dns: write original DNS servers to /var/run/NetworkManager/no-stub-resolv.conf

When a DNS plugin is enabled (like "main.dns=dnsmasq" or "main.dns=systemd-resolved"), the name servers announced to the rc-manager are coerced to be 127.0.0.1 or 127.0.0.53. Depending on the "main.rc-manager" setting, also "/etc/resolv.conf" contains only this coerced name server to the local caching service. The same is true for "/var/run/NetworkManager/resolv.conf" file, which contains what we would write to "/etc/resolv.conf" (depending on the "main.rc-manager" configuration). Write a new file "/var/run/NetworkManager/no-stub-resolv.conf", which contains the original name servers, uncoerced. Like "/var/run/NetworkManager/resolv.conf", this file is always written. The effect is, when one enables "main.dns=systemd-resolved", then there is still a file "no-stub-resolv.conf" with the same content as with "main.dns=default". The no-stub-resolv.conf may be a possible solution, when a user wants NetworkManager to update systemd-resolved, but still have a regular /etc/resolv.conf [1]. For that, the user could configure [main] dns=systemd-resolved rc-manager=unmanaged and symlink "/etc/resolv.conf" to "/var/run/NetworkManager/no-stub-resolv.conf". This is not necessarily the only solution for the problem and does not preclude options for updating systemd-resolved in combination with other DNS plugins. [1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/20
2026-02-03 13:40:39 +01:00 · 2018-09-12 21:16:34 +02:00 · 2018-09-12 21:16:34 +02:00 · 0dc673f0a5
commit 0dc673f0a5
parent 95b006c244
2 changed files with 42 additions and 5 deletions
--- a/man/NetworkManager.conf.xml
+++ b/man/NetworkManager.conf.xml
@ -331,15 +331,23 @@ no-auto-default=*
        after some time. This behavior can be modified passing the
        'all-servers' or 'strict-order' options to dnsmasq (see the
        manual page for more details).</para>
+        <para><literal>systemd-resolved</literal>: NetworkManager will
+        push the DNS configuration to systemd-resolved</para>
        <para><literal>unbound</literal>: NetworkManager will talk
        to unbound and dnssec-triggerd, providing a "split DNS"
        configuration with DNSSEC support. <filename>/etc/resolv.conf</filename>
        will be managed by dnssec-trigger daemon.</para>
-        <para><literal>systemd-resolved</literal>: NetworkManager will
-        push the DNS configuration to systemd-resolved</para>
        <para><literal>none</literal>: NetworkManager will not
        modify resolv.conf. This implies
        <literal>rc-manager</literal>&nbsp;<literal>unmanaged</literal></para>
+
+        <para>Note that the plugins <literal>dnsmasq</literal>, <literal>systemd-resolved</literal>
+        and <literal>unbound</literal> are caching local nameservers.
+        Hence, when NetworkManager writes <filename>&nmrundir;/resolv.conf</filename>
+        and <filename>/etc/resolv.conf</filename> (according to <literal>rc-manager</literal>
+        setting below), the name server there will be localhost only.
+        NetworkManager also writes a file <filename>&nmrundir;/no-stub-resolv.conf</filename>
+        that contains the original name servers pushed to the DNS plugin.</para>
        </listitem>
      </varlistentry>

--- a/src/dns/nm-dns-manager.c
+++ b/src/dns/nm-dns-manager.c
@ -744,9 +744,36 @@ _read_link_cached (const char *path, gboolean *is_cached, char **cached)
 	return (*cached = g_file_read_link (path, NULL));
 }

-#define MY_RESOLV_CONF NMRUNDIR "/resolv.conf"
-#define MY_RESOLV_CONF_TMP MY_RESOLV_CONF ".tmp"
-#define RESOLV_CONF_TMP "/etc/.resolv.conf.NetworkManager"
+#define MY_RESOLV_CONF             NMRUNDIR"/resolv.conf"
+#define MY_RESOLV_CONF_TMP         MY_RESOLV_CONF".tmp"
+#define RESOLV_CONF_TMP            "/etc/.resolv.conf.NetworkManager"
+
+#define NO_STUB_RESOLV_CONF        NMRUNDIR "/no-stub-resolv.conf"
+
+static void
+update_resolv_conf_no_stub (NMDnsManager *self,
+                            char **searches,
+                            char **nameservers,
+                            char **options)
+{
+	gs_free char *content = NULL;
+	GError *local = NULL;
+
+	content = create_resolv_conf (searches, nameservers, options);
+
+	if (!g_file_set_contents (NO_STUB_RESOLV_CONF,
+	                          content,
+	                          -1,
+	                          &local)) {
+		_LOGD ("update-resolv-no-stub: failure to write file: %s",
+		       local->message);
+		g_error_free (local);
+		return;
+	}
+
+	_LOGT ("update-resolv-no-stub: '%s' successfully written",
+	       NO_STUB_RESOLV_CONF);
+}

 static SpawnResult
 update_resolv_conf (NMDnsManager *self,
@ -1421,6 +1448,8 @@ update_dns (NMDnsManager *self,
 		;
 	}

+	update_resolv_conf_no_stub (self, searches, nameservers, options);
+
 	/* If caching was successful, we only send 127.0.0.1 to /etc/resolv.conf
 	 * to ensure that the glibc resolver doesn't try to round-robin nameservers,
 	 * but only uses the local caching nameserver.