dhcpleased(8) and resolvd(8) enabled in base, replacing dhclient(8)

Contributed by rueda on from the dhcplease-resolv-me dept.

Florian Obser (florian@) has enabled dhcpleased(8) and resolvd(8) [on both of which we reported earlier] in base.

The commits are,
Module name:	src
Changes by:	2021/07/16 09:21:41

Modified files:
	etc            : netstart rc.conf 

Log message:
switch to dhcpleased/resolvd in base
OK deraadt

in the ramdisk,

Module name:	src
Changes by:	2021/07/16 09:24:09

Modified files:
	distrib/alpha/miniroot: list 
	distrib/amd64/ramdisk_cd: list 
	distrib/arm64/ramdisk: list 
	distrib/armv7/ramdisk: list 
	distrib/hppa/ramdisk: list 
	distrib/i386/ramdisk: list 
	distrib/i386/ramdisk_cd: list 
	distrib/landisk/ramdisk: list 
	distrib/loongson/ramdisk: list 
	distrib/luna88k/ramdisk: list 
	distrib/macppc/ramdisk: list 
	distrib/octeon/ramdisk: list 
	distrib/powerpc64/ramdisk: list 
	distrib/riscv64/ramdisk: list 
	distrib/sparc64/miniroot: list 

Log message:
Replace dhclient with dhcpleased/resolvd on the ramdisk.
OK deraadt who also helped making some space.

and in the installer:

Module name:	src
Changes by:	2021/07/16 09:25:31

Modified files:
	distrib/miniroot: install.sub 

Log message:
Switch from dhclient to dhcpleased in the installer.
More cleanup is needed from a real ksh hacker, but looks already
pretty good to kn.

OK deraadt

In a reply on misc@, Theo de Raadt (deraadt@) explained some of the rationale:

We are moving from a model where dhclient on 1 interface believes it is
MASTER of /etc/resolv.conf and a bunch of system aspects, and the
userbase is familiar with a pile of hacky control knobs in

Towards a model where multiple interfaces + unwind can advertise their
DNS resolution abilities to resolvd, which then sorts the offers and
maintains a configuration.

dhclient will remain available for people who want that old model, but I
suspect they will encounter increasing difficulty sticking to it.

Because the default configuration is changing.

  1. By n/a (Cabal) on

    Just to be clear, after reading the email thread, is there currently no way to override ISP-supplied DNS servers?

    If so, I hope this functionality is added soon. That's pretty much required for gateway/firewall usage when providing DNS resolution for internal clients.

    1. By Anonymous Coward (fish) on

      They can be overriden, it depends how you want to do it:
      To completely ignore the ISP's DNS nameservers from dhcpleased(8) and slaacd(8), disable resolvd(8) and add custom nameservers to resolv.conf(5) manually.
      To try using custom DNS nameservers but fall back to the ISP's if they are too slow or unreachable, enable unwind(8) and edit unwind.conf(5) to add "forwarder"s and "preference { forwarder ... }".
      For any other setup, disable dhcpleased(8) and resolvd(8) and enable dhclient(8) by adding "!dhclient \$if" to hostname.if(5).

  2. By 0x7f (0x7f) on

    Great news!


