-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dnsmasq: Make unexpected resolvconf integration separately opt-in #67598
base: master
Are you sure you want to change the base?
Conversation
Makes sense to provide a new setting I believe, and I agree the default should be changed. I am a bit hesitant as to how to change it though. I would say let's keep the current behavior and wait a bit before changing it, maybe mention it in 19.09 release notes ? |
Thank you for your contributions.
|
I'm still carrying this patch around on several systems where the previous behaviour is unwanted. |
Another issue: |
I marked this as stale due to inactivity. → More info |
I'd still like to get this merged. @bb2020 I suppose, but that's not related to the issue this solves. |
Yes, right. I just wanted to mention it when I saw this issue about |
I marked this as stale due to inactivity. → More info |
I marked this as stale due to inactivity. → More info |
I'd still like this to be merged... EDIT: Also, to be clear, I do not think this needs a changelog entry. The current behaviour is both undocumented and unexpected, making it a bug, making this a bug fix. |
This is actually what most users do; using |
@bb2020 the quoted line is not relevant to whether or not dnsmasq is being used as a DNS cache, only to whether or not it sources DNS servers from an upstream DHCP server (via resolvconf). As for whether or not it is "what most users do": I have only anecdotal evidence, in that I have yet to see someone deliberately using resolv-conf supplied DNS servers in dnsmasq, and I have seen many people deliberately using explicitly-configured DNS servers in dnsmasq instead. Is your own assertion also based on anecdotal evidence, or do you have some sort of harder data backing it? |
I agree there is a bug here because it just merges upstream DNS with local DNS. |
1ed84ff
to
725c515
Compare
725c515
to
09f37c0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fully agree this change is a good idea but because of the high usage, I instead vote for making the change retro-compatible.
From a quick GitHub search, there are a lot of repositories using dnsmasq and most of them set this option to true
and others to false
. So they implicitly rely on this option working the way it does.
Having the DNS settings change under your feet is one of the worst possible thing to happen and is usually hard to debug.
@@ -62,6 +62,15 @@ in | |||
''; | |||
}; | |||
|
|||
useResolvConfUpstreams = mkOption { | |||
type = types.bool; | |||
default = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
default = false; | |
default = true; |
@@ -62,6 +62,15 @@ in | |||
''; | |||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would update the option description here to mention this will by default resolve upstream DNS services and if that's not wanted, to set useResolvConfUpstreams
to false
.
Motivation for this change
Currently, if you set
services.dnsmasq.resolveLocalQueries = true;
(the default), then dnsmasq will not only resolve DNS queries for the local system, but it will also make it so that any resolvconf-provided DNS servers are injected into dnsmasq's list of upstream DNS servers.This behaviour was introduced way back in #3745, but is problematic on several fronts:
resolv-file
directive by addingno-resolv
toextraConfig
, there is no way to disable reading of the resolvconf-produced/etc/dnsmasq-conf.conf
file. On my system at least, this file configures dnsmasq to resolve queries for my system's search domain using the DHCP-supplied server.This PR migrates the functionality to its own, documented, opt-in configuration option. The only downside to this is that it will change the behaviour on existing systems.
Things done
sandbox
innix.conf
on non-NixOS)macOSother Linux distributionsTested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)Tested compilation of all pkgs that depend on this change usingnix-shell -p nix-review --run "nix-review wip"
Tested execution of all binary files (usually in./result/bin/
)Determined the impact on package closure size (by runningnix path-info -S
before and after)