Project

General

Profile

Actions

Feature #10931

closed

system.php: Add option to omit DNS Servers from resolv.conf

Added by Jim Pingle about 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Web Interface
Target version:
Start date:
09/25/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Some users prefer that the system only use the DNS Resolver/Forwarder for DNS resolution, rather than the entries in resolv.conf. One example use case is when all DNS from the firewall should use DNS over TLS. If the DNS Resolver is temporarily unavailable, the system could skip the DNS Resolver and send queries directly in the clear.

Currently there is an option to not use the DNS Forwarder/Resolver, which should be changed to a drop-down menu with the following entries:

Firewall DNS Resolution Behavior

  • Use DNS Resolver/Forwarder (127.0.0.1), fall back to DNS Servers (Default)
    • This option is the same as the current default with the box unchecked (resolv.conf has 127.0.0.1 then other DNS servers)
  • Use DNS Resolver/Forwarder (127.0.0.1), ignore DNS Servers
    • This option would change resolv.conf to only contain 127.0.0.1 and no other servers
  • Use DNS Servers, ignore DNS Resolver/Forwarder
    • This option is the same as if the current box is checked (resolv.conf has the DNS servers listed, but not 127.0.0.1)

Also needs upgrade code to change the current option into the new format.

Actions #1

Updated by Jim Pingle about 4 years ago

  • Status changed from New to In Progress
Actions #2

Updated by Jim Pingle about 4 years ago

Tugged on a dangling thread of this sweater and unraveled quite a lot.

There were three functions with confusing names which did similar but not identical things, used inconsistently through the code, and also some places had code which did similar things but didn't use the functions. I standardized it all to use one function and fixed the name of one so it was less ambiguous. I did not check packages for affected code.

Changes:

  • Changed the option on system.php as described in the original description, plus upgrade code to transition, and changed places which tested the option to the new format.
  • system.inc / get_dns_nameservers() - Added extra parameter which can be used to return either the list to put in resolv.conf or the list of available name servers, depending on what the caller needs.
  • system.inc / get_nameservers() - Renamed to get_dynamic_nameservers() and added interface filtering. Added sub function of the old name in case it was used by packages. If it's not used by packages, that can be removed.
  • pfsense-utils.inc / get_dns_servers() - Unnecessarily read resolv.conf instead of using proper methods like get_dns_nameservers(). Deprecated. Now returns get_dns_nameservers(false, true). If it's not used in packages it can be completely removed.
  • Various places which used the old/incorrect functions, duplicated code, or other methods like directly reading resolv.conf were updated to properly use get_dns_nameservers() instead.
  • Changed status_interfaces.php to display the dynamically assigned DNS servers for an interface with each interface, rather than displaying all DNS servers on WAN.

Commit coming shortly.

Actions #3

Updated by Jim Pingle about 4 years ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
Actions #4

Updated by Viktor Gurov about 4 years ago

Actions #5

Updated by Jim Pingle about 4 years ago

  • Status changed from Feedback to Pull Request Review
Actions #6

Updated by Renato Botelho about 4 years ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

Actions #7

Updated by Viktor Gurov almost 4 years ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20210104.0250
all modes change resolv.conf accordingly

Actions

Also available in: Atom PDF