Global nameservers or alternative to / change in FallbackNameservers

Global nameservers or alternative to / change in FallbackNameservers

[Richard Sent]

Hi all,

I'm using Connman with --nodnsproxy on a virtual private server where
the DNS servers discovered via DHCP have inconsistent availability. I
thought I could resolve this by setting FallbackNameservers. However,
this setting is only used when DHCP does not provide DNS at all, as
opposed to my initial thinking of using it as a fallback in case the
DHCP discovered DNS servers fail.

> # List of fallback nameservers separated by "," used if no
> # nameservers are otherwise provided by the service. The
> # nameserver entries must be in numeric format, host
> # names are ignored.
> # FallbackNameservers =

This results in a resolv.conf containing only the nonfunctional DHCP
discovered DNS servers and not my fallback DNS. I could configure
nameservers on a per-connection basis, but this is frustrating to have
to do on a system that could be deployed to different hosters that may
enumerate the network interfaces differently.

There does seem to be some demand for a way to set global nameservers,
as opposed to per-connection [1]. This case is even worse to do manually
because it discusses a laptop which roams between connections
constantly.

If breaking backwards compatibility with the old FallbackNameservers
behavior is considered unacceptable, I propose a GlobalNameservers
setting in connman.conf.

I do see a line in service-api.txt that implies global nameservers are
in fact already a thing, but can't find any other references to them.
This comment was added back in 2010, before FallbackNameservers was
added.

> Global nameservers are automatically added to this
> list. The array represents a sorted list of the
> current nameservers. The first one has the highest
> priority and is used by default.

Thanks

[1]: https://www.antixforum.com/forums/topic/set-default-dns-for-all-users-ethernet-wifi-connections/

-- 
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.

Re: Global nameservers or alternative to / change in FallbackNameservers

[Richard Sent]

Hi Keith,

KeithG <ys3al35l@gmail.com> writes:

> Might this be where we recompile to use systemd-resolved? This is what
> I do so that I have control over DNS. It's in the docs. It would be
> nice, though if this were a runtime setting instead of a compile time
> flag.

Thanks for the suggestion! In my case I'm both on a non-systemd distro
(Guix System) and using --nodnsproxy so that's not an option, but it's
good to know it exists.

systemd-resolved support was added in 2018 (972e16af), while the comment
mentioning the mysterious seemingly-unimplemented global nameservers was
2010 (1cdd39b9). I think needing to change the entire DNS backend to use
a global nameserver instead of DHCP-discovered ones is a bit much to
ask, so a runtime setting would be lovely. :)

-- 
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.

Re: Global nameservers or alternative to / change in FallbackNameservers

[Grant Erickson]

On Jun 16, 2024, at 8:47 AM, Richard Sent <richard@freakingpenguin.com> wrote:
> I'm using Connman with --nodnsproxy on a virtual private server where
> the DNS servers discovered via DHCP have inconsistent availability. I
> thought I could resolve this by setting FallbackNameservers. However,
> this setting is only used when DHCP does not provide DNS at all, as
> opposed to my initial thinking of using it as a fallback in case the
> DHCP discovered DNS servers fail.
> 
>> # List of fallback nameservers separated by "," used if no
>> # nameservers are otherwise provided by the service. The
>> # nameserver entries must be in numeric format, host
>> # names are ignored.
>> # FallbackNameservers =
> 
> This results in a resolv.conf containing only the nonfunctional DHCP
> discovered DNS servers and not my fallback DNS. I could configure
> nameservers on a per-connection basis, but this is frustrating to have
> to do on a system that could be deployed to different hosters that may
> enumerate the network interfaces differently.
> 
> There does seem to be some demand for a way to set global nameservers,
> as opposed to per-connection [1]. This case is even worse to do manually
> because it discusses a laptop which roams between connections
> constantly.
> 
> If breaking backwards compatibility with the old FallbackNameservers
> behavior is considered unacceptable, I propose a GlobalNameservers
> setting in connman.conf.
> 
> I do see a line in service-api.txt that implies global nameservers are
> in fact already a thing, but can't find any other references to them.
> This comment was added back in 2010, before FallbackNameservers was
> added.
> 
>> Global nameservers are automatically added to this
>> list. The array represents a sorted list of the
>> current nameservers. The first one has the highest
>> priority and is used by default.

Richard,

I agree with your conclusion; in running down a similar issue, I’d wrote a note to myself in an internal tracking issue to the effect of:

    In the process of working on <redacted>, I’ve discovered that this is by design.

    “Fallback Name Servers” are only used if there are no automatic (assigned by DHCP or
    per-service configured name servers).

    What would be required here would be a new setting, ‘PreferredNameServers', that would
    take precedence over assigned by DHCP or per-service configured name servers and effectively
    would override per-service configured name servers.

The same applies to time servers. So I can see a general configuration pattern where:

    Fallback{Name,Time}servers
        Use these {name,time} servers if the DHCP server does not provide one.

    {Global,Preferred}{Name,Time}servers
        Always use these {name,time} servers, prepending them to the front of
        their respective lists, even if the DHCP server does provide one.

I’m partial to ‘Preferred’ but could see where ‘Global’ might also be a good description.

Best,

Grant 

-- 
Principal
Nuovations

gerickson@nuovations.com
https://www.nuovations.com/