resolv.conf.head

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

resolv.conf.head

Libertas
I'm relatively new to OpenBSD, so please correct any mistakes below.

As you may know, resolv.conf.tail is appended to resolv.conf. This is
convenient because the last 'search' and 'domain' keywords listed are used.

However, nameservers are queried in the order they are listed. This
means (if I understand correctly) that if DHCP adds a nameserver to your
resolv.conf, it will supersede anything you include in resolv.conf.tail.
Wanting to specify the nameserver is common, because many of us are
otherwise sending all of our DNS queries to lovely companies like
Comcast and Verizon.

Nameserver overrides be done with dhclient.conf, but it seems more clear
and Unixy to just have a resolv.conf.head counterpart to
resolv.conf.tail. It already exists in a certain other Unix-like
operating system of great popularity.

Is this a good idea? If so, I can try writing a patch.

Reply | Threaded
Open this post in threaded view
|

Re: resolv.conf.head

Alexander Hall
On January 9, 2015 6:31:13 PM CET, Libertas <[hidden email]> wrote:

>I'm relatively new to OpenBSD, so please correct any mistakes below.
>
>As you may know, resolv.conf.tail is appended to resolv.conf. This is
>convenient because the last 'search' and 'domain' keywords listed are
>used.
>
>However, nameservers are queried in the order they are listed. This
>means (if I understand correctly) that if DHCP adds a nameserver to
>your
>resolv.conf, it will supersede anything you include in
>resolv.conf.tail.
>Wanting to specify the nameserver is common, because many of us are
>otherwise sending all of our DNS queries to lovely companies like
>Comcast and Verizon.
>
>Nameserver overrides be done with dhclient.conf, but it seems more
>clear
>and Unixy to just have a resolv.conf.head counterpart to
>resolv.conf.tail. It already exists in a certain other Unix-like
>operating system of great popularity.
>
>Is this a good idea? If so, I can try writing a patch.

Configure your dhclient.conf with an appropriate supersede directive instead.

I commonly override the search domain with ".".

/Alexander

Reply | Threaded
Open this post in threaded view
|

Re: resolv.conf.head

Alexander Hall
On January 9, 2015 7:22:01 PM CET, Alexander Hall <[hidden email]> wrote:

>On January 9, 2015 6:31:13 PM CET, Libertas <[hidden email]>
>wrote:
>>I'm relatively new to OpenBSD, so please correct any mistakes below.
>>
>>As you may know, resolv.conf.tail is appended to resolv.conf. This is
>>convenient because the last 'search' and 'domain' keywords listed are
>>used.
>>
>>However, nameservers are queried in the order they are listed. This
>>means (if I understand correctly) that if DHCP adds a nameserver to
>>your
>>resolv.conf, it will supersede anything you include in
>>resolv.conf.tail.
>>Wanting to specify the nameserver is common, because many of us are
>>otherwise sending all of our DNS queries to lovely companies like
>>Comcast and Verizon.
>>
>>Nameserver overrides be done with dhclient.conf, but it seems more
>>clear
>>and Unixy to just have a resolv.conf.head counterpart to
>>resolv.conf.tail. It already exists in a certain other Unix-like
>>operating system of great popularity.
>>
>>Is this a good idea? If so, I can try writing a patch.
>
>Configure your dhclient.conf with an appropriate supersede directive
>instead.

Bah. I have no idea how I missed that you'd already mentioned that. Nevertheless, I find it very reasonable to let dhclient handle it.

>
>I commonly override the search domain with ".".
>
>/Alexander

Reply | Threaded
Open this post in threaded view
|

Re: resolv.conf.head

Martin Brandenburg
In reply to this post by Libertas
Libertas <[hidden email]> wrote:

> I'm relatively new to OpenBSD, so please correct any mistakes below.
>
> As you may know, resolv.conf.tail is appended to resolv.conf. This is
> convenient because the last 'search' and 'domain' keywords listed are used.
>
> However, nameservers are queried in the order they are listed. This
> means (if I understand correctly) that if DHCP adds a nameserver to your
> resolv.conf, it will supersede anything you include in resolv.conf.tail.
> Wanting to specify the nameserver is common, because many of us are
> otherwise sending all of our DNS queries to lovely companies like
> Comcast and Verizon.
>
> Nameserver overrides be done with dhclient.conf, but it seems more clear
> and Unixy to just have a resolv.conf.head counterpart to
> resolv.conf.tail. It already exists in a certain other Unix-like
> operating system of great popularity.
>
> Is this a good idea? If so, I can try writing a patch.

The things you want to go at the top can go in dhclient.conf as prepend or
supersede options. Other settings like family in resolv.conf can go at the
bottom just fine.

And you realize that your ISP (like Comcast or Verizon) can see your DNS
queries even if you point them at another nameserver. Granted I've met enough
ISP nameservers which return advertising instead of NXDOMAIN, and that is
annoying.

-- Martin

Reply | Threaded
Open this post in threaded view
|

Re: resolv.conf.head

Jason Adams
On 01/09/2015 12:49 PM, [hidden email] wrote:
> And you realize that your ISP (like Comcast or Verizon) can see your DNS
> queries even if you point them at another nameserver. Granted I've met enough
> ISP nameservers which return advertising instead of NXDOMAIN, and that is
> annoying.
There are some services that prevent this.
https://www.opendns.com/about/innovations/dnscrypt/
Disclaimer: am a paying customer of OpenDNS.  No other affiliation.


--
Those who do not understand Unix are condemned to reinvent it, poorly.