systemd-resolved

1st Official Post

    I'm looking at a problem with my VPN add-on that sees the DNS not get updated to the VPN provider DNS servers on connection.

    I *think* that the openvpn team have basically decided that it's not their job to do it, so there's a script to go run on connection which appears use systemd-resolved to force the update to happen. I'm far from an expert on Linux and systemd, but it looks like systemd-resolved is not included with the standard LE build (I'm using the RPi one) so the script basically fails.

    Am I right? Is there a reason why this was excluded? Is there an alternative way (short of rolling my own build which is a rat hole I don't want to go down just now).

    Thanks for any shoves in any direction, I'm totally at a loss.

    • Official Post

    Correct, we don't build systemd with resolved support so it's not present. I guess the main reason is partly 'legacy' because when we first started to use systemd 'resolved' didn't exist, and since we have minimalist tendencies and the current arrangement works, there's never been a major reason to use/need it. I've always seen VPN services run up/down scripts, although that normally requires the VPN service conf to be modified to include those instructions. I'm not sure how you do connections, but I would always treat the user provided conf (or something from a known list) as a starting template that's copied to a working location and then parsed/modified to add features like up/down scripts before being 'executed' to start the connection.

    Ok, thanks for the clarification chewitt. I "understand" the use of the up/down scripts, and had been looking at GitHub - jonathanio/update-systemd-resolved: Helper script for OpenVPN to directly update the DNS settings of a link through systemd-resolved via DBus. which is why I was asking about resolved support. Previously it had been GitHub - masterkorp/openvpn-update-resolv-conf: Script that updates DNS settings are pushed by the OpenVPN server, but everything I've ready says update-systemd-resovled since version 229 of systemd.

    My initial read of the script is that it *somehow* gets the DNS settings returned from the VPN provider, and then updates the system with these settings. Assuming I can work out the bit which retrieves the DNS settings, is there some legitimate way I can update the DNS settings as if I was changing it in the LE configuration interface which wouldn't fight against whatever LE is doing to set the DNS settings?

    • Official Post

    LE uses connmand to manage network things, and connman supports configuration of DNS servers through dbus or the connmanctl local console interface which is scriptable but less sophisticated. Have a look at the LE settings addon for an example of a connman/dbus agent in python.