FreeBSD Manual Pages
RESOLVCONF.CONF(5) File Formats Manual RESOLVCONF.CONF(5) NAME resolvconf.conf -- resolvconf configuration file DESCRIPTION resolvconf.conf is the configuration file for resolvconf(8). The resolvconf.conf file is a shell script that is sourced by resolvconf(8), meaning that resolvconf.conf must contain valid shell commands. Listed below are the standard resolvconf.conf variables that may be set. If the values contain whitespace, wildcards or other spe- cial shell characters, ensure they are quoted and escaped correctly. See the replace variable for an example on quoting. After updating this file, you may wish to run resolvconf -u to apply the new configuration. When a dynamically generated list is appended or prepended to, the whole is made unique where left-most wins. RESOLVCONF OPTIONS resolvconf Set to NO to disable resolvconf from running any subscribers. Defaults to YES. allow_keys If set, only these keys will be processed. deny_keys If set, these keys will not be processed. exclude Is a space separated list of key/value pairs to match. If all key/value pairs in one element can be found in the file, then the whole file will be excluded from processing. The syntax is this: $keyword/$match[/$keyword/$match] For example given this configuration: exclude="search/foo*/nameserver/1.2.3.4 search/bar.org" Then any resolv.conf with both a search option starting with foo with a nameserver of 1.2.3.4 OR a search option of bar.org would be excluded. key_order These keys will always be processed first. If unset, defaults to the following: lo lo[0-9]* dynamic_order These keys will be processed next, unless they have a metric. If unset, defaults to the following: tap[0-9]* tun[0-9]* vpn vpn[0-9]* wg[0-9]* ppp[0-9]* ippp[0-9]* inclusive_keys Ignore any exclusive marking for these keys. This is handy when 3rd party integrations force the resolvconf -x option and you want to disable it easily. local_nameservers If unset, defaults to the following: 127.* 0.0.0.0 255.255.255.255 ::1 search_domains Prepend search domains to the dynamically generated list. search_domains_append Append search domains to the dynamically generated list. domain_blacklist A list of domains to be removed from consideration. To remove a domain, you can use foo.* To remove a sub domain, you can use *.bar name_servers Prepend name servers to the dynamically generated list. You should set this to 127.0.0.1 if you use a local name server other than libc. name_servers_append Append name servers to the dynamically generated list. name_server_blacklist A list of name servers to be removed from consideration. The default is 0.0.0.0 as some faulty routers send it via DHCP. To remove a block, you can use 192.168.* private_keys These keys name servers will only be queried for the domains listed in their resolv.conf. Useful for VPN domains. Setting private_keys="*" will stop the forwarding of the root zone and allows the local resolver to recursively query the root servers directly. Requires a local nameserver other than libc. This is equivalent to the resolvconf -p option. nosearch_keys These keys domains/search won't be added to the global search list in /etc/resolv.conf. public_keys Force these keys to be public, overriding the private and nosearch markings. This is handy when 3rd party integrations force the resolvconf -p option and you want to disable it eas- ily. replace Is a space separated list of replacement keywords. The syntax is this: $keyword/$match/$replacement Example, given this resolv.conf: domain foo.org search foo.org dead.beef nameserver 1.2.3.4 nameserver 2.3.4.5 and this configuration: replace="search/foo*/bar.com" replace="$replace nameserver/1.2.3.4/5.6.7.8" replace="$replace nameserver/2.3.4.5/" you would get this resolv.conf instead: domain foo.org search bar.com nameserver 5.6.7.8 replace_sub Works the same way as replace except it works on each space separated value rather than the whole line, so it's useful for the replacing a single domain within the search directive. Us- ing the same example resolv.conf and changing replace to replace_sub, you would get this resolv.conf instead: domain foo.org search bar.com dead.beef nameserver 5.6.7.8 state_dir Override the default state directory of /var/run/resolvconf. This should not be changed once resolvconf is in use unless the old directory is copied to the new one. LIBC OPTIONS The following variables affect resolv.conf(5) directly: resolv_conf Defaults to /etc/resolv.conf if not set. Set to /dev/null to stop resolvconf(8) from changing it. resolv_conf_options A list of libc resolver options, as specified in resolv.conf(5). resolv_conf_passthrough When set to YES the latest resolv.conf is written to resolv_conf without any alteration. When set to /dev/null or NULL, resolv_conf_local_only is defaulted to NO, local_nameservers is unset unless overridden and only the in- formation set in resolvconf.conf is written to resolv_conf. resolv_conf_restore When set to YES and and an empty resolv.conf would be written, restore resolv.conf.bak instead if it exists. Defaults to YES if not set. resolv_conf_sortlist A libc resolver sortlist, as specified in resolv.conf(5). resolv_conf_local_only If a local name server is configured then the default is just to specify that and ignore all other entries as they will be configured for the local name server. Set this to NO to also list non-local nameservers. This will give you working DNS even if the local nameserver stops functioning at the expense of duplicated server queries. append_nameservers Append name servers to the dynamically generated list. prepend_nameservers Prepend name servers to the dynamically generated list. append_search Append search domains to the dynamically generated list. prepend_search Prepend search domains to the dynamically generated list. resolv_conf_mv Defaults to NO. Defines if /etc/resolv.conf is updated by writing to a temporary file and then moving it vs writing di- rectly to it. SUBSCRIBER OPTIONS openresolv ships with subscribers for the name servers dnsmasq(8), named(8), pdnsd(8), pdns_recursor(1), and unbound(8). Each subscriber can create configuration files which should be included in the sub- scribers main configuration file. To disable a subscriber, simply set its name to NO. If the subscriber name has a dash in it, then replace it with an underscore. For exam- ple, to disable the libc subscriber you would set: libc=NO dnsmasq_conf This file tells dnsmasq which name servers to use for specific domains. dnsmasq_resolv This file tells dnsmasq which name servers to use for global lookups. Example resolvconf.conf for dnsmasq: name_servers=127.0.0.1 dnsmasq_conf=/etc/dnsmasq-conf.conf dnsmasq_resolv=/etc/dnsmasq-resolv.conf Example dnsmasq.conf: listen-address=127.0.0.1 # If dnsmasq is compiled for DBus then we can take # advantage of not having to restart dnsmasq. enable-dbus conf-file=/etc/dnsmasq-conf.conf resolv-file=/etc/dnsmasq-resolv.conf named_options Include this file in the named options block. This file tells named which name servers to use for global lookups. named_zones Include this file in the named global scope, after the options block. This file tells named which name servers to use for specific domains. Example resolvconf.conf for named: name_servers=127.0.0.1 named_options=/etc/named-options.conf named_zones=/etc/named-zones.conf Example named.conf: options { listen-on { 127.0.0.1; }; include "/etc/named-options.conf"; }; include "/etc/named-zones.conf"; pdnsd_conf This is the main pdnsd configuration file which we modify to add our forward domains to. If this variable is not set then we rely on the pdnsd configuration file setup to read pdnsd_resolv as documented below. pdnsd_resolv This file tells pdnsd about global name servers. If this vari- able is not set then it's written to pdnsd_conf. Example resolvconf.conf for pdnsd: name_servers=127.0.0.1 pdnsd_conf=/etc/pdnsd.conf # pdnsd_resolv=/etc/pdnsd-resolv.conf Example pdnsd.conf: global { server_ip = 127.0.0.1; status_ctl = on; } server { # A server definition is required, even if empty. label="empty"; proxy_only=on; # file="/etc/pdnsd-resolv.conf"; } pdns_zones This file tells pdns_recursor about specific and global name servers. Example resolvconf.conf for pdns_recursor: name_servers=127.0.0.1 pdns_zones=/etc/pdns/recursor-zones.conf Example recursor.conf: allow-from=127.0.0.0/8, ::1/128 forward-zones-file=/etc/pdns/recursor-zones.conf resolvectl When set to YES, resolvectl(1) will be used to write per inter- face entries from resolvconf(8) to systemd-resolved(8). A warning is emitted for any entry that cannot be matched to an interface. This subscriber should only be used if your systemd-resolved does not support DNS delegates and you need private or non searchable resolvconf(8) entries, or you're really beholden to seeing DNS setup per interface via resolvectl(1). The systemd- resolved subscriber documented below is the better option. Example resolvconf.conf for resolvectl: # Keep /etc/resolv.conf as systemd-resolved wants it libc=NO resolvectl=YES systemd_resolved When set to YES, global DNS will be written to the systemd_resolved_conf configuration file and DNS delegates will be written to the systemd_delegate_dir directory. systemd_resolved_conf Defaults to /run/systemd/resolved.conf.d/60-resolvconf.conf. systemd_delegate_dir Defaults to /run/systemd/dns-delegate.d. Example resolvconf.conf for systemd-resolved: # Keep /etc/resolv.conf as systemd-resolved wants it libc=NO systemd_resolved=YES unbound_conf This file tells unbound about specific and global name servers. unbound_insecure When set to YES, unbound marks the domains as insecure, thus ignoring DNSSEC. unbound_private When set to YES, unbound marks the domains as private, allowing it and its subdomains to contain private addresses. unbound_forward_zone_options Options appended to each forward zone. Each option should be separated by an embedded new line. Example resolvconf.conf for unbound: name_servers=127.0.0.1 unbound_conf=/etc/unbound-resolvconf.conf Example unbound.conf: include: /etc/unbound-resolvconf.conf SUBSCRIBER INTEGRATION Not all distributions store the files the subscribers need in the same locations. For example, named service scripts have been called named, bind and rc.bind and they could be located in a directory called /etc/rc.d, /etc/init.d or similar. Each subscriber attempts to auto- matically configure itself, but not every distribution has been catered for. Also, users could equally want to use a different version from the one installed by default, such as bind8 and bind9. To accommodate this, the subscribers have these files in configurable variables, docu- mented below. dnsmasq_service Name of the dnsmasq service. dnsmasq_restart Command to restart the dnsmasq service. dnsmasq_pid Location of the dnsmasq pidfile. libc_service Name of the libc service. libc_restart Command to restart the libc service. named_service Name of the named service. named_restart Command to restart the named service. pdnsd_restart Command to restart the pdnsd service. pdns_service Command to restart the pdns_recursor service. pdns_restart Command to restart the pdns_recursor service. unbound_service Name of the unbound service. unbound_restart Command to restart the unbound service. unbound_pid Location of the unbound pidfile. SEE ALSO sh(1), resolv.conf(5), resolvconf(8) AUTHORS Roy Marples <roy@marples.name> BUGS Each distribution is a special snowflake and likes to name the same thing differently, namely the named service script. Swapping between resolvectl and systemd-resolved subscribers at runtime is not supported. Files referenced by systemd_resolved_conf and sys- temd_delegate_dir need to be removed by hand. A reboot is recommended so that stale data is removed. While you could run them both at the same time, only using one is the recommended approach. Please report them to https://roy.marples.name/projects/openresolv FreeBSD ports 15.quarterly May 15, 2025 RESOLVCONF.CONF(5)
NAME | DESCRIPTION | RESOLVCONF OPTIONS | LIBC OPTIONS | SUBSCRIBER OPTIONS | SUBSCRIBER INTEGRATION | SEE ALSO | AUTHORS | BUGS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=resolvconf.conf&sektion=5&manpath=FreeBSD+Ports+15.0.quarterly>