colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dns: add options to control automatic addition of edns0 and trust-ad

Browse Source 
Options "edns0" and "trust-ad" are automatically added when using
caching plugins such as dnsmasq and systemd-resolved. In some cases,
those options can break resolution due to non-conforming resolvers,
and there is no way to disable them.

Introduce new options "_no-add-edns0" and "_no-add-trust-ad" to
prevent the automatic addition of "edns0" and "trust-ad". The initial
underscore indicates that the option is internal and is not written
into resolv.conf.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1393
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1751
This commit is contained in:
Beniamino Galvani
2023-10-09 18:00:44 +02:00
parent f9c9cbbf2f
commit 7447c1c202
3 changed files with 38 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/core/dns/nm-dns-manager.c
View File

@@ -1876,8 +1876,11 @@ plugin_skip:;
nameservers = g_new0(char *, 2); nameservers = g_new0(char *, 2);
nameservers[0] = g_strdup(lladdr); nameservers[0] = g_strdup(lladdr);
need_edns0 = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_EDNS0); need_edns0 = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_EDNS0)
need_trust = !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_TRUST_AD); && !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0);
need_trust =
!nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_TRUST_AD)
&& !nm_strv_contains(options, -1, NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD);
if (need_edns0 || need_trust) { if (need_edns0 || need_trust) {
gsize len; gsize len;
@@ -1892,6 +1895,23 @@ plugin_skip:;
} }
} }
if (options) {
guint i;
guint j;
/* Skip internal options, those starting with '_' */
for (i = 0, j = 0; options[i]; i++) {
if (options[i][0] == '_') {
g_free(options[i]);
continue;
}
if (i != j)
options[j] = options[i];
j++;
}
options[j] = NULL;
}
if (do_update) { if (do_update) {
switch (priv->rc_manager) { switch (priv->rc_manager) {
case NM_DNS_MANAGER_RESOLV_CONF_MAN_SYMLINK: case NM_DNS_MANAGER_RESOLV_CONF_MAN_SYMLINK:

17
src/libnm-core-impl/nm-setting-ip-config.c
View File

@@ -52,6 +52,8 @@ const NMUtilsDNSOptionDesc _nm_utils_dns_option_descs[] = {
{NM_SETTING_DNS_OPTION_NO_RELOAD, FALSE, FALSE}, {NM_SETTING_DNS_OPTION_NO_RELOAD, FALSE, FALSE},
{NM_SETTING_DNS_OPTION_TRUST_AD, FALSE, FALSE}, {NM_SETTING_DNS_OPTION_TRUST_AD, FALSE, FALSE},
{NM_SETTING_DNS_OPTION_NO_AAAA, FALSE, FALSE}, {NM_SETTING_DNS_OPTION_NO_AAAA, FALSE, FALSE},
{NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0, FALSE, FALSE},
{NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD, FALSE, FALSE},
{NULL, FALSE, FALSE}}; {NULL, FALSE, FALSE}};
static char * static char *
@@ -6376,17 +6378,24 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
/** /**
* NMSettingIPConfig:dns-options: * NMSettingIPConfig:dns-options:
* *
* Array of DNS options as described in man 5 resolv.conf. * Array of DNS options to be added to resolv.conf.
* *
* %NULL means that the options are unset and left at the default. * %NULL means that the options are unset and left at the default.
* In this case NetworkManager will use default options. This is * In this case NetworkManager will use default options. This is
* distinct from an empty list of properties. * distinct from an empty list of properties.
* *
* The currently supported options are "attempts", "debug", "edns0", * The following options are directly added to resolv.conf: "attempts",
* "debug", "edns0",
* "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa", * "inet6", "ip6-bytestring", "ip6-dotint", "ndots", "no-aaaa",
* "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query", * "no-check-names", "no-ip6-dotint", "no-reload", "no-tld-query",
* "rotate", "single-request", "single-request-reopen", "timeout", * "rotate", "single-request", "single-request-reopen", "timeout",
* "trust-ad", "use-vc". * "trust-ad", "use-vc". See the resolv.conf(5) man page for a
* detailed description of these options.
*
* In addition, NetworkManager supports the special options "_no-add-edns0"
* and "_no-add-trust-ad". They are not added to resolv.conf, and can be
* used to prevent the automatic addition of options "edns0" and "trust-ad"
* when using caching DNS plugins (see below).
* *
* The "trust-ad" setting is only honored if the profile contributes * The "trust-ad" setting is only honored if the profile contributes
* name servers to resolv.conf, and if all contributing profiles have * name servers to resolv.conf, and if all contributing profiles have
@@ -6394,7 +6403,7 @@ nm_setting_ip_config_class_init(NMSettingIPConfigClass *klass)
* *
* When using a caching DNS plugin (dnsmasq or systemd-resolved in * When using a caching DNS plugin (dnsmasq or systemd-resolved in
* NetworkManager.conf) then "edns0" and "trust-ad" are automatically * NetworkManager.conf) then "edns0" and "trust-ad" are automatically
* added. * added, unless "_no-add-edns0" and "_no-add-trust-ad" are present.
* *
* Since: 1.2 * Since: 1.2
**/ **/

3
src/libnm-core-public/nm-setting-ip-config.h
View File

@@ -363,6 +363,9 @@ char *nm_ip_routing_rule_to_string(const NMIPRoutingRule *self,
#define NM_SETTING_DNS_OPTION_NO_RELOAD "no-reload" #define NM_SETTING_DNS_OPTION_NO_RELOAD "no-reload"
#define NM_SETTING_DNS_OPTION_TRUST_AD "trust-ad" #define NM_SETTING_DNS_OPTION_TRUST_AD "trust-ad"
#define NM_SETTING_DNS_OPTION_NO_AAAA "no-aaaa" #define NM_SETTING_DNS_OPTION_NO_AAAA "no-aaaa"
/* Internal options (not added to resolv.conf) */
#define NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_EDNS0 "_no-add-edns0"
#define NM_SETTING_DNS_OPTION_INTERNAL_NO_ADD_TRUST_AD "_no-add-trust-ad"
typedef struct _NMSettingIPConfigClass NMSettingIPConfigClass; typedef struct _NMSettingIPConfigClass NMSettingIPConfigClass;