Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/jirutka/connman-resolvconf

ConnMan integration with resolvconf(8)
https://github.com/jirutka/connman-resolvconf

connman openresolv resolvconf split-dns

Last synced: 8 months ago
JSON representation

ConnMan integration with resolvconf(8)

Awesome Lists containing this project

README 

          
= ConnMan–Resolvconf

:toc: macro

:toc-title:

:proj-name: connman-resolvconf

:gh-name: jirutka/{proj-name}

:bin-name: {proj-name}d

:version: 0.2.0

:releases-uri: https://github.com/{gh-name}/releases/download/v{version}

// Keep in sync with branch used in ci.yml.

:alpine-branch: v3.16

:alpine-pkgs-uri: https://pkgs.alpinelinux.org/packages?branch={alpine-branch}&name=

// Keep in sync with release used in ci.yml.

:ubuntu-release: 20.04

:ubuntu-pkgs-uri: https://packages.ubuntu.com/focal

:ConnMan: https://git.kernel.org/pub/scm/network/connman/connman.git/about/[ConnMan]



ifdef::env-github[]

image:https://github.com/{gh-name}/workflows/CI/badge.svg[CI Workflow, link=https://github.com/{gh-name}/actions?query=workflow%3A%22CI%22]

image:https://repology.org/badge/tiny-repos/{proj-name}.svg[Packaging status, link=https://repology.org/project/{proj-name}]

endif::env-github[]



A daemon that integrates {ConnMan} with https://en.wikipedia.org/wiki/Resolvconf[resolvconf(8)].

It listens on D-Bus and calls `resolvconf` with new DNS information (nameservers and domain search) when a network service is connected, disconnected or updated.



[discrete]

== Table of Contents



toc::[]



== Requirements



.*Runtime*:

* UNIX-like system _(tested on Linux only)_

* https://www.freedesktop.org/wiki/Software/dbus/[D-Bus] 1.6 or higher

* {ConnMan} _(tested with 1.40+)_

* `resolvconf` from https://roy.marples.name/projects/openresolv/[openresolv] or Debian



.*Build*:

* https://www.rust-lang.org[Rust] stable toolchain _(tested with 1.60+)_

* `pkg-config`

* https://www.freedesktop.org/wiki/Software/dbus/[libdbus.so] 1.6 or higher (including headers, pkg-config file etc.)



== Installation



=== On Alpine Linux



If you’re using *Alpine Linux* v3.16 or later, you can install {alpine-pkgs-uri}{proj-name}[{proj-name}] package from the Alpine’s community repository:



[source, sh, subs="+attributes"]

apk add {proj-name}



=== On Arch Linux



If you’re using *Arch Linux*, you can install https://aur.archlinux.org/packages/{proj-name}[{proj-name}] package from https://aur.archlinux.org/[AUR]:



[source, sh, subs="+attributes"]

yay -S {proj-name}



Or use another AUR helper.



=== Using Pre-Built Binary



If your package manager doesn’t provide {proj-name}, you can use a pre-built binary.



You can choose either a statically linked (static) binary that should work on every Linux system (distro), or, if you’re using a sufficient recent GNU/libc-based distro (most major distros), a dynamically linked binary (see section <> for more information).



*Static*:

{releases-uri}/{proj-name}-{version}-x86_64-linux.tar.gz[[x86_64\]]

{releases-uri}/{proj-name}-{version}-aarch64-linux.tar.gz[[aarch64\]]

{nbsp}|{nbsp}

*GNU/libc*:

{releases-uri}/{proj-name}-{version}-x86_64-linux-gnu.tar.gz[[x86_64\]]

{releases-uri}/{proj-name}-{version}-aarch64-linux-gnu.tar.gz[[aarch64\]]

{releases-uri}/{proj-name}-{version}-armv7-linux-gnueabihf.tar.gz[[armv7\]]

{releases-uri}/{proj-name}-{version}-powerpc64le-linux-gnu.tar.gz[[ppc64le\]]



. Download, verify and extract the release tarball for your CPU architecture (pick the right link from the list above), for example:

+

[source, sh, subs="verbatim, attributes"]

----

curl -sSLO {releases-uri}/{proj-name}-{version}-x86_64-linux.tar.gz

curl -sSL {releases-uri}/checksums.txt | sha256sum -c --ignore-missing

tar -xzf {proj-name}-{version}-*.tar.gz

----



. Install `{bin-name}` somewhere on your `PATH`, e.g. `/usr/local/bin`:

+

[source, sh, subs="verbatim, attributes"]

install -D -m755 {proj-name}-{version}-*/{bin-name} /usr/local/bin/



=== From Source Tarball



[source, sh, subs="+attributes"]

----

wget https://github.com/{gh-name}/archive/v{version}/{proj-name}-{version}.tar.gz

tar -xzf {proj-name}-{version}.tar.gz

cd {proj-name}-{version}



cargo build --release --locked

install -D -m755 target/release/{bin-name} -t /usr/local/bin/

----



== Configuration



=== On Alpine Linux

:resolvconf-rundir: /run/resolvconf



==== Using dnsmasq

:resolvconf-dnsmasq-conf: {resolvconf-rundir}/dnsmasq-conf.conf

:resolvconf-dnsmasq-resolv: {resolvconf-rundir}/dnsmasq-resolv.conf



This section describes how to set up ConnMan with dnsmasq as a local caching resolver on Alpine Linux v3.16+.



. Install packages:

+

[source, sh]

----

apk add connman connman-resolvconf dnsmasq-dnssec openresolv

----



. Add/edit the following lines into _/etc/conf.d/connman_:

+

[source, sh]

----

# Additional arguments to pass to connmand.

command_args="--nodnsproxy"



# Let ConnMan write resolv.conf to /run/connman instead of /etc/resolv.conf.

# WARNING: This is a nasty workaround. start_pre shouldn't be normally

#  overridden in the config. There's a pending patch for ConnMan to get rid of

#  this workaround.

start_pre() {

	checkpath -q -d /run/connman

}

----



. Add/edit the following lines into _/etc/conf.d/dnsmasq_:

+

[source, sh, subs="+attributes"]

----

setup_command="my_setup_configs"



# Prepare configs that will be later generated by resolvconf(8).

my_setup_configs() {

	[ "$RC_SVCNAME" = dnsmasq ] || return 0



	checkpath -q -d {resolvconf-rundir} || return 1

	checkpath -q -f {resolvconf-dnsmasq-conf} || return 1



    if ! [ -f {resolvconf-dnsmasq-resolv} ]; then

	    checkpath -q -f {resolvconf-dnsmasq-resolv} || return 1

	    echo 'nameserver 1.1.1.1' >> {resolvconf-dnsmasq-resolv}

    fi

}

----



. Edit _/etc/dnsmasq.conf_ and apply the following changes: footnote:[I also highly recommended configuring DNSSEC validation, but that’s beyond the scope of this guide.]

+

[source, diff, subs="+attributes"]

----

- #interface=

+ interface=lo



- #bind-interfaces

+ bind-interfaces



- # Change this line if you want dns to get its upstream servers from

- # somewhere other that /etc/resolv.conf

- #resolv-file=

+ # Read the upstream servers from the file generated by resolvconf(8).

+ resolv-file={resolvconf-dnsmasq-resolv}



- # Include another lot of configuration options.

- #conf-file=/etc/dnsmasq.more.conf

- #conf-dir=/etc/dnsmasq.d

+ # Include config generated by resolvconf(8).

+ conf-file={resolvconf-dnsmasq-conf}

----



. Replace content of your _/etc/resolvconf.conf_ with:

+

[source, diff, subs="+attributes"]

----

# Configuration for resolvconf(8)



resolv_conf=/etc/resolv.conf

resolv_conf_options="trust-ad"



# Use the local name server (dnsmasq).

name_servers="::1 127.0.0.1"



# These interfaces name servers will only be queried for the domains

# (the search option) listed in their resolv.conf.

private_interfaces="vpn*"



# Generate configs for dnsmasq.

dnsmasq_conf={resolvconf-dnsmasq-conf}

dnsmasq_resolv={resolvconf-dnsmasq-resolv}

----



. Start and enable services:

+

[source, sh]

----

rc-service connman-resolvconf start

rc-service dnsmasq start



rc-update add connman-resolvconf

rc-update add dnsmasq

----



==== Using Unbound

:resolvconf-unbound-conf: {resolvconf-rundir}/unbound.conf



This section describes how to set up ConnMan with Unbound as a local caching resolver on Alpine Linux v3.16+.



Please note that, unlike dnsmasq, Unbound does *not* read _/etc/hosts_.



. Install packages:

+

[source, sh]

----

apk add connman connman-resolvconf unbound openresolv

----



. Add/edit the following lines into _/etc/conf.d/connman_:

+

[source, sh]

----

# Additional arguments to pass to connmand.

command_args="--nodnsproxy"



# Let ConnMan write resolv.conf to /run/connman instead of /etc/resolv.conf.

# WARNING: This is a nasty workaround. start_pre shouldn't be normally

#  overridden in the config. There's a pending patch for ConnMan to get rid of

#  this workaround.

start_pre() {

	checkpath -q -d /run/connman

}

----



. Edit _/etc/unbound/unbound.conf_ and apply the following changes:

** Uncomment and set to `yes` options `unblock-lan-zones` and `insecure-lan-zones`.

** Add the following to the bottom of the file:

+

[source, diff, subs="+attributes"]

----

# Include configuration generated by resolvconf(8).

# Use globbing (*) to make it optional, i.e. not fail if it doesn't exist (yet).

include: "{resolvconf-unbound-conf}*"

----



. Replace content of your _/etc/resolvconf.conf_ with:

+

[source, diff, subs="+attributes"]

----

# Configuration for resolvconf(8)



resolv_conf=/etc/resolv.conf

resolv_conf_options="trust-ad"



# Use the local name server (Unbound).

name_servers="::1 127.0.0.1"



# These interfaces name servers will only be queried for the domains

# (the search option) listed in their resolv.conf.

private_interfaces="vpn*"



# Generate config for unbound.

unbound_conf={resolvconf-unbound-conf}

----



. Start and enable services:

+

[source, sh]

----

rc-service connman-resolvconf start

rc-service unbound start



rc-update add connman-resolvconf

rc-update add unbound

----



[[pre-built-binaries]]

== Pre-Built Binaries



Pre-built binaries available in the project’s https://github.com/{gh-name}/releases[Releases] are built automatically using GitHub Actions.

You can see the workflow configuration in link:.github/workflows/ci.yml[].

Binaries for other architectures than x86_64 are cross-compiled.



Static binaries are built on Alpine Linux {alpine-branch}, statically linked with {alpine-pkgs-uri}musl[musl] libc and {alpine-pkgs-uri}dbus[dbus] library.

They have zero dependencies and so works on every Linux system (distro) regardless of used libc.



Dynamic binaries are built on Ubuntu {ubuntu-release}, linked with GNU {ubuntu-pkgs-uri}/libc6[libc6] and {ubuntu-pkgs-uri}/libdbus-1-3[libdbus-1].

Since they are dynamically linked, you must have a compatible version of lidbus-1.so installed on your system.



== License



This project is licensed under http://opensource.org/licenses/MIT/[MIT License].

For the full text of the license, see the link:LICENSE[LICENSE] file.