Contributed by rueda on from the dhcplease-resolv-me dept.
Florian Obser (florian@
) has enabled
dhcpleased(8)
and
resolvd(8)
[on both of which we
reported
earlier]
in base.
The commits are,
CVSROOT: /cvs Module name: src Changes by: florian@cvs.openbsd.org 2021/07/16 09:21:41 Modified files: etc : netstart rc.conf Log message: switch to dhcpleased/resolvd in base OK deraadt
in the ramdisk,
CVSROOT: /cvs Module name: src Changes by: florian@cvs.openbsd.org 2021/07/16 09:24:09 Modified files: distrib/alpha/miniroot: list distrib/amd64/ramdisk_cd: list distrib/arm64/ramdisk: list distrib/armv7/ramdisk: list distrib/hppa/ramdisk: list distrib/i386/ramdisk: list distrib/i386/ramdisk_cd: list distrib/landisk/ramdisk: list distrib/loongson/ramdisk: list distrib/luna88k/ramdisk: list distrib/macppc/ramdisk: list distrib/octeon/ramdisk: list distrib/powerpc64/ramdisk: list distrib/riscv64/ramdisk: list distrib/sparc64/miniroot: list Log message: Replace dhclient with dhcpleased/resolvd on the ramdisk. OK deraadt who also helped making some space.
and in the installer:
CVSROOT: /cvs Module name: src Changes by: florian@cvs.openbsd.org 2021/07/16 09:25:31 Modified files: distrib/miniroot: install.sub Log message: Switch from dhclient to dhcpleased in the installer. More cleanup is needed from a real ksh hacker, but looks already pretty good to kn. OK deraadt
In a
reply
on misc@, Theo de Raadt (deraadt@
)
explained some of the rationale:
[…] We are moving from a model where dhclient on 1 interface believes it is MASTER of /etc/resolv.conf and a bunch of system aspects, and the userbase is familiar with a pile of hacky control knobs in dhclient.conf. Towards a model where multiple interfaces + unwind can advertise their DNS resolution abilities to resolvd, which then sorts the offers and maintains a configuration. dhclient will remain available for people who want that old model, but I suspect they will encounter increasing difficulty sticking to it. Because the default configuration is changing. […]
(Comments are closed)
By n/a (Cabal) on
Just to be clear, after reading the email thread, is there currently no way to override ISP-supplied DNS servers?
If so, I hope this functionality is added soon. That's pretty much required for gateway/firewall usage when providing DNS resolution for internal clients.
Comments
By Anonymous Coward (fish) on
They can be overriden, it depends how you want to do it:
To completely ignore the ISP's DNS nameservers from dhcpleased(8) and slaacd(8), disable resolvd(8) and add custom nameservers to resolv.conf(5) manually.
To try using custom DNS nameservers but fall back to the ISP's if they are too slow or unreachable, enable unwind(8) and edit unwind.conf(5) to add "forwarder"s and "preference { forwarder ... }".
For any other setup, disable dhcpleased(8) and resolvd(8) and enable dhclient(8) by adding "!dhclient \$if" to hostname.if(5).
By 0x7f (0x7f) andreicek@0x7f.dev on https://0x7f.dev
Great news!