Updated: 2025/Nov/16
Please read Privacy Policy. It's for your privacy.
RESOLVCONF(8) System Manager's Manual RESOLVCONF(8)
NAME
resolvconf - a framework for managing multiple DNS configurations
SYNOPSIS
resolvconf -I
resolvconf [-m metric] [-p] [-x] -a key <file
resolvconf -C pattern
resolvconf -c pattern
resolvconf [-f] -d key
resolvconf [-x] -iLlp pattern
resolvconf -u
resolvconf --version
DESCRIPTION
resolvconf manages resolv.conf(5) files from multiple sources, such as
DHCP and VPN clients. Traditionally, the host runs just one client and
that updates /etc/resolv.conf. More modern systems frequently have wired
and wireless interfaces and there is no guarantee both are on the same
network. With the advent of VPN and other types of networking daemons,
many things now contend for the contents of /etc/resolv.conf.
resolvconf solves this by letting the daemon send their resolv.conf(5)
file to resolvconf via stdin(4) with the argument -a key instead of the
filesystem. resolvconf then updates /etc/resolv.conf as it thinks best.
When a local resolver other than libc is installed, such as dnsmasq(8) or
named(8), then resolvconf will supply files that the resolver should be
configured to include.
At it's heart, resolvconf is a key/value store for resolv.conf files.
Each entry must have a unique key and should be expressed as
interface.protocol so that it's easy to tell from where the resolv.conf
file came from. This also allows using pattern matching such as
interface.* to match all protocols running on the interface. For
example, a modern system will likely run DHCP, RA and DHCPv6 which could
be from separate programs or one program running many protocols.
However, this is not a fixed requirement, resolvconf will work with any
key name and it should be treated as an opaque value outside of
resolvconf.
resolvconf assumes it has a job to do. In some situations resolvconf
needs to act as a deterrent to writing to /etc/resolv.conf. Where this
file cannot be made immutable or you just need to toggle this behaviour,
resolvconf can be disabled by adding resolvconf=NO to resolvconf.conf(5).
resolvconf can mark a resolv.conf as private and optionally non-
searchable. This means that the name servers listed in that resolv.conf
are only used for queries against the domain/search listed in the same
file and if non-searchable then the domain/search listed are excluded
from the global search list defined in /etc/resolv.conf. This only works
when a local resolver other than libc is installed. See
resolvconf.conf(5) for how to configure resolvconf to use a local name
server and how to remove the private marking.
resolvconf can mark a resolv.conf as exclusive. Only the latest
exclusive key is used for processing, otherwise all are.
When a configuration source goes away, such as an interface going down or
a VPN stopping, it should then call resolvconf with -d key arguments to
clean up the resol.conf it added previously. For systems that support
the concept of persisting configuration when the source is suspended,
such as the carrier going down, then it should instead call resolvconf
with -C key arguments to deprecate the entry -c key to activate the entry
when it comes back again. This only affects the order in which the
resolv.conf entries are processed.
Here are some options for the above commands:-
-f Ignore non existent resolv.conf entries. Only really useful
for deleting.
-m metric Set the metric of the resolv.conf entry when adding it,
default of 0. Lower metrics take precedence. This affects
the default order of entires when listed.
-p [pattern]
Marks the resolv.conf as private if the -a command is given,
otherwise resolv.conf entries having their key matching
pattern are listed. If an extra -p is given then the
resolv.conf is marked as non-searchable as well.
-x Mark the resolv.conf as exclusive when adding, otherwise
only use the latest exclusive key.
resolvconf has some more commands for general usage:-
-i [pattern]
List the keys stored, optionally matching pattern, we have
resolv.conf files for. If the -L option is given first,
then the keys will be list post-processed.
-L [pattern]
List the resolv.conf files we have, post-processed by the
resolvconf.conf(5) configuration. If pattern is specified
then we list the files for the keys which match it.
-l [pattern]
List the resolv.conf files we have. If pattern is specified
then we list the files for the keys which match it. that
match it.
-u Force resolvconf to update all its subscribers. resolvconf
does not update the subscribers when adding a resolv.conf
that matches what it already has for that key.
--version Echo the resolvconf version to stdout.
resolvconf also has some commands designed to be used by its subscribers
and system startup:-
-I Initialise the state directory /var/run/resolvconf. This
only needs to be called if the initial system boot sequence
does not automatically clean it out; for example the state
directory is moved somewhere other than /var/run. If used,
it should only be called once as early in the system boot
sequence as possible and before resolvconf is used to add
entries.
-R Echo the command used to restart a service.
-r service If the service is running then restart it. If the service
does not exist or is not running then zero is returned,
otherwise the result of restarting the service.
-v Echo variables DOMAINS, SEARCH and NAMESERVERS so that the
subscriber can configure the resolver easily.
-V Same as -v except that only the information configured in
resolvconf.conf(5) is set.
RESOLV.CONF ORDERING
For resolvconf to work effectively, it has to process the resolv.conf
entries in the correct order. resolvconf first processes keys from the
key_order list, then entries without a metric and that match the
dynamic_order list, then entries with a metric in order and finally the
rest in the operating systems lexical order. See resolvconf.conf(5) for
details on these lists.
PROTOCOLS
Here are some suggested protocol tags to use for each resolv.conf
dhcp Dynamic Host Configuration Protocol.
ppp Point-to-Point Protocol.
ra IPv6 Router Advertisement.
dhcp6 Dynamic Host Configuration Protocol, version 6.
IMPLEMENTATION NOTES
If a subscriber has the executable bit then it is executed otherwise it
is assumed to be a shell script and sourced into the current environment
in a subshell. This is done so that subscribers can remain fast, but are
also not limited to the shell language.
Portable subscribers should not use anything outside of /bin and /sbin
because /usr and others may not be available when booting. Also, it
would be unwise to assume any shell specific features.
ENVIRONMENT
IF_METRIC
If the -m option is not present then we use IF_METRIC for the metric.
IF_PRIVATE
Marks the resolv.conf as private.
IF_NOSEARCH
Marks the resolv.conf as non-searchable.
IF_EXCLUSIVE
Marks the resolv.conf as exclusive.
FILES
/etc/resolv.conf.bak
Backup file of the original resolv.conf.
/etc/resolvconf.conf
Configuration file for resolvconf.
/libexec/resolvconf
Directory of subscribers which are run every time resolvconf adds,
deletes or updates.
/libexec/resolvconf/libc.d
Directory of subscribers which are run after the libc subscriber is run.
/var/run/resolvconf
State directory for resolvconf.
NOTES
Domain labels are assumed to be in ASCII and are converted to lower case
to avoid duplicate zones when given differing case from different
sources.
When running a local resolver other than libc, you will need to configure
it to include files that resolvconf will generate. You should consult
resolvconf.conf(5) for instructions on how to configure your resolver.
SEE ALSO
resolver(3), stdin(4), resolv.conf(5), resolvconf.conf(5)
HISTORY
This implementation of resolvconf is called openresolv and is fully
command line compatible with Debian's resolvconf, as written by Thomas
Hood.
AUTHORS
Roy Marples <roy@marples.name>
BUGS
Please report them to http://roy.marples.name/projects/openresolv
NetBSD 11.99 April 30, 2025 NetBSD 11.99