resolved: use resolved's static resolv.conf #27144
Conversation
because it is upstream's recommended mode of operation: https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
florianjacob
force-pushed
the
resolvconf-resolved-static
branch
from
aa8adc2 to
d8d2c25
Compare
|
@0xABAB comment added, thank you. 👍 |
| "resolv.conf".source = "/run/systemd/resolve/resolv.conf"; | ||
| # symlink the static version of resolv.conf as recommended by upstream: | ||
| # https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf | ||
| "resolv.conf".source = "${pkgs.systemd}/lib/systemd/resolv.conf"; |
There was a problem hiding this comment.
I fear this breaks some people's setup using openresolv and dhcpcd - and enforce the use of systemd-networkd. I think resolved will longer be able pick up dynamic dns servers this way (note that the service behaves differently depending on the existence of this symlink). This module becomes really tricky.
There was a problem hiding this comment.
If I didn't miss anything (still a NixOS newbie!):
I don't think my commit changes the current situation and therefore should not break any setups: On NixOS, resolved can't be used currently with programs like openresolv that will try to modify /etc/resolv.conf themselves.
More details (as I think to understand them): Currently, resolved.enable also means that /etc/resolv.conf will be managed by resolved. This means that resolved can't be used in conjunction with other programs that dynamically try to add DNS servers to /etc/resolv.conf or try to manage that file themselves. Aside from openresolv, that's also the case for stuff like NetworkManager.
resolved actually could support /etc/resov.conf being managed by something else by not getting a symlink from /etc/resolv.conf to anything from systemd-resolved. But I don't think there's any option for this in current NixOS.
Programs can also let resolved manage /etc/resolv.conf and use resolved's dbus API to dynamically add DNS servers. Some programs support this, e.g. I created #27142 to make that possible for NetworkManager on NixOS, and therefore make it possible to run NetworkManager and resolved in conjunction on NixOS. They work regardless of whether the static or the dynamic symlink is used.
There was a problem hiding this comment.
An option for not symlinking /etc/resolv.conf at all could be added, but I don't see an easy way to do this, it would need a list of programs that can manage resolv.conf or so, so that resolved's symlink creation can be skipped…
|
@florianjacob Thanks. It's unfortunate that @Mic92 has several concerns, which might be legitimate. I suppose you could write some tests for the setups described by @Mic92 and then show that it still works. AFAIK, these tests run before a release. Alternatively, @Mic92 could give a specific set of requirements to get this in. If @Mic92 can't give more specific requirements, try the mailinglist. If the properties on which the networking configurations described by @Mic92 do not follow from NixOS documentation, I am in favor of breaking them, because this provides incentives for stakeholders to write documentation and tests. |
because it is upstream's recommended mode of operation:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
Motivation for this change
This allows systemd-resolved to intercept programs that don't use
/etc/nsswitch.confbut/etc/resolv.confdirectly, to inject records like the virtualgatewayhost or hostnames from LLMNR / MulticastDNS.Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)