Page MenuHomeSolus

update-systemd-resolved
Closed, WontfixPublic

Description

update-systemd-resolved

https://github.com/jonathanio/update-systemd-resolved

This is a helper script designed to integrate OpenVPN with the systemd-resolved service via DBus instead of trying to override /etc/resolv.conf, or manipulate systemd-networkd configuration files.

Since systemd-229, the systemd-resolved service has an API available via DBus which allows directly setting the DNS configuration for a link. This script makes use of busctl from systemd to send DBus messages to systemd-resolved to update the DNS for the link created by OpenVPN.

GPL-3.0-or-later

https://github.com/jonathanio/update-systemd-resolved/archive/v1.2.7.tar.gz

DrataDrake seems interested, see https://dev.solus-project.com/T2931

Devil505 created this task.Aug 14 2018, 4:47 AM

Perhaps we need to think less in terms of packages, and more in terms of integration. Then the packaging needs will become apparent.

  • What packages will have resolv needs, now and in the near future, so wireguard etc should be considered part of the solution.
  • What tools do they expect to be available?
  • Can we integrate it all with one method that will work with all the tools and networkmanager/systemd?
  • Does any documentation make sense around this solution?

Sure ! But about the integration I don't know what is possible. Only this I know are:

  • It is dedicated to openvpn only
  • The user have to edit the /etc/nsswitch.conf and edit his openvpn conf file to add:
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved
down-pre

and, of course, have the system-resolved systemd service started.

So, some guidelines in Solus documentation may be necessary I think if it is packaged.

On openresolv's task, @eric-salo said that update-systemd-resolved fixed dns leaks, maybe he can give you more details.

Some interesting links:

DataDrake closed this task as Wontfix.Aug 31 2018, 6:18 PM
DataDrake added a subscriber: DataDrake.

If there's a DNS leak it should be in OpenVPN or NetworkManager, not with a random script that requires modifying nsswitch.conf.