DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4 Weeks Ago
juhal juhal is offline
Real Name: Justin DeWitt Hall
New User
 
Join Date: Dec 2021
Location: Portland Oregon
Posts: 8
Default Unable to set DNS server addresses

Greetings all, this is my very first post. I am a hobbyist, not a pro at this. My goal is to edit /etc/resolv.conf so as to use the open DNS servers 208.67.222.222 and 208.67.220.220. Currently /etc/resolv.conf points to my ISP's DNS servers which I don't want to use. I quickly learned that /etc/resolv.conf is created on the fly by the daemon dhclientd which in turn is governed by the file /etc/dhclient.conf. I didn't actually have a file named /etc/dhclient.conf and I suspect that is because I chose auto for setting up the network during the install of OpenBSD. However I found the example in /etc/examples. I copied the example into /etc and edited it with the line below

supersede domain-name-servers 208.67.222.222 208.67.220.220;

However after restarting the network service or even rebooting resolv.conf steadfastly remains pointing at the comcast DNS servers. I have tried several different ways of editing /etc/dhclient.conf using examples of others facing the same or similar issue that I found after google searching. Nothing appears to alter /etc/resolv.conf one iota. I am clearly missing something here, something I fear that is obvious. Any help or pointers in the right direction would be greatly appreciated.
Reply With Quote
  #2   (View Single Post)  
Old 4 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,469
Default

Hello, and welcome!
Quote:
Originally Posted by juhal View Post
I quickly learned that /etc/resolv.conf is created on the fly by the daemon dhclientd which in turn is governed by the file /etc/dhclient.conf.
I think you meant dhclient(8). However, this is no longer the case. Your best bet for up-to-date information is the OpenBSD FAQ, because OpenBSD 7.0-release changed IPv4 DHCP configuration and DNS resolution. Any third party information you are reading on the Internet may be out-of-date and misleading you.

With 7.0-release:
  • dhclient(8) is not used. It is still available for edge-case requirements.
  • Your resolv.conf(5) file is actively managed with a daemon called resolvd(8). If you've seen documentation referencing /etc/resolv.conf.tail, it is out-out-date as this .tail file is no longer used.
  • You can edit your resolv.conf(5) file to put your preferred nameservers at the top. Any nameservers learned by dhcpleased(8) will be added below, and accessed only if your preferred nameservers are unavailable.
  • You can use unwind(8) and its unwind.conf(5) to restrict forwarding resolution to only your preferred nameservers. resolvd(8) will recognize if unwind(8) is active and will set resolv.conf(5) to use unwind(8) as your resolver.

Last edited by jggimi; 4 Weeks Ago at 07:58 PM. Reason: clarity for unwind(8)
Reply With Quote
  #3   (View Single Post)  
Old 4 Weeks Ago
juhal juhal is offline
Real Name: Justin DeWitt Hall
New User
 
Join Date: Dec 2021
Location: Portland Oregon
Posts: 8
Default

Thank you! Ok so I was right, I am doing something obviously wrong. Make sure the documentation one is using is applicable to the version one is using, duh! Yes I am running openBSD 7.0 and I should have made that clear in my original post.
Unfortunately I am still stuck. I tried your suggestion of appending my desired DNS servers to the top of /etc/resolv.conf but the file immediately gets overwritten and they are removed. OK, I gather trying to edit /etc/resolv.conf is not going to be the way this is fixed. Next I enabled unwind by running...

rcctl enable unwind

After restarting the network service this changed my /etc/resolv.conf to this...

nameserver 127.0.0.1 # resolvd: unwind
#nameserver 75.75.75.75 # resolvd: em0
#nameserver 75.75.76.76 # resolvd: em0
#nameserver 2001:558:feed::1 # resolvd: em0
#nameserver 2001:558:feed::2 # resolvd: em0
#nameserver 2601:1c2:700:a5d0:470:5dff:fe3e:3aa0 # resolvd: em0
lookup file bind

Next up I have to edit unwind.conf to have it point to the desired DNS servers. Unfortunately there is no /etc/unwind.conf nor a sample file in /etc/examples. I gather I have to create one from scratch using the documentation provided. Is this assessment correct?
Reply With Quote
  #4   (View Single Post)  
Old 4 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,469
Default

Yes. The documentation -- the unwind.conf(5) man page -- should point you towards the `forwarder` directive.



Edited to add: the man page shows two examples -- in the MACROS section is an example with two standard domain nameservers, and in the EXAMPLES section is an example of a DNS-over-TLS ("DoT") nameserver.

Last edited by jggimi; 4 Weeks Ago at 11:55 PM.
Reply With Quote
  #5   (View Single Post)  
Old 4 Weeks Ago
juhal juhal is offline
Real Name: Justin DeWitt Hall
New User
 
Join Date: Dec 2021
Location: Portland Oregon
Posts: 8
Default

Thanks again. I am a total n00b! My experience is with Red Hat where systemd does everything for you. It took me a few tries but I got my unwind.conf file written. I made macros that defined server addresses and then had forwarder point to them. It works! I am accessing the forums on my VPN and every address resolves! Previously when connected to the VPN I could only ping sites, ICMP traffic was all I could get. Comcast's DNS would not work or it was insufferably slow.
Reply With Quote
  #6   (View Single Post)  
Old 4 Weeks Ago
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,469
Default

I'm glad you got it working!

I have 2 unbound(8) servers on my local network at 10.0.1.1*, and use DoT services from Quad9 also. This laptop's unwind.conf is:
Code:
forwarder {
        10.0.1.1
        9.9.9.9 authentication name dns.quad9.net DoT
        2620:fe::fe authentication name dns.quad9.net DoT
        }
force accept bogus stub {jggimi.net}
* The local nameservers share the same IP address through carp(4), configured as a master and backup.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can I use httpd to only allow IP addresses? openletter OpenBSD General 8 26th November 2020 01:42 PM
PHP 5.2.13 addresses security holes J65nko News 2 26th February 2010 10:22 PM
How to find available IP addresses? bigb89 Programming 16 20th August 2008 07:32 PM
Managing IP Addresses bigb89 FreeBSD General 8 28th May 2008 12:09 AM


All times are GMT. The time now is 12:54 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick