Project

General

Profile

Feature #10931

system.php: Add option to omit DNS Servers from resolv.conf

Added by Jim Pingle 2 months ago. Updated 1 day ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
09/25/2020
Due date:
% Done:

100%

Estimated time:

Description

Some users prefer that the system only use the DNS Resolver/Forwarder for DNS resolution, rather than the entries in resolv.conf. One example use case is when all DNS from the firewall should use DNS over TLS. If the DNS Resolver is temporarily unavailable, the system could skip the DNS Resolver and send queries directly in the clear.

Currently there is an option to not use the DNS Forwarder/Resolver, which should be changed to a drop-down menu with the following entries:

Firewall DNS Resolution Behavior

  • Use DNS Resolver/Forwarder (127.0.0.1), fall back to DNS Servers (Default)
    • This option is the same as the current default with the box unchecked (resolv.conf has 127.0.0.1 then other DNS servers)
  • Use DNS Resolver/Forwarder (127.0.0.1), ignore DNS Servers
    • This option would change resolv.conf to only contain 127.0.0.1 and no other servers
  • Use DNS Servers, ignore DNS Resolver/Forwarder
    • This option is the same as if the current box is checked (resolv.conf has the DNS servers listed, but not 127.0.0.1)

Also needs upgrade code to change the current option into the new format.

Associated revisions

Revision f0c51530 (diff)
Added by Jim Pingle 2 months ago

System DNS Server changes. Implements #10931

There are significant changes here, but ultimately should be a smooth
transition. See https://redmine.pfsense.org/issues/10931 for more
details.

Revision cd60d729 (diff)
Added by Viktor Gurov 1 day ago

Dynamic IPv6 DNS servers fix. Feature #10931

History

#1 Updated by Jim Pingle 2 months ago

  • Status changed from New to In Progress

#2 Updated by Jim Pingle 2 months ago

Tugged on a dangling thread of this sweater and unraveled quite a lot.

There were three functions with confusing names which did similar but not identical things, used inconsistently through the code, and also some places had code which did similar things but didn't use the functions. I standardized it all to use one function and fixed the name of one so it was less ambiguous. I did not check packages for affected code.

Changes:

  • Changed the option on system.php as described in the original description, plus upgrade code to transition, and changed places which tested the option to the new format.
  • system.inc / get_dns_nameservers() - Added extra parameter which can be used to return either the list to put in resolv.conf or the list of available name servers, depending on what the caller needs.
  • system.inc / get_nameservers() - Renamed to get_dynamic_nameservers() and added interface filtering. Added sub function of the old name in case it was used by packages. If it's not used by packages, that can be removed.
  • pfsense-utils.inc / get_dns_servers() - Unnecessarily read resolv.conf instead of using proper methods like get_dns_nameservers(). Deprecated. Now returns get_dns_nameservers(false, true). If it's not used in packages it can be completely removed.
  • Various places which used the old/incorrect functions, duplicated code, or other methods like directly reading resolv.conf were updated to properly use get_dns_nameservers() instead.
  • Changed status_interfaces.php to display the dynamically assigned DNS servers for an interface with each interface, rather than displaying all DNS servers on WAN.

Commit coming shortly.

#3 Updated by Jim Pingle 2 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

#5 Updated by Jim Pingle 2 days ago

  • Status changed from Feedback to Pull Request Review

#6 Updated by Renato Botelho 1 day ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

Also available in: Atom PDF