mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-10-01 13:55:36 +00:00
dns: add options to control automatic addition of edns0 and trust-ad
Options "edns0" and "trust-ad" are automatically added when using caching plugins such as dnsmasq and systemd-resolved. In some cases, those options can break resolution due to non-conforming resolvers, and there is no way to disable them. Introduce new options "_no-add-edns0" and "_no-add-trust-ad" to prevent the automatic addition of "edns0" and "trust-ad". The initial underscore indicates that the option is internal and is not written into resolv.conf. https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1393 https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1751
This commit is contained in:
parent
f9c9cbbf2f
commit
7447c1c202
|
@ -1876,8 +1876,11 @@ plugin_skip:;
|
|||
nameservers = g_new0(char *, 2);
|
||||
nameservers[0] = g_strdup(lladdr);
|
||||
|
||||
need_edns0 = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_EDNS0);
|
||||
need_trust = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_TRUST_AD);
|
||||
need_edns0 = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_EDNS0)
|
||||
&& !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0);
|
||||
need_trust =
|
||||
!nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_TRUST_AD)
|
||||
&& !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD);
|
||||
|
||||
if (need_edns0 || need_trust) {
|
||||
gsize len;
|
||||
|
@ -1892,6 +1895,23 @@ plugin_skip:;
|
|||
}
|
||||
}
|
||||
|
||||
if (options) {
|
||||
guint i;
|
||||
guint j;
|
||||
|
||||
/* Skip internal options, those starting with '_' */
|
||||
for (i = 0, j = 0; options[i]; i++) {
|
||||
if (options[i][0] == '_') {
|
||||
g_free(options[i]);
|
||||
continue;
|
||||
}
|
||||
if (i != j)
|
||||
options[j] = options[i];
|
||||
j++;
|
||||
}
|
||||
options[j] = NULL;
|
||||
}
|
||||
|
||||
if (do_update) {
|
||||
switch (priv->rc_manager) {
|
||||
case NM_DNS_MANAGER_RESOLV_CONF_MAN_SYMLINK:
|
||||
|
|
|
@ -52,6 +52,8 @@ const NMUtilsDNSOptionDesc _nm_utils_dns_option_descs[] = {
|
|||
{NM_SETTING_DNS_OPTION_NO_RELOAD, FALSE, FALSE},
|
||||
{NM_SETTING_DNS_OPTION_TRUST_AD, FALSE, FALSE},
|
||||
{NM_SETTING_DNS_OPTION_NO_AAAA, FALSE, FALSE},
|
||||
{NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0, FALSE, FALSE},
|
||||
{NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD, FALSE, FALSE},
|
||||
{NULL, FALSE, FALSE}};
|
||||
|
||||
static char *
|
||||
|
@ -6376,17 +6378,24 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
|
|||
/**
|
||||
* NMSettingIPConfig:dns-options:
|
||||
*
|
||||
* Array of DNS options as described in man 5 resolv.conf.
|
||||
* Array of DNS options to be added to resolv.conf.
|
||||
*
|
||||
* %NULL means that the options are unset and left at the default.
|
||||
* In this case NetworkManager will use default options. This is
|
||||
* distinct from an empty list of properties.
|
||||
*
|
||||
* The currently supported options are "attempts", "debug", "edns0",
|
||||
* The following options are directly added to resolv.conf: "attempts",
|
||||
* "debug", "edns0",
|
||||
* "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa",
|
||||
* "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query",
|
||||
* "rotate", "single-request", "single-request-reopen", "timeout",
|
||||
* "trust-ad", "use-vc".
|
||||
* "trust-ad", "use-vc". See the resolv.conf(5) man page for a
|
||||
* detailed description of these options.
|
||||
*
|
||||
* In addition, NetworkManager supports the special options "_no-add-edns0"
|
||||
* and "_no-add-trust-ad". They are not added to resolv.conf, and can be
|
||||
* used to prevent the automatic addition of options "edns0" and "trust-ad"
|
||||
* when using caching DNS plugins (see below).
|
||||
*
|
||||
* The "trust-ad" setting is only honored if the profile contributes
|
||||
* name servers to resolv.conf, and if all contributing profiles have
|
||||
|
@ -6394,7 +6403,7 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
|
|||
*
|
||||
* When using a caching DNS plugin (dnsmasq or systemd-resolved in
|
||||
* NetworkManager.conf) then "edns0" and "trust-ad" are automatically
|
||||
* added.
|
||||
* added, unless "_no-add-edns0" and "_no-add-trust-ad" are present.
|
||||
*
|
||||
* Since: 1.2
|
||||
**/
|
||||
|
|
|
@ -363,6 +363,9 @@ char *nm_ip_routing_rule_to_string(const NMIPRoutingRule *self,
|
|||
#define NM_SETTING_DNS_OPTION_NO_RELOAD "no-reload"
|
||||
#define NM_SETTING_DNS_OPTION_TRUST_AD "trust-ad"
|
||||
#define NM_SETTING_DNS_OPTION_NO_AAAA "no-aaaa"
|
||||
/* Internal options (not added to resolv.conf) */
|
||||
#define NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0 "_no-add-edns0"
|
||||
#define NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD "_no-add-trust-ad"
|
||||
|
||||
typedef struct _NMSettingIPConfigClass NMSettingIPConfigClass;
|
||||
|
||||
|
|
Loading…
Reference in a new issue