Unable to set DNS server addresses

[juhal]

Greetings all, this is my very first post. I am a hobbyist, not a pro at this. My goal is to edit /etc/resolv.conf so as to use the open DNS servers 208.67.222.222 and 208.67.220.220. Currently /etc/resolv.conf points to my ISP's DNS servers which I don't want to use. I quickly learned that /etc/resolv.conf is created on the fly by the daemon dhclientd which in turn is governed by the file /etc/dhclient.conf. I didn't actually have a file named /etc/dhclient.conf and I suspect that is because I chose auto for setting up the network during the install of OpenBSD. However I found the example in /etc/examples. I copied the example into /etc and edited it with the line below

supersede domain-name-servers 208.67.222.222 208.67.220.220;

However after restarting the network service or even rebooting resolv.conf steadfastly remains pointing at the comcast DNS servers. I have tried several different ways of editing /etc/dhclient.conf using examples of others facing the same or similar issue that I found after google searching. Nothing appears to alter /etc/resolv.conf one iota. I am clearly missing something here, something I fear that is obvious. Any help or pointers in the right direction would be greatly appreciated.

[jggimi]

Hello, and welcome!

Quote:

Originally Posted by juhal

I quickly learned that /etc/resolv.conf is created on the fly by the daemon dhclientd which in turn is governed by the file /etc/dhclient.conf.

I think you meant dhclient(8). However, this is no longer the case. Your best bet for up-to-date information is the OpenBSD FAQ, because OpenBSD 7.0-release changed IPv4 DHCP configuration and DNS resolution. Any third party information you are reading on the Internet may be out-of-date and misleading you.

With 7.0-release:

• dhclient(8) is not used. It is still available for edge-case requirements.
• Your resolv.conf(5) file is actively managed with a daemon called resolvd(8). If you've seen documentation referencing /etc/resolv.conf.tail, it is out-out-date as this .tail file is no longer used.
• You can edit your resolv.conf(5) file to put your preferred nameservers at the top. Any nameservers learned by dhcpleased(8) will be added below, and accessed only if your preferred nameservers are unavailable.
• You can use unwind(8) and its unwind.conf(5) to restrict forwarding resolution to only your preferred nameservers. resolvd(8) will recognize if unwind(8) is active and will set resolv.conf(5) to use unwind(8) as your resolver.

[juhal]

Thank you! Ok so I was right, I am doing something obviously wrong. Make sure the documentation one is using is applicable to the version one is using, duh! Yes I am running openBSD 7.0 and I should have made that clear in my original post.
Unfortunately I am still stuck. I tried your suggestion of appending my desired DNS servers to the top of /etc/resolv.conf but the file immediately gets overwritten and they are removed. OK, I gather trying to edit /etc/resolv.conf is not going to be the way this is fixed. Next I enabled unwind by running...

rcctl enable unwind

After restarting the network service this changed my /etc/resolv.conf to this...

nameserver 127.0.0.1 # resolvd: unwind
#nameserver 75.75.75.75 # resolvd: em0
#nameserver 75.75.76.76 # resolvd: em0
#nameserver 2001:558:feed::1 # resolvd: em0
#nameserver 2001:558:feed::2 # resolvd: em0
#nameserver 2601:1c2:700:a5d0:470:5dff:fe3e:3aa0 # resolvd: em0
lookup file bind

Next up I have to edit unwind.conf to have it point to the desired DNS servers. Unfortunately there is no /etc/unwind.conf nor a sample file in /etc/examples. I gather I have to create one from scratch using the documentation provided. Is this assessment correct?

[jggimi]

Yes. The documentation -- the unwind.conf(5) man page -- should point you towards the `forwarder` directive.



Edited to add: the man page shows two examples -- in the MACROS section is an example with two standard domain nameservers, and in the EXAMPLES section is an example of a DNS-over-TLS ("DoT") nameserver.

[juhal]

Thanks again. I am a total n00b! My experience is with Red Hat where systemd does everything for you. It took me a few tries but I got my unwind.conf file written. I made macros that defined server addresses and then had forwarder point to them. It works! I am accessing the forums on my VPN and every address resolves! Previously when connected to the VPN I could only ping sites, ICMP traffic was all I could get. Comcast's DNS would not work or it was insufferably slow.

[jggimi]

I'm glad you got it working!

I have 2 unbound(8) servers on my local network at 10.0.1.1*, and use DoT services from Quad9 also. This laptop's unwind.conf is:

Code:

forwarder {
        10.0.1.1
        9.9.9.9 authentication name dns.quad9.net DoT
        2620:fe::fe authentication name dns.quad9.net DoT
        }
force accept bogus stub {jggimi.net}

* The local nameservers share the same IP address through carp(4), configured as a master and backup.