1RESOLVCONF.CONF(5) BSD File Formats Manual RESOLVCONF.CONF(5)
2
4 resolvconf.conf — resolvconf configuration file
5
7 resolvconf.conf is the configuration file for resolvconf(8). The
8 resolvconf.conf file is a shell script that is sourced by resolvconf(8),
9 meaning that resolvconf.conf must contain valid shell commands. Listed
10 below are the standard resolvconf.conf variables that may be set. If the
11 values contain whitespace, wildcards or other special shell characters,
12 ensure they are quoted and escaped correctly. See the replace variable
13 for an example on quoting.
14 After updating this file, you may wish to run resolvconf -u to apply the
16 new configuration.
17 When a dynamically generated list is appended or prepended to, the whole
19 is made unique where left-most wins.
20
22 resolvconf
23 Set to NO to disable resolvconf from running any subscribers.
24 Defaults to YES.
25 allow_interfaces
27 If set, only these interfaces will be processed.
28 deny_interfaces
30 If set, these interfaces will not be processed.
31 interface_order
33 These interfaces will always be processed first. If unset, de‐
34 faults to the following:-
35 lo lo[0-9]*
37 dynamic_order
39 These interfaces will be processed next, unless they have a met‐
40 ric. If unset, defaults to the following:-
41 tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]*
43 inclusive_interfaces
45 Ignore any exclusive marking for these interfaces. This is handy
46 when 3rd party integrations force the resolvconf -x option and
47 you want to disable it easily.
48 local_nameservers
50 If unset, defaults to the following:-
51 127.* 0.0.0.0 255.255.255.255 ::1
53 search_domains
55 Prepend search domains to the dynamically generated list.
56 search_domains_append
58 Append search domains to the dynamically generated list.
59 domain_blacklist
61 A list of domains to be removed from consideration. To remove a
62 domain, you can use foo.* To remove a sub domain, you can use
63 *.bar
64 name_servers
66 Prepend name servers to the dynamically generated list. You
67 should set this to 127.0.0.1 if you use a local name server other
68 than libc.
69 name_servers_append
71 Append name servers to the dynamically generated list.
72 name_server_blacklist
74 A list of name servers to be removed from consideration. The de‐
75 fault is 0.0.0.0 as some faulty routers send it via DHCP. To re‐
76 move a block, you can use 192.168.*
77 private_interfaces
79 These interfaces name servers will only be queried for the do‐
80 mains listed in their resolv.conf. Useful for VPN domains. Set‐
81 ting private_interfaces="*" will stop the forwarding of the root
82 zone and allows the local resolver to recursively query the root
83 servers directly. Requires a local nameserver other than libc.
84 This is equivalent to the resolvconf -p option.
85 public_interfaces
87 Force these interface to be public, overriding the private mark‐
88 ing. This is handy when 3rd party integrations force the
89 resolvconf -p option and you want to disable it easily.
90 replace
92 Is a space separated list of replacement keywords. The syntax is
93 this: $keyword/$match/$replacement
94 Example, given this resolv.conf:
96 domain foo.org search foo.org dead.beef nameserver 1.2.3.4 name‐
98 server 2.3.4.5
99 and this configuration:
100 replace="search/foo*/bar.com" replace="$replace name‐
102 server/1.2.3.4/5.6.7.8" replace="$replace nameserver/2.3.4.5/"
103 you would get this resolv.conf instead:
104 domain foo.org search bar.com nameserver 5.6.7.8
106 replace_sub
108 Works the same way as replace except it works on each space sepa‐
109 rated value rather than the whole line, so it's useful for the
110 replacing a single domain within the search directive. Using the
111 same example resolv.conf and changing replace to replace_sub, you
112 would get this resolv.conf instead:
113 domain foo.org search bar.com dead.beef nameserver 5.6.7.8
115 state_dir
117 Override the default state directory of /run/resolvconf. This
118 should not be changed once resolvconf is in use unless the old
119 directory is copied to the new one.
120
122 The following variables affect resolv.conf(5) directly:-
123 resolv_conf
125 Defaults to /etc/resolv.conf if not set.
126 resolv_conf_options
128 A list of libc resolver options, as specified in resolv.conf(5).
129 resolv_conf_passthrough
131 When set to YES the latest resolv.conf is written to resolv_conf
132 without any alteration. When set to /dev/null or NULL,
133 resolv_conf_local_only is defaulted to NO, local_nameservers is
134 unset unless overridden and only the information set in
135 resolvconf.conf is written to resolv_conf.
136 resolv_conf_sortlist
138 A libc resolver sortlist, as specified in resolv.conf(5).
139 resolv_conf_local_only
141 If a local name server is configured then the default is just to
142 specify that and ignore all other entries as they will be config‐
143 ured for the local name server. Set this to NO to also list non-
144 local nameservers. This will give you working DNS even if the
145 local nameserver stops functioning at the expense of duplicated
146 server queries.
147 append_nameservers
149 Append name servers to the dynamically generated list.
150 prepend_nameservers
152 Prepend name servers to the dynamically generated list.
153 append_search
155 Append search domains to the dynamically generated list.
156 prepend_search
158 Prepend search domains to the dynamically generated list.
159 resolv_conf_mv
161 Defaults to NO. Defines if /etc/resolv.conf is updated by writ‐
162 ing to a temporary file and then moving it vs writing directly to
163 it.
164
166 openresolv ships with subscribers for the name servers dnsmasq(8),
167 named(8), pdnsd(8), pdns_recursor(1), and unbound(8). Each subscriber
168 can create configuration files which should be included in the subscrib‐
169 ers main configuration file.
170 To disable a subscriber, simply set its name to NO. For example, to dis‐
172 able the libc subscriber you would set:
173 libc=NO
175 dnsmasq_conf
177 This file tells dnsmasq which name servers to use for specific
178 domains.
179 dnsmasq_resolv
181 This file tells dnsmasq which name servers to use for global
182 lookups.
183 Example resolvconf.conf for dnsmasq:
185 name_servers=127.0.0.1 dnsmasq_conf=/etc/dnsmasq-conf.conf dns‐
187 masq_resolv=/etc/dnsmasq-resolv.conf
188 Example dnsmasq.conf:
190 listen-address=127.0.0.1 # If dnsmasq is compiled for DBus then
192 we can take # advantage of not having to restart dnsmasq. en‐
193 able-dbus conf-file=/etc/dnsmasq-conf.conf resolv-file=/etc/dns‐
194 masq-resolv.conf
195 named_options
197 Include this file in the named options block. This file tells
198 named which name servers to use for global lookups.
199 named_zones
201 Include this file in the named global scope, after the options
202 block. This file tells named which name servers to use for spe‐
203 cific domains.
204 Example resolvconf.conf for named:
206 name_servers=127.0.0.1 named_options=/etc/named-options.conf
208 named_zones=/etc/named-zones.conf
209 Example named.conf:
211 options { listen-on { 127.0.0.1; }; include
213 "/etc/named-options.conf"; };
214 include "/etc/named-zones.conf";
216 pdnsd_conf
218 This is the main pdnsd configuration file which we modify to add
219 our forward domains to. If this variable is not set then we rely
220 on the pdnsd configuration file setup to read pdnsd_resolv as
221 documented below.
222 pdnsd_resolv
224 This file tells pdnsd about global name servers. If this vari‐
225 able is not set then it's written to pdnsd_conf.
226 Example resolvconf.conf for pdnsd:
228 name_servers=127.0.0.1 pdnsd_conf=/etc/pdnsd.conf # pdnsd_re‐
230 solv=/etc/pdnsd-resolv.conf
231 Example pdnsd.conf:
233 global { server_ip = 127.0.0.1; status_ctl = on; }
235 server { # A server definition is required, even if empty.
236 label="empty"; proxy_only=on; # file="/etc/pdnsd-
237 resolv.conf"; }
238 pdns_zones
240 This file tells pdns_recursor about specific and global name
241 servers.
242 Example resolvconf.conf for pdns_recursor:
244 name_servers=127.0.0.1 pdns_zones=/etc/pdns/recursor-zones.conf
246 Example recursor.conf:
248 allow-from=127.0.0.0/8, ::1/128 forward-zones-file=/etc/pdns/re‐
250 cursor-zones.conf
251 unbound_conf
253 This file tells unbound about specific and global name servers.
254 unbound_insecure
256 When set to YES, unbound marks the domains as insecure, thus ig‐
257 noring DNSSEC.
258 unbound_forward_zone_options
260 Options appended to each forward zone. Each option should be
261 separated by an embedded new line.
262 Example resolvconf.conf for unbound:
264 name_servers=127.0.0.1 unbound_conf=/etc/unbound-resolvconf.conf
266 Example unbound.conf:
268 include: /etc/unbound-resolvconf.conf
270
272 Not all distributions store the files the subscribers need in the same
273 locations. For example, named service scripts have been called named,
274 bind and rc.bind and they could be located in a directory called
275 /etc/rc.d, /etc/init.d or similar. Each subscriber attempts to automati‐
276 cally configure itself, but not every distribution has been catered for.
277 Also, users could equally want to use a different version from the one
278 installed by default, such as bind8 and bind9. To accommodate this, the
279 subscribers have these files in configurable variables, documented below.
280 dnsmasq_service
282 Name of the dnsmasq service.
283 dnsmasq_restart
285 Command to restart the dnsmasq service.
286 dnsmasq_pid
288 Location of the dnsmasq pidfile.
289 libc_service
291 Name of the libc service.
292 libc_restart
294 Command to restart the libc service.
295 named_service
297 Name of the named service.
298 named_restart
300 Command to restart the named service.
301 pdnsd_restart
303 Command to restart the pdnsd service.
304 pdns_service
306 Command to restart the pdns_recursor service.
307 pdns_restart
309 Command to restart the pdns_recursor service.
310 unbound_service
312 Name of the unbound service.
313 unbound_restart
315 Command to restart the unbound service.
316 unbound_pid
318 Location of the unbound pidfile.
319
321 sh(1), resolv.conf(5), resolvconf(8)
322
324 Roy Marples <roy@marples.name>
325
327 Each distribution is a special snowflake and likes to name the same thing
328 differently, namely the named service script.
329 Please report them to https://roy.marples.name/projects/openresolv
331BSD May 23, 2023 BSD