this post was submitted on 20 Oct 2023
145 points (89.6% liked)
Linux
48343 readers
391 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Can't, it's hardcoded by too many programs out there.
resolv.conf
is still the place to get DNS configuration, but it was hijacked by various "helping" tools so you can't edit it manually anymore. Why they couldn't stick to adding/etc/resolv.d/*.conf
files like to many other /etc/ stuff, I'll never know.You basically just made the case for exactly why.
Programs should be using the system resolver, not parsing that file.
The system resolver should have predictable behavior. But if other programs are doing their own DNS resolution (or otherwise predicating their functionality) based directly on the contents of
resolv.conf
then their behavior will not always be consistent with the system resolver (or with how the sysadmin intended things to function).And that can break things in subtle, unpredictable ways, which is always a headache.
Thus, on some modern systems,
resolv.conf
simply declares the localsystemd-resolved
instance (i.e. 127.0.0.1) and nothing else.A single global resolv.conf file also will not let you configure different behavior based on interface or on network namespace. Want to ensure DNS lookups for specific apps occur only through your VPN-specific DNS servers but all other apps only use the normal system resolvers (i.e. no leaking from either side of the divide)? Want to also ensure DNS lookups for those specific apps fail when the VPN is down (again, as opposed to leaking)?
systemd-resolved
has your back.And before anyone asks, yes, I am aware there are other, more crude and convoluted ways to do that with e.g. iptables (just like you can use crude, inconsistent init.d spaghetti scripts to manage services). It's just one single real-world example.
A single global resolv.conf file also will not let you configure different behavior based on interface or on network namespace.
The point is to configure everything using consistent, predictable configuration files and syntax, and to ensure consistent, predictable behavior.
But if you ultimately still want
resolv.conf.d
back, then your distro of choice undoubtedly provides a way to do so.What's a "system resolver"? We're talking about DNS servers. You're either running one locally or not. Either way, you need a way for everybody to know what DNS servers to use, regardless of whether you run one on the machine. That's where resolv.conf comes in.
Let's see some examples.
Good, because that has nothing to do with DNS, it's a matter of routing. They're orthogonal issues.