OpenBSD Journal

dhcpleased(8) and resolvd(8) enabled in base, replacing dhclient(8)

Contributed by rueda on from the dhcplease-resolv-me dept.

Florian Obser (florian@) has enabled dhcpleased(8) and resolvd(8) [on both of which we reported earlier] in base.


The commits are,
CVSROOT:	/cvs
Module name:	src
Changes by:	florian@cvs.openbsd.org	2021/07/16 09:21:41

Modified files:
	etc            : netstart rc.conf 

Log message:
switch to dhcpleased/resolvd in base
OK deraadt

in the ramdisk,

CVSROOT:	/cvs
Module name:	src
Changes by:	florian@cvs.openbsd.org	2021/07/16 09:24:09

Modified files:
	distrib/alpha/miniroot: list 
	distrib/amd64/ramdisk_cd: list 
	distrib/arm64/ramdisk: list 
	distrib/armv7/ramdisk: list 
	distrib/hppa/ramdisk: list 
	distrib/i386/ramdisk: list 
	distrib/i386/ramdisk_cd: list 
	distrib/landisk/ramdisk: list 
	distrib/loongson/ramdisk: list 
	distrib/luna88k/ramdisk: list 
	distrib/macppc/ramdisk: list 
	distrib/octeon/ramdisk: list 
	distrib/powerpc64/ramdisk: list 
	distrib/riscv64/ramdisk: list 
	distrib/sparc64/miniroot: list 

Log message:
Replace dhclient with dhcpleased/resolvd on the ramdisk.
OK deraadt who also helped making some space.

and in the installer:

CVSROOT:	/cvs
Module name:	src
Changes by:	florian@cvs.openbsd.org	2021/07/16 09:25:31

Modified files:
	distrib/miniroot: install.sub 

Log message:
Switch from dhclient to dhcpleased in the installer.
More cleanup is needed from a real ksh hacker, but looks already
pretty good to kn.

OK deraadt

In a reply on misc@, Theo de Raadt (deraadt@) explained some of the rationale:

[…]
We are moving from a model where dhclient on 1 interface believes it is
MASTER of /etc/resolv.conf and a bunch of system aspects, and the
userbase is familiar with a pile of hacky control knobs in
dhclient.conf.

Towards a model where multiple interfaces + unwind can advertise their
DNS resolution abilities to resolvd, which then sorts the offers and
maintains a configuration.

dhclient will remain available for people who want that old model, but I
suspect they will encounter increasing difficulty sticking to it.

Because the default configuration is changing.
[…]

Comments
  1. By n/a (Cabal) on

    Just to be clear, after reading the email thread, is there currently no way to override ISP-supplied DNS servers?

    If so, I hope this functionality is added soon. That's pretty much required for gateway/firewall usage when providing DNS resolution for internal clients.

    Comments
    1. By Anonymous Coward (fish) on

      They can be overriden, it depends how you want to do it:
      To completely ignore the ISP's DNS nameservers from dhcpleased(8) and slaacd(8), disable resolvd(8) and add custom nameservers to resolv.conf(5) manually.
      To try using custom DNS nameservers but fall back to the ISP's if they are too slow or unreachable, enable unwind(8) and edit unwind.conf(5) to add "forwarder"s and "preference { forwarder ... }".
      For any other setup, disable dhcpleased(8) and resolvd(8) and enable dhclient(8) by adding "!dhclient \$if" to hostname.if(5).

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]