diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2023-10-09 18:00:44 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2023-11-14 08:34:58 +0100 |
commit | 7447c1c2022ea23b558d4ba37b59212feb9f0981 (patch) | |
tree | 1c522ac4055df7f2a04e5348973b1b961d355d12 | |
parent | f9c9cbbf2fe8add43e10c0ce3311153048f45023 (diff) |
dns: add options to control automatic addition of edns0 and trust-adbg/dns-options-skip
Options "edns0" and "trust-ad" are automatically added when using
caching plugins such as dnsmasq and systemd-resolved. In some cases,
those options can break resolution due to non-conforming resolvers,
and there is no way to disable them.
Introduce new options "_no-add-edns0" and "_no-add-trust-ad" to
prevent the automatic addition of "edns0" and "trust-ad". The initial
underscore indicates that the option is internal and is not written
into resolv.conf.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1393
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1751
-rw-r--r-- | src/core/dns/nm-dns-manager.c | 24 | ||||
-rw-r--r-- | src/libnm-core-impl/nm-setting-ip-config.c | 17 | ||||
-rw-r--r-- | src/libnm-core-public/nm-setting-ip-config.h | 3 |
3 files changed, 38 insertions, 6 deletions
diff --git a/src/core/dns/nm-dns-manager.c b/src/core/dns/nm-dns-manager.c index f8f12fbcbc..86d65c0510 100644 --- a/src/core/dns/nm-dns-manager.c +++ b/src/core/dns/nm-dns-manager.c @@ -1876,8 +1876,11 @@ plugin_skip:; nameservers = g_new0(char *, 2); nameservers[0] = g_strdup(lladdr); - need_edns0 = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_EDNS0); - need_trust = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_TRUST_AD); + need_edns0 = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_EDNS0) + && !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0); + need_trust = + !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_TRUST_AD) + && !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD); if (need_edns0 || need_trust) { gsize len; @@ -1892,6 +1895,23 @@ plugin_skip:; } } + if (options) { + guint i; + guint j; + + /* Skip internal options, those starting with '_' */ + for (i = 0, j = 0; options[i]; i++) { + if (options[i][0] == '_') { + g_free(options[i]); + continue; + } + if (i != j) + options[j] = options[i]; + j++; + } + options[j] = NULL; + } + if (do_update) { switch (priv->rc_manager) { case NM_DNS_MANAGER_RESOLV_CONF_MAN_SYMLINK: diff --git a/src/libnm-core-impl/nm-setting-ip-config.c b/src/libnm-core-impl/nm-setting-ip-config.c index 5cfe9ed8bc..c305e48e9d 100644 --- a/src/libnm-core-impl/nm-setting-ip-config.c +++ b/src/libnm-core-impl/nm-setting-ip-config.c @@ -52,6 +52,8 @@ const NMUtilsDNSOptionDesc _nm_utils_dns_option_descs[] = { {NM_SETTING_DNS_OPTION_NO_RELOAD, FALSE, FALSE}, {NM_SETTING_DNS_OPTION_TRUST_AD, FALSE, FALSE}, {NM_SETTING_DNS_OPTION_NO_AAAA, FALSE, FALSE}, + {NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0, FALSE, FALSE}, + {NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD, FALSE, FALSE}, {NULL, FALSE, FALSE}}; static char * @@ -6376,17 +6378,24 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass) /** * NMSettingIPConfig:dns-options: * - * Array of DNS options as described in man 5 resolv.conf. + * Array of DNS options to be added to resolv.conf. * * %NULL means that the options are unset and left at the default. * In this case NetworkManager will use default options. This is * distinct from an empty list of properties. * - * The currently supported options are "attempts", "debug", "edns0", + * The following options are directly added to resolv.conf: "attempts", + * "debug", "edns0", * "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa", * "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query", * "rotate", "single-request", "single-request-reopen", "timeout", - * "trust-ad", "use-vc". + * "trust-ad", "use-vc". See the resolv.conf(5) man page for a + * detailed description of these options. + * + * In addition, NetworkManager supports the special options "_no-add-edns0" + * and "_no-add-trust-ad". They are not added to resolv.conf, and can be + * used to prevent the automatic addition of options "edns0" and "trust-ad" + * when using caching DNS plugins (see below). * * The "trust-ad" setting is only honored if the profile contributes * name servers to resolv.conf, and if all contributing profiles have @@ -6394,7 +6403,7 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass) * * When using a caching DNS plugin (dnsmasq or systemd-resolved in * NetworkManager.conf) then "edns0" and "trust-ad" are automatically - * added. + * added, unless "_no-add-edns0" and "_no-add-trust-ad" are present. * * Since: 1.2 **/ diff --git a/src/libnm-core-public/nm-setting-ip-config.h b/src/libnm-core-public/nm-setting-ip-config.h index f728196514..aa0d6d717c 100644 --- a/src/libnm-core-public/nm-setting-ip-config.h +++ b/src/libnm-core-public/nm-setting-ip-config.h @@ -363,6 +363,9 @@ char *nm_ip_routing_rule_to_string(const NMIPRoutingRule *self, #define NM_SETTING_DNS_OPTION_NO_RELOAD "no-reload" #define NM_SETTING_DNS_OPTION_TRUST_AD "trust-ad" #define NM_SETTING_DNS_OPTION_NO_AAAA "no-aaaa" +/* Internal options (not added to resolv.conf) */ +#define NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0 "_no-add-edns0" +#define NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD "_no-add-trust-ad" typedef struct _NMSettingIPConfigClass NMSettingIPConfigClass; |