERVERS="$(list_remove name_server_blacklist $NAMESERVERS)" LOCALNAMESERVERS="$(uniqify $LOCALNAMESERVERS)" LOCALNAMESERVERS="$(list_remove name_server_blacklist $LOCALNAMESERVERS)" echo "DOMAIN='$DOMAIN'" echo "SEARCH='$SEARCH'" echo "NAMESERVERS='$NAMESERVERS'" echo "LOCALNAMESERVERS='$LOCALNAMESERVERS'" echo "DOMAINS='$newdomains'" } force=false LFLAG= VFLAG= while getopts a:C:c:Dd:fhIiLlm:pRruvVx OPT; do case "$OPT" in f) force=true;; h) usage;; m) IF_METRIC="$OPTARG";; p) if [ "$IF_PRIVATE" = 1 ]; then IF_NOSEARCH=1 else IF_PRIVATE=1 fi ;; V) VFLAG=1 if [ "$local_nameservers" = \ "127.* 0.0.0.0 255.255.255.255 ::1" ] then local_nameservers= fi ;; x) IF_EXCLUSIVE=1;; '?') exit 1;; *) [ "$OPT" != L ] || LFLAG=1 cmd="$OPT"; key="$OPTARG";; esac done shift $(($OPTIND - 1)) if [ -n "$key" ]; then set -- "$key" "$@" fi if [ -z "$cmd" ]; then if [ "$IF_PRIVATE" = 1 ]; then cmd=p elif [ "$IF_EXCLUSIVE" = 1 ]; then cmd=x fi fi # -I inits the state dir if [ "$cmd" = I ]; then if [ -d "$VARDIR" ]; then rm -rf "$VARDIR"/* fi exit $? fi # -D ensures that the listed config file base dirs exist if [ "$cmd" = D ]; then config_mkdirs "$@" exit $? fi # -i lists which keys have a resolv file if [ "$cmd" = i ]; then # If the -L modifier is given, the list is post-processed if [ "$LFLAG" = 1 ]; then cmd="L" fi list_keys "-$cmd" "$@" exit $? fi # -l lists our resolv files, optionally for a specific key if [ "$cmd" = l ]; then list_resolv "-$cmd" "$@" exit $? fi # -L is the same as -l, but post-processed from our config if [ "$cmd" = L ]; then list_resolv "-$cmd" "$@" | process_resolv exit $? fi if [ "$cmd" = p ]; then if [ "$IF_NOSEARCH" = 1 ]; then list_nosearch "$@" else list_private "$@" fi exit $? fi if [ "$cmd" = x ]; then list_exclusive "$@" exit $? fi # Restart a service or echo the command to restart a service if [ "$cmd" = r ] || [ "$cmd" = R ]; then detect_init || exit 1 if [ "$cmd" = r ]; then eval "$RESTARTCMD" else echo "$RESTARTCMD" | sed -e '/^$/d' -e 's/^ //g' fi exit $? fi # Not normally needed, but subscribers should be able to run independently if [ "$cmd" = v ] || [ -n "$VFLAG" ]; then make_vars "$@" exit $? fi # Test that we have valid options case "$cmd" in a|d|C|c) if [ -z "$key" ]; then error_exit "Key not specified" fi ;; u) ;; *) if [ -n "$cmd" ] && [ "$cmd" != h ]; then error_exit "Unknown option $cmd" fi usage ;; esac if [ "$cmd" = a ]; then for x in '/' \\ ' ' '*'; do case "$iface" in *[$x]*) error_exit "$x not allowed in key name";; esac done for x in '.' '-' '~'; do case "$iface" in [$x]*) error_exit \ "$x not allowed at start of key name";; esac done [ "$cmd" = a ] && [ -t 0 ] && error_exit "No file given via stdin" fi if [ ! -d "$VARDIR" ]; then if [ -L "$VARDIR" ]; then dir="$(readlink "$VARDIR")" # link maybe relative cd "${VARDIR%/*}" if ! mkdir -m 0755 -p "$dir"; then error_exit "Failed to create needed" \ "directory $dir" fi else if ! mkdir -m 0755 -p "$VARDIR"; then error_exit "Failed to create needed" \ "directory $VARDIR" fi fi fi if [ ! -d "$KEYDIR" ]; then mkdir -m 0755 -p "$KEYDIR" || \ error_exit "Failed to create needed directory $KEYDIR" if [ "$cmd" = d ]; then # Provide the same error messages as below if ! ${force}; then cd "$KEYDIR" for i in $@; do warn "No resolv.conf for key $i" done fi ${force} exit $? fi fi # A key was added, changed, deleted or a general update was called. # Due to exclusivity we need to ensure that this is an atomic operation. # Our subscribers *may* need this as well if the init system is sub par. # As such we spinlock at this point as best we can. # We don't use flock(1) because it's not widely available and normally resides # in /usr which we do our very best to operate without. [ -w "$VARDIR" ] || error_exit "Cannot write to $LOCKDIR" : ${lock_timeout:=10} : ${clear_nopids:=5} have_pid=false had_pid=false while true; do if mkdir "$LOCKDIR" 2>/dev/null; then trap 'rm -rf "$LOCKDIR";' EXIT trap 'rm -rf "$LOCKDIR"; exit 1' INT QUIT ABRT SEGV ALRM TERM echo $$ >"$LOCKDIR/pid" break fi pid=$(cat "$LOCKDIR/pid" 2>/dev/null) if [ "$pid" -gt 0 ] 2>/dev/null; then have_pid=true had_pid=true else have_pid=false clear_nopids=$(($clear_nopids - 1)) if [ "$clear_nopids" -le 0 ]; then warn "not seen a pid, clearing lock directory" rm -rf "$LOCKDIR" else lock_timeout=$(($lock_timeout - 1)) sleep 1 fi continue fi if $have_pid && ! kill -0 "$pid"; then warn "clearing stale lock pid $pid" rm -rf "$LOCKDIR" continue fi lock_timeout=$(($lock_timeout - 1)) if [ "$lock_timeout" -le 0 ]; then if $have_pid; then error_exit "timed out waiting for lock from pid $pid" else if $had_pid; then error_exit "timed out waiting for lock" \ "from some pids" else error_exit "timed out waiting for lock" fi fi fi sleep 1 done unset have_pid had_pid clear_nopids case "$cmd" in a) # Read resolv.conf from stdin resolv="$(cat)" changed=false changedfile=false # If what we are given matches what we have, then do nothing if [ -e "$KEYDIR/$key" ]; then if [ "$(echo "$resolv")" != \ "$(cat "$KEYDIR/$key")" ] then changed=true changedfile=true fi else changed=true changedfile=true fi # Set metric and private before creating the resolv.conf file # to ensure that it will have the correct flags [ ! -d "$METRICDIR" ] && mkdir "$METRICDIR" oldmetric="$METRICDIR/"*" $key" newmetric= if [ -n "$IF_METRIC" ]; then # Pad metric to 6 characters, so 5 is less than 10 while [ ${#IF_METRIC} -le 6 ]; do IF_METRIC="0$IF_METRIC" done newmetric="$METRICDIR/$IF_METRIC $key" fi rm -f "$METRICDIR/"*" $key" [ "$oldmetric" != "$newmetric" ] && [ "$oldmetric" != "$METRICDIR/* $key" ] && changed=true [ -n "$newmetric" ] && echo " " >"$newmetric" case "$IF_PRIVATE" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ ! -d "$PRIVATEDIR" ]; then [ -e "$PRIVATEDIR" ] && rm "$PRIVATEDIR" mkdir "$PRIVATEDIR" fi [ -e "$PRIVATEDIR/$key" ] || changed=true [ -d "$PRIVATEDIR" ] && echo " " >"$PRIVATEDIR/$key" ;; *) if [ -e "$PRIVATEDIR/$key" ]; then rm -f "$PRIVATEDIR/$key" changed=true fi ;; esac case "$IF_NOSEARCH" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ ! -d "$NOSEARCHDIR" ]; then [ -e "$NOSEARCHDIR" ] && rm "$NOSEARCHDIR" mkdir "$NOSEARCHDIR" fi [ -e "$NOSEARCHDIR/$key" ] || changed=true [ -d "$NOSEARCHDIR" ] && echo " " >"$NOSEARCHDIR/$key" ;; *) if [ -e "$NOSEARCHDIR/$key" ]; then rm -f "$NOSEARCHDIR/$key" changed=true fi ;; esac set +x oldexcl= for x in "$EXCLUSIVEDIR/"*" $key"; do if [ -f "$x" ]; then oldexcl="$x" break fi done case "$IF_EXCLUSIVE" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ ! -d "$EXCLUSIVEDIR" ]; then [ -e "$EXCLUSIVEDIR" ] && rm "$EXCLUSIVEDIR" mkdir "$EXCLUSIVEDIR" fi cd "$EXCLUSIVEDIR" for x in *; do [ -f "$x" ] && break done if [ "${x#* }" != "$key" ]; then if [ "$x" = "${x% *}" ]; then x=10000000 else x="${x% *}" fi if [ "$x" = "0000000" ]; then warn "exclusive underflow" else x=$(($x - 1)) fi if [ -d "$EXCLUSIVEDIR" ]; then echo " " >"$EXCLUSIVEDIR/$x $key" fi changed=true fi ;; *) if [ -f "$oldexcl" ]; then rm -f "$oldexcl" changed=true fi ;; esac if $changedfile; then printf "%s\n" "$resolv" >"$KEYDIR/$key" || exit $? elif ! $changed; then exit 0 fi unset changed changedfile oldmetric newmetric x oldexcl ;; d) # Delete any existing information about the key cd "$KEYDIR" changed=false for i in $@; do if [ -e "$i" ]; then changed=true elif ! ${force}; then warn "No resolv.conf for key $i" fi rm -f "$i" "$METRICDIR/"*" $i" \ "$PRIVATEDIR/$i" \ "$EXCLUSIVEDIR/"*" $i" || exit $? done if ! $changed; then # Set the return code based on the forced flag $force exit $? fi unset changed i ;; C) # Mark key as deprecated [ ! -d "$DEPRECATEDDIR" ] && mkdir "$DEPRECATEDDIR" cd "$DEPRECATEDDIR" changed=false for i in $@; do if [ ! -e "$i" ]; then changed=true echo " " >"$i" || exit $? fi done $changed || exit 0 unset changed i ;; c) # Mark key as active if [ -d "$DEPRECATEDDIR" ]; then cd "$DEPRECATEDDIR" changed=false for i in $@; do if [ -e "$i" ]; then changed=true rm "$i" || exit $? fi done $changed || exit 0 unset changed i fi ;; esac case "${resolvconf:-YES}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;; *) exit 0;; esac # Try and detect a suitable init system for our scripts detect_init export RESTARTCMD RCDIR _NOINIT_WARNED eval "$(make_vars)" export RESOLVCONF DOMAINS SEARCH NAMESERVERS LOCALNAMESERVERS : ${list_resolv:=list_resolv -L} retval=0 # Run scripts in the same directory resolvconf is run from # in case any scripts accidentally dump files in the wrong place. cd "$_PWD" for script in "$LIBEXECDIR"/*; do if [ -f "$script" ]; then script_var="${script##*/}" while [ "${script_var%%-*}" != "$script_var" ]; do script_var="${script_var%%-*}_${script_var#*-}" done eval script_enabled="\$$script_var" case "${script_enabled:-YES}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;; *) continue;; esac if [ -x "$script" ]; then "$script" "$cmd" "$key" else (set -- "$cmd" "$key"; . "$script") fi retval=$(($retval + $?)) fi done exit $retval NetworkConfiguration-openresolv-1db84a0/resolvectl.in000066400000000000000000000124511501073167200232110ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2025 Roy Marples # All rights reserved # resolvectl subscriber for resolvconf # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 case "${resolvectl:-NO}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;; *) exit 0;; esac # If we don't have resolvectl or systemd-resolved isn't running then # we can't do much. # We can't persist our data in /run/systemd/resolve/netif/$ifindex # because systemd-resolved keeps it somehow, ie we can't change it # once we have inserted it if ! [ -d /sys/class/net ] || \ ! type resolvectl >/dev/null 2>&1 || \ ! pidof systemd-resolved >/dev/null then exit 1 fi # resolvectl only accepts resolv.conf setup per physical interface # although resolvconf has always hinted that the named configuration # should be $interface.$protocol, this has never been a fixed requirement. # Because resolvectl only accepts one configuration per interface we need # to try and merge the resolv.conf's together. # Luckily resolvconf makes this easy for us. # Returns a list of resolvconf entries for a real interface function get_resolvconf_interfaces() { IFACE="$1" [ -d /sys/class/net/"$IFACE" ] || return 1 IFACES= for IFACE_PROTO in $(@SBINDIR@/resolvconf -Li "$IFACE" "$IFACE.*" 2>/dev/null); do # ens5 will work with ens5.dhcp and ens5.ra, # but not ens5.5 or ens5.5.dhcp if [ "$IFACE_PROTO" != "$IFACE" ]; then # Ensure that ens5.5.dhcp doesn't work for ens5 if [ "${IFACE_PROTO%.*}" != "$IFACE" ]; then continue fi # Ensure that ens5.dhcp isn't a real interface # as ens5.5 likely is and the .5 matches the .dhcp if [ -d /sys/class/net/"$IFACE_PROTO" ]; then continue fi fi IFACES="$IFACES${IFACES:+ }$IFACE_PROTO" done echo "$IFACES" } # For the given interface, apply a list of resolvconf entries function apply_resolvconf() { IFACE="$1" shift if [ -z "$1" ]; then resolvectl revert "$IFACE" return fi # Set the default-route property first to avoid leakage. # If any entry is private, the whole interface has to be private. # If a more granular approach is needed, consider using the # systemd-resolved subscriber instead which supports DNS delegates. if [ -n "$(@SBINDIR@/resolvconf -p $@)" ]; then resolvectl default-route "$IFACE" false else resolvectl default-route "$IFACE" true fi # Now set domain and dns DOMAIN=$(@SBINDIR@/resolvconf -L $@ 2>/dev/null | sed -n -e "s/domain //p" -e "s/search //p") NS=$(@SBINDIR@/resolvconf -L $@ 2>/dev/null | sed -n -e "s/nameserver //p") if [ -n "$DOMAIN" ]; then # If any entry is marked as not searchable, we mark all the # domains as non searchable. # If a more granular approach is needed, consider using the # systemd-resolved subscriber instead which supports DNS delegates. if [ -n "$(@SBINDIR@/resolvconf -pp $@)" ]; then ND= for d in $DOMAIN; do ND="$ND${ND:+ }~$d" done DOMAIN="$ND" fi resolvectl domain "$IFACE" $DOMAIN else resolvectl domain "$IFACE" "" fi if [ -n "$NS" ]; then resolvectl dns "$IFACE" $NS else resolvectl dns "$IFACE" "" fi } # To get the full features of resolvconf, we need to work out each interface # for every resolvconf addition and deletion # This is because resolvconf.conf might have changed OR an exclusive # interface deleted which makes other interfaces visible. cd /sys/class/net for IFACE in *; do if [ "$IFACE" = lo ]; then # systemd-resolved doesn't work with lo continue fi IFACES=$(get_resolvconf_interfaces "$IFACE") apply_resolvconf "$IFACE" $IFACES done # warn about resolv.conf with no matching interface FAILED= for IFACE_PROTO in $(@SBINDIR@/resolvconf -Li); do IFACE="${IFACE_PROTO%.*}" if [ "$IFACE" = lo ]; then # Don't warn about loopback interface as that is typically # used to configure libc for a nameserver on it and the libc # subscriber will process that just fine. continue fi if ! [ -d "/sys/class/net/$IFACE" ]; then FAILED="$FAILED${FAILED:+ }$IFACE_PROTO" fi done if [ -n "$FAILED" ]; then echo "Could not apply resolv.conf to resolvectl: $FAILED" >&2 fi NetworkConfiguration-openresolv-1db84a0/systemd-resolved.in000066400000000000000000000061461501073167200243440ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2025 Roy Marples # All rights reserved # systemd-resolved subscriber for resolvconf # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 case "${systemd_resolved:-NO}" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) ;; *) exit 0;; esac [ -n "$RESOLVCONF" ] || eval "$(@SBINDIR@/resolvconf -v)" NL=" " : ${systemd_resolved_conf:=/run/systemd/resolved.conf.d/60-resolvconf.conf} : ${systemd_delegate_dir:=/run/systemd/dns-delegate.d} # Try to ensure that config dirs exist if command -v config_mkdirs >/dev/null 2>&1; then config_mkdirs "$systemd_resolved_conf" "$systemd_delegate_dir/x" else @SBINDIR@/resolvconf -D "$systemd_resolved_conf" "$systemd_delegate_dir/x" fi header="# Generated by resolvconf$NL" header="${header}$NL" header="${header}[Resolve]$NL" conf="$header" # We emit blank values to force them to reset on SIGHUP conf="${conf}DNS=$NAMESERVERS$NL" # Indicate these nameservers are for all domain lookups by using ~. conf="${conf}Domains=$SEARCH${NAMESERVERS:+ ~.}$NL" printf %s "$conf" >"$systemd_resolved_conf" # DNS Delegates requires https://github.com/systemd/systemd/pull/34368 rm -f "$systemd_delegate_dir/resolvconf-"*".dns-delegate" header="# Generated by resolvconf$NL" header="${header}$NL" header="${header}[Delegate]$NL" for d in $DOMAINS; do dn="${d%%:*}" ns="${d#*:}" dconf="${header}Domains=" search=false for sd in $SEARCH; do if [ "$sd" = "$dn" ]; then search=true break fi done if ! $search; then dconf="${dconf}~" fi dconf="${dconf}$dn$NL" dconf="${dconf}DNS=" while [ -n "$ns" ]; do dconf="$dconf${ns%%,*} " [ "$ns" = "${ns#*,}" ] && break ns="${ns#*,}" done dconf="$dconf$NL" printf %s "$dconf" >"$systemd_delegate_dir/resolvconf-$dn.dns-delegate" done pid=$(pidof systemd-resolved) if [ -n "$pid" ]; then kill -HUP $pid fi NetworkConfiguration-openresolv-1db84a0/unbound.in000066400000000000000000000071101501073167200224750ustar00rootroot00000000000000#!/bin/sh # Copyright (c) 2009-2023 Roy Marples # All rights reserved # unbound subscriber for resolvconf # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following # disclaimer in the documentation and/or other materials provided # with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. unbound_insecure= unbound_private= [ -f "@SYSCONFDIR@"/resolvconf.conf ] || exit 0 . "@SYSCONFDIR@/resolvconf.conf" || exit 1 [ -z "$unbound_conf" ] && exit 0 [ -z "$RESOLVCONF" ] && eval "$(@SBINDIR@/resolvconf -v)" NL=" " : ${unbound_pid:=/var/run/unbound.pid} : ${unbound_service:=unbound} newconf="# Generated by resolvconf$NL" for d in $DOMAINS; do dn="${d%%:*}" ns="${d#*:}" create_unbound_insecure=false create_unbound_private=false case "$unbound_insecure" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) create_unbound_insecure=true ;; esac case "$unbound_private" in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) create_unbound_private=true ;; esac if $create_unbound_insecure || $create_unbound_private; then newconf="$newconf${NL}server:$NL" if $create_unbound_insecure; then newconf="$newconf domain-insecure: \"$dn\"$NL" fi if $create_unbound_private; then newconf="$newconf private-domain: \"$dn\"$NL" fi fi newconf="$newconf${NL}forward-zone:$NL name: \"$dn\"$NL" if [ -n "$unbound_forward_zone_options" ]; then newconf="$newconf $unbound_forward_zone_options${NL}" fi while [ -n "$ns" ]; do newconf="$newconf forward-addr: ${ns%%,*}$NL" [ "$ns" = "${ns#*,}" ] && break ns="${ns#*,}" done done if [ -n "$NAMESERVERS" ]; then newconf="$newconf${NL}forward-zone:$NL name: \".\"$NL" if [ -n "$unbound_forward_zone_options" ]; then newconf="$newconf $unbound_forward_zone_options${NL}" fi for n in $NAMESERVERS; do newconf="$newconf forward-addr: $n$NL" done fi # Try to ensure that config dirs exist if command -v config_mkdirs >/dev/null 2>&1; then config_mkdirs "$unbound_conf" else @SBINDIR@/resolvconf -D "$unbound_conf" fi restart_unbound() { if [ -n "$unbound_restart" ]; then eval $unbound_restart elif [ -n "$RESTARTCMD" ]; then set -- ${unbound_service} eval "$RESTARTCMD" else @SBINDIR@/resolvconf -r ${unbound_service} fi } if [ ! -f "$unbound_conf" ] || \ [ "$(cat "$unbound_conf")" != "$(printf %s "$newconf")" ] then printf %s "$newconf" >"$unbound_conf" # If we can't sent a HUP then force a restart if [ -s "$unbound_pid" ]; then if ! kill -HUP $(cat "$unbound_pid") 2>/dev/null; then restart_unbound fi else restart_unbound fi fi