On 2021-07-17, Sonic <sonicsm...@gmail.com> wrote: > Ah yes, my bad, had a line without the parens around the dhcp > interface reference. > This issue is resolved. > Oddly enough it never affected many previous snapshots which used > dhcpcd in place of dhcpleased.
OpenBSD never had dhcpcd in base, if you had configured to use dhcpcd (which is in packages) this change wouldn't have affected you. > The issue with resolved is still a bit perplexing as if I allow it to > run it insists on prepending my ISP nameservers to the resolv.conf > file which breaks the system. > Before the change: >======================== > # Generated by em0 dhclient > search example.com > nameserver 127.0.0.1 > lookup file bind > family inet4 >======================== > # $OpenBSD: dhclient.conf,v 1.2 2017/10/16 23:43:41 krw Exp $ > supersede domain-name "example.com"; > supersede domain-name-servers 127.0.0.1; > request subnet-mask, broadcast-address, routers; > require subnet-mask, routers; >======================== The only configuration option for dhcpleased is whether or not the interface has "inet autoconf" or not. It does not use dhclient.conf at all. The only configuration "option" for resolvd is that if unwind is running, it will write 127.0.0.1 to resolv.conf instead of the learned address. If you need something more than that then dhclient is still available (you will need to use e.g. "!/sbin/dhclient <interface>" in hostname.if because plain "dhcp" now enables dhcpleased instead). Or there are alternatives in packages, though if kernel ABIs change you may have no net until you can get packages updated, so I'd advise having out-of-band access if you do that on a remote machine. > After the change with dhcpleased and resolvd: >======================== > nameserver 75.75.75.75 # resolvd: em0 > nameserver 75.75.76.76 # resolvd: em0 > # Generated by em0 dhclient > search example.com > nameserver 127.0.0.1 > lookup file bind > family inet4 >======================== > > I run nsd and unbound on this system, unbound listens on the loopback > and on the internal interface to serve the network, it uses stub zones > to the local nsd and to a bunch of other internal network dns servers > connected via site-to-site vpn tunnels. > My ISP's nameservers have no clue about my internal systems or the > other vpn connected internal systems that I need to resolve and there > should be someway to prevent the ISP's nameservers from being force > prepended to resolv.conf as the supersedes in dhclient.conf are > apparently ignored. > The workaround I found is resolvd_flags=NO in rc.conf.local > eliminating the prepending of the ISP nameservers. That's one workaround. Another is to run unwind with an explicit configuration directing traffic to your local resolver. > If there's a more acceptable proper OpenBSD solution it would be > preferred but at this point I don't see what it is. > > Chris > >
