RDNSS daemon and dhclient concurrent to /etc/resolv.conf
Roy Marples
roy at marples.name
Sun Nov 11 09:24:48 UTC 2007
On Thu, 2007-11-08 at 08:06 +0100, Pierre Ynard wrote:
> The recently published RFC5006 defines a new mechanism in IPv6
> stateless autoconfiguration, to acquire DNS configuration information,
> namely the Recursive DNS Servers (RDNSS) option. Kernel-side support
> will be included in Linux 2.6.24, and we are currently working on a
> complementary user-space daemon.
>
> The role of the daemon is to receive nameserver information, and
> subsequently update /etc/resolv.conf. Obviously, it would modify
> /etc/resolv.conf in a way directly concurrent with other daemons,
> especially IPv4 DHCP clients.
>
> Our approach is to generate our own resolver file, typically
> /var/run/rdnssd/resolv.conf, and call an external hook to merge RDNSS
> nameservers with existing configuration from other sources. We have been
> thinking about best ways to coexist system-wide with other daemons; one
> of them could be that such daemons, instead of directly overwriting
> /etc/resolv.conf, allow the use of an external, "central" script
> responsible for this.
This is why resolvconf was created [1]. Debian has it, Gentoo has it's
own variant of it which I wrote, and I'm now working on a version
suitable for the BSDs based on this. You can get the current sources for
that here [2] if you want to play around with it.
Basically it accepts multiple resolv.conf files and then uses them to
make the real /etc/resolv.conf. All Gentoo DHCPv4 clients (including
dhclient) and OpenVPN have been patched to work with resovlconf. I'm
sure more Debian programs have been patched in a similar way. Also,
several upstream programs now use resolvconf by default if present.
However, with the Gentoo variant we do differ slightly from the Debian
one. Basically if we have both "domain" and "search" directives then we
configure the name server to only send queries for the "domain" to the
nameservers specified by that resolv.conf. This works very well for VPN
situations, in my case my home network is secured by the VPN and as such
all queries go via the DNS server as defined by the VPN but when I'm on
the road only queries for *.marples.name go to it.
Thanks
Roy
[1] http://lists.debian.org/debian-devel/2003/07/msg00438.html
[2] http://git.marples.name/?p=openresolv/.git
More information about the dhcp-hackers
mailing list