Skip to content

ConnMan integration with resolvconf(8)

License

Notifications You must be signed in to change notification settings

jirutka/connman-resolvconf

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ConnMan–Resolvconf

CI Workflow Packaging status

A daemon that integrates ConnMan with resolvconf(8). It listens on D-Bus and calls resolvconf with new DNS information (nameservers and domain search) when a network service is connected, disconnected or updated.

Table of Contents

Requirements

Runtime:
  • UNIX-like system (tested on Linux only)

  • D-Bus 1.6 or higher

  • ConnMan (tested with 1.40+)

  • resolvconf from openresolv or Debian

Build:
  • Rust stable toolchain (tested with 1.60+)

  • pkg-config

  • libdbus.so 1.6 or higher (including headers, pkg-config file etc.)

Installation

On Alpine Linux

If you’re using Alpine Linux v3.16 or later, you can install connman-resolvconf package from the Alpine’s community repository:

apk add connman-resolvconf

On Arch Linux

If you’re using Arch Linux, you can install connman-resolvconf package from AUR:

yay -S connman-resolvconf

Or use another AUR helper.

Using Pre-Built Binary

If your package manager doesn’t provide connman-resolvconf, you can use a pre-built binary.

You can choose either a statically linked (static) binary that should work on every Linux system (distro), or, if you’re using a sufficient recent GNU/libc-based distro (most major distros), a dynamically linked binary (see section Pre-Built Binaries for more information).

  1. Download, verify and extract the release tarball for your CPU architecture (pick the right link from the list above), for example:

    curl -sSLO https://github.com/jirutka/connman-resolvconf/releases/download/v0.2.0/connman-resolvconf-0.2.0-x86_64-linux.tar.gz
    curl -sSL https://github.com/jirutka/connman-resolvconf/releases/download/v0.2.0/checksums.txt | sha256sum -c --ignore-missing
    tar -xzf connman-resolvconf-0.2.0-*.tar.gz
  2. Install connman-resolvconfd somewhere on your PATH, e.g. /usr/local/bin:

    install -D -m755 connman-resolvconf-0.2.0-*/connman-resolvconfd /usr/local/bin/

From Source Tarball

wget https://github.com/jirutka/connman-resolvconf/archive/v0.2.0/connman-resolvconf-0.2.0.tar.gz
tar -xzf connman-resolvconf-0.2.0.tar.gz
cd connman-resolvconf-0.2.0

cargo build --release --locked
install -D -m755 target/release/connman-resolvconfd -t /usr/local/bin/

Configuration

On Alpine Linux

Using dnsmasq

This section describes how to set up ConnMan with dnsmasq as a local caching resolver on Alpine Linux v3.16+.

  1. Install packages:

    apk add connman connman-resolvconf dnsmasq-dnssec openresolv
  2. Add/edit the following lines into /etc/conf.d/connman:

    # Additional arguments to pass to connmand.
    command_args="--nodnsproxy"
    
    # Let ConnMan write resolv.conf to /run/connman instead of /etc/resolv.conf.
    # WARNING: This is a nasty workaround. start_pre shouldn't be normally
    #  overridden in the config. There's a pending patch for ConnMan to get rid of
    #  this workaround.
    start_pre() {
    	checkpath -q -d /run/connman
    }
  3. Add/edit the following lines into /etc/conf.d/dnsmasq:

    setup_command="my_setup_configs"
    
    # Prepare configs that will be later generated by resolvconf(8).
    my_setup_configs() {
    	[ "$RC_SVCNAME" = dnsmasq ] || return 0
    
    	checkpath -q -d /run/resolvconf || return 1
    	checkpath -q -f /run/resolvconf/dnsmasq-conf.conf || return 1
    
        if ! [ -f /run/resolvconf/dnsmasq-resolv.conf ]; then
    	    checkpath -q -f /run/resolvconf/dnsmasq-resolv.conf || return 1
    	    echo 'nameserver 1.1.1.1' >> /run/resolvconf/dnsmasq-resolv.conf
        fi
    }
  4. Edit /etc/dnsmasq.conf and apply the following changes: [1]

    - #interface=
    + interface=lo
    
    - #bind-interfaces
    + bind-interfaces
    
    - # Change this line if you want dns to get its upstream servers from
    - # somewhere other that /etc/resolv.conf
    - #resolv-file=
    + # Read the upstream servers from the file generated by resolvconf(8).
    + resolv-file=/run/resolvconf/dnsmasq-resolv.conf
    
    - # Include another lot of configuration options.
    - #conf-file=/etc/dnsmasq.more.conf
    - #conf-dir=/etc/dnsmasq.d
    + # Include config generated by resolvconf(8).
    + conf-file=/run/resolvconf/dnsmasq-conf.conf
  5. Replace content of your /etc/resolvconf.conf with:

    # Configuration for resolvconf(8)
    
    resolv_conf=/etc/resolv.conf
    resolv_conf_options="trust-ad"
    
    # Use the local name server (dnsmasq).
    name_servers="::1 127.0.0.1"
    
    # These interfaces name servers will only be queried for the domains
    # (the search option) listed in their resolv.conf.
    private_interfaces="vpn*"
    
    # Generate configs for dnsmasq.
    dnsmasq_conf=/run/resolvconf/dnsmasq-conf.conf
    dnsmasq_resolv=/run/resolvconf/dnsmasq-resolv.conf
  6. Start and enable services:

    rc-service connman-resolvconf start
    rc-service dnsmasq start
    
    rc-update add connman-resolvconf
    rc-update add dnsmasq

Using Unbound

This section describes how to set up ConnMan with Unbound as a local caching resolver on Alpine Linux v3.16+.

Please note that, unlike dnsmasq, Unbound does not read /etc/hosts.

  1. Install packages:

    apk add connman connman-resolvconf unbound openresolv
  2. Add/edit the following lines into /etc/conf.d/connman:

    # Additional arguments to pass to connmand.
    command_args="--nodnsproxy"
    
    # Let ConnMan write resolv.conf to /run/connman instead of /etc/resolv.conf.
    # WARNING: This is a nasty workaround. start_pre shouldn't be normally
    #  overridden in the config. There's a pending patch for ConnMan to get rid of
    #  this workaround.
    start_pre() {
    	checkpath -q -d /run/connman
    }
  3. Edit /etc/unbound/unbound.conf and apply the following changes:

    • Uncomment and set to yes options unblock-lan-zones and insecure-lan-zones.

    • Add the following to the bottom of the file:

      # Include configuration generated by resolvconf(8).
      # Use globbing (*) to make it optional, i.e. not fail if it doesn't exist (yet).
      include: "/run/resolvconf/unbound.conf*"
  4. Replace content of your /etc/resolvconf.conf with:

    # Configuration for resolvconf(8)
    
    resolv_conf=/etc/resolv.conf
    resolv_conf_options="trust-ad"
    
    # Use the local name server (Unbound).
    name_servers="::1 127.0.0.1"
    
    # These interfaces name servers will only be queried for the domains
    # (the search option) listed in their resolv.conf.
    private_interfaces="vpn*"
    
    # Generate config for unbound.
    unbound_conf=/run/resolvconf/unbound.conf
  5. Start and enable services:

    rc-service connman-resolvconf start
    rc-service unbound start
    
    rc-update add connman-resolvconf
    rc-update add unbound

Pre-Built Binaries

Pre-built binaries available in the project’s Releases are built automatically using GitHub Actions. You can see the workflow configuration in .github/workflows/ci.yml. Binaries for other architectures than x86_64 are cross-compiled.

Static binaries are built on Alpine Linux v3.16, statically linked with musl libc and dbus library. They have zero dependencies and so works on every Linux system (distro) regardless of used libc.

Dynamic binaries are built on Ubuntu 20.04, linked with GNU libc6 and libdbus-1. Since they are dynamically linked, you must have a compatible version of lidbus-1.so installed on your system.

License

This project is licensed under MIT License. For the full text of the license, see the LICENSE file.


1. I also highly recommended configuring DNSSEC validation, but that’s beyond the scope of this guide.