[PR #115] [CLOSED] dns/platform: prefer systemd-resolved when NSS routes through it #573

New Issue

Closed

opened 2026-04-29 17:05:33 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-29 17:05:33 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/fosrl/olm/pull/115
Author: @andusystems-dev-0
Created: 4/21/2026
Status: ❌ Closed

Base: main ← Head: fix/nsswitch-prefer-resolved

---

📝 Commits (1)

• c85dbf6 dns/platform: prefer systemd-resolved when NSS routes through it

📊 Changes

2 files changed (+171 additions, -1 deletions)

View changed files

📝 dns/platform/detect_unix.go (+85 -1)
➕ dns/platform/detect_unix_test.go (+86 -0)

📄 Description

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Summary

• On distributions whose /etc/nsswitch.conf hosts line consults resolve ahead of dns with [!UNAVAIL=return] (Arch Linux default, among others), writing /etc/resolv.conf via NetworkManager or resolvconf has no effect on hostname resolution — NSS asks systemd-resolved first, resolved has no DNS for the tunnel interface, and the action clause halts fallthrough to the dns service. Tunnel-only hostnames silently return NXDOMAIN.
• DetectDNSManager now checks the NSS hosts line and, when resolved dominates, returns SystemdResolvedManager so the existing D-Bus-based SystemdResolvedDNSConfigurator takes over (it already calls SetDNS / SetDomains(".", MatchOnly:true) / SetDefaultRoute(true), which is what's needed here).

Full reproduction, symptoms, and root-cause analysis are in #114.

Changes

• dns/platform/detect_unix.go:
  • Add nsswitchPrefersResolved() that parses /etc/nsswitch.conf's hosts line and returns true when resolve precedes dns or dns is absent (ignoring action clauses like [!UNAVAIL=return]).
  • In DetectDNSManager, consult it in the NetworkManagerManager and ResolvconfManager branches. When systemd-resolved is running and NSS routes through it, return SystemdResolvedManager.
• dns/platform/detect_unix_test.go: table-driven tests for nsswitchPrefersResolved covering the Arch default line, resolve-only, dns-only, reversed order, commented lines, indented lines, and missing file.

No new dependencies; no public API change.

Test plan

• go build ./...
• go vet ./...
• go test ./dns/platform/... (8 subtests for nsswitchPrefersResolved, all pass)
• On-device: confirmed on Arch Linux that running resolvectl dns <iface> 100.96.128.1 + resolvectl domain <iface> '~<internal>' restores resolution — i.e. the path this PR takes automatically
• Maintainer sanity-check on Debian/Ubuntu (classic hosts: files dns) and Fedora (systemd-resolved primary) to confirm no regression in the non-Arch cases

Closes #114

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/olm/pull/115 **Author:** [@andusystems-dev-0](https://github.com/andusystems-dev-0) **Created:** 4/21/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `fix/nsswitch-prefer-resolved` --- ### 📝 Commits (1) - [`c85dbf6`](https://github.com/fosrl/olm/commit/c85dbf66761163a9297c50786dd1125397c9af1e) dns/platform: prefer systemd-resolved when NSS routes through it ### 📊 Changes **2 files changed** (+171 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `dns/platform/detect_unix.go` (+85 -1) ➕ `dns/platform/detect_unix_test.go` (+86 -0) </details> ### 📄 Description By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Summary - On distributions whose `/etc/nsswitch.conf` hosts line consults `resolve` ahead of `dns` with `[!UNAVAIL=return]` (Arch Linux default, among others), writing `/etc/resolv.conf` via NetworkManager or resolvconf has no effect on hostname resolution — NSS asks systemd-resolved first, resolved has no DNS for the tunnel interface, and the action clause halts fallthrough to the `dns` service. Tunnel-only hostnames silently return NXDOMAIN. - `DetectDNSManager` now checks the NSS hosts line and, when resolved dominates, returns `SystemdResolvedManager` so the existing D-Bus-based `SystemdResolvedDNSConfigurator` takes over (it already calls `SetDNS` / `SetDomains(".", MatchOnly:true)` / `SetDefaultRoute(true)`, which is what's needed here). Full reproduction, symptoms, and root-cause analysis are in #114. ## Changes - `dns/platform/detect_unix.go`: - Add `nsswitchPrefersResolved()` that parses `/etc/nsswitch.conf`'s hosts line and returns true when `resolve` precedes `dns` or `dns` is absent (ignoring action clauses like `[!UNAVAIL=return]`). - In `DetectDNSManager`, consult it in the `NetworkManagerManager` and `ResolvconfManager` branches. When systemd-resolved is running **and** NSS routes through it, return `SystemdResolvedManager`. - `dns/platform/detect_unix_test.go`: table-driven tests for `nsswitchPrefersResolved` covering the Arch default line, resolve-only, dns-only, reversed order, commented lines, indented lines, and missing file. No new dependencies; no public API change. ## Test plan - [x] `go build ./...` - [x] `go vet ./...` - [x] `go test ./dns/platform/...` (8 subtests for `nsswitchPrefersResolved`, all pass) - [x] On-device: confirmed on Arch Linux that running `resolvectl dns <iface> 100.96.128.1` + `resolvectl domain <iface> '~<internal>'` restores resolution — i.e. the path this PR takes automatically - [ ] Maintainer sanity-check on Debian/Ubuntu (classic `hosts: files dns`) and Fedora (systemd-resolved primary) to confirm no regression in the non-Arch cases Closes #114 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-29 17:05:33 -05:00

GiteaMirror closed this issue 2026-04-29 17:05:33 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

dependabot/docker/minor-updates-1134f52710

dependabot/go_modules/patch-updates-2590a23007

dependabot/github_actions/actions/cache-5.0.3

dependabot/github_actions/actions/checkout-6.0.2

dependabot/github_actions/docker/login-action-3.7.0

dependabot/github_actions/actions/attest-build-provenance-3.2.0

dependabot/github_actions/actions/setup-go-6.2.0

1.5.0

v1.5.0

1.4.4

v1.4.4

1.4.3

v1.4.3

1.4.2

v1.4.2

1.4.1

v1.4.1

1.4.0

v1.4.0

v1.3.0

1.3.0

1.3.0-rc.0

1.2.0

1.2.0-rc.0

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

bug

dependencies

documentation

enhancement

good first issue

help wanted

needs investigating

pull-request

Mirrored from GitHub Pull Request

stale

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/olm#573