WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* wg-quick invoking resolvectl instead of resolvconf on systems where that is appropriate?
@ 2019-09-10 18:50 Daniel Kahn Gillmor
  2019-09-10 18:52 ` Jason A. Donenfeld
  0 siblings, 1 reply; 5+ messages in thread
From: Daniel Kahn Gillmor @ 2019-09-10 18:50 UTC (permalink / raw)
  To: WireGuard mailing list; +Cc: Willem van den Akker, Michael Biebl

[-- Attachment #1.1: Type: text/plain, Size: 1083 bytes --]

Hi Wireguard folks--

over in https://bugs.debian.org/939904, Michael Biebl (in cc) pointed
out that on GNU/Linux systems supervised by systemd, if systemd-resolved
is running, it might make more sense for wg-quick to invoke resolvectl
directly with the DNS parameter instead of depending on resolvectl's
resolvconf-like symlink shim.

Jason, is that something that you'd be ok with, or is wg-quick wedded to
resolvconf, even if resolvectl is available and there is no resolvconf?
(and if you're ok with it, but if both exist, do you have a preference
for which one should be used?)

Is anyone interested in hacking on src/tools/wg-quick/linux.bash to
enable this?  I think the command should be pretty simple -- the main
things to get right are detection of subsystem availability and conflict
resolution.

I guess my preference would be something like:

 * if resolvectl exists, try to use it.  if it succeeds, done.  (it
   might fail if systemd-resolved is not running, for example)

 * otherwise, try using resolvconf.

but of course this is Jason's call to make.

       --dkg

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: wg-quick invoking resolvectl instead of resolvconf on systems where that is appropriate?
  2019-09-10 18:50 wg-quick invoking resolvectl instead of resolvconf on systems where that is appropriate? Daniel Kahn Gillmor
@ 2019-09-10 18:52 ` Jason A. Donenfeld
  2019-09-10 21:12   ` Daniel Kahn Gillmor
  2019-09-10 21:22   ` Michael Biebl
  0 siblings, 2 replies; 5+ messages in thread
From: Jason A. Donenfeld @ 2019-09-10 18:52 UTC (permalink / raw)
  To: Daniel Kahn Gillmor
  Cc: Willem van den Akker, Michael Biebl, WireGuard mailing list

[-- Attachment #1.1: Type: text/plain, Size: 243 bytes --]

The standard interface for modifying DNS on Linux is resolvconf. It is for
this reason that systemd added the compatibility layer. Debian should
install the proper symlink. WireGuard upstream will support the standard
mechanism of resolvconf.

[-- Attachment #1.2: Type: text/html, Size: 276 bytes --]

<div dir="ltr"><div>The standard interface for modifying DNS on Linux is resolvconf. It is for this reason that systemd added the compatibility layer. Debian should install the proper symlink. WireGuard upstream will support the standard mechanism of resolvconf.</div></div>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: wg-quick invoking resolvectl instead of resolvconf on systems where that is appropriate?
  2019-09-10 18:52 ` Jason A. Donenfeld
@ 2019-09-10 21:12   ` Daniel Kahn Gillmor
  2019-09-10 21:22   ` Michael Biebl
  1 sibling, 0 replies; 5+ messages in thread
From: Daniel Kahn Gillmor @ 2019-09-10 21:12 UTC (permalink / raw)
  To: Jason A. Donenfeld
  Cc: Willem van den Akker, Michael Biebl, WireGuard mailing list

[-- Attachment #1.1: Type: text/plain, Size: 1041 bytes --]

On Tue 2019-09-10 14:52:32 -0400, Jason A. Donenfeld wrote:
> The standard interface for modifying DNS on Linux is resolvconf. It is for
> this reason that systemd added the compatibility layer. Debian should
> install the proper symlink. WireGuard upstream will support the standard
> mechanism of resolvconf.

OK, that answers that :)

I suspect there are more GNU/Linux systems in the world right now that
have resolvectl installed than have all versions of resolvconf installed
put together, but if you'd rather that wg-quick depends on the
interpretation of the resolvconf interface on the given system, that
works for me.

I'm sure you understand that debian can't ship the resolvconf symlink
directly in the systemd package because it would conflict with the
resolvconf and openresolv packages; but i'll follow up over in
https://bugs.debian.org/939904 to see if we can figure out a way to ship
a separate binary package from the same source that automatically
enables this support.

thanks for the prompt followup,

           --dkg

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: wg-quick invoking resolvectl instead of resolvconf on systems where that is appropriate?
  2019-09-10 18:52 ` Jason A. Donenfeld
  2019-09-10 21:12   ` Daniel Kahn Gillmor
@ 2019-09-10 21:22   ` Michael Biebl
  2019-09-11 18:40     ` Roy Marples
  1 sibling, 1 reply; 5+ messages in thread
From: Michael Biebl @ 2019-09-10 21:22 UTC (permalink / raw)
  To: Jason A. Donenfeld, Daniel Kahn Gillmor
  Cc: Willem van den Akker, WireGuard mailing list

[-- Attachment #1.1.1: Type: text/plain, Size: 1007 bytes --]

Hi

Am 10.09.19 um 20:52 schrieb Jason A. Donenfeld:
> The standard interface for modifying DNS on Linux is resolvconf. It is
> for this reason that systemd added the compatibility layer. 

I don't think this statemement is true.
resolvconf is by no means a Linux standard interface, e.g. Debian never
has shipped with resolvconf installed by default.

It's an optional interface (where different implementations exist).

I think the only distro that ever installed resolvconf by default is
Ubuntu (and I'm not sure they still do on all flavors nowadays).

Which distros nowadays do install resolvconf by default?

> Debian
>> should install the proper symlink. WireGuard upstream will support the
>> standard mechanism of resolvconf.

We can't do that (at least not in the systemd package) as that would
make other implementations like openresolv uninstallable.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: wg-quick invoking resolvectl instead of resolvconf on systems where that is appropriate?
  2019-09-10 21:22   ` Michael Biebl
@ 2019-09-11 18:40     ` Roy Marples
  0 siblings, 0 replies; 5+ messages in thread
From: Roy Marples @ 2019-09-11 18:40 UTC (permalink / raw)
  To: wireguard

I'm not subbed to this list, so please include me directly in any 
replies. Disclaimer - I'm upstream for openresolv.

Michael Biebl wrote this here:
https://lists.zx2c4.com/pipermail/wireguard/2019-September/004524.html

You absolutely correct in that resolvconf is not a standard Linux 
interface - it works just fine on the BSD family as well. Infact it 
works on every POSIX environment as it just requires a Bourne Shell.
It ships by default since NetBSD-6, FreeBSD-9, DragonFlyBSD, etc - it's 
not optional on these BSD's.

Let us also not forget that resolvectl is either just as optional as 
resolvconf on Linux or just not available due to a lack of systemd. 
Examples would include Gentoo, Alpine, OpenWRT, Void Linux, Slackware, 
Devuan ... I could go on, but you get the idea.

However, I will argue that resolvconf is *the standard* modifying DNS 
interface - Debian itself shipped the default DHCP client (dhclient) 
with scripts to interface with resolvconf and the VPN and PPP clients as 
well. Gentoo does as well, because I added support for it many years 
ago. This work all predates systemd, network manager, etc.

So while it might not be installed by default, it is certainly very well 
supported and recommended.

I'll also note that just by looking at the man page, resolvctl seems to 
be lacking important privacy options in it's resolvconf (or rather) 
emulation mode so if you want to push this, better support those options!

Anyway, all this being said I would agree that supporting both systems 
*at runtime* is the better approach. openresolv does this with init 
systems, including systemd.

Roy
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-10 18:50 wg-quick invoking resolvectl instead of resolvconf on systems where that is appropriate? Daniel Kahn Gillmor
2019-09-10 18:52 ` Jason A. Donenfeld
2019-09-10 21:12   ` Daniel Kahn Gillmor
2019-09-10 21:22   ` Michael Biebl
2019-09-11 18:40     ` Roy Marples

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox