0

I wish to add more DNS nameservers such as 8.8.8.8 in OpenBSD 5.7. I understand that the current version of OpenBSD allows up to a maximum of three DNS nameservers.

I have read the man pages related to the following relevant topics of networking in OpenBSD:

hostname.if

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/hostname.if.5?query=hostname.if&sec=5

dhclient

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/dhclient.8?query=dhclient&sec=8

resolv.conf, resolv.conf.tail

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/resolv.conf.5?query=resolv.conf.tail&sec=5

dhclient.conf

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/dhclient.conf.5?query=dhclient.conf&sec=5

ifconfig

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ifconfig.8?query=ifconfig&sec=8

Which of the above items must I edit in order to add more DNS nameservers?

virvegto
  • 87
  • 1
  • 4
  • 9

3 Answers3

2

If you're just trying to specify the nameservers that the system uses (which I'm guessing you are, based on this question you asked before), you simply need to edit /etc/resolv.conf.

At a minimum, it should look something like:

lookup file bind
nameserver 8.8.8.8
nameserver 8.8.4.4

I've specified Google's public DNS servers there, but amend the nameserver lines as necessary to use others (eg, your ISP's DNS servers, OpenDNS, etc).

For more information on the file contents and other values you can include, see the resolv.conf manual page.

Community
  • 1
mjturner
  • 7,082
  • 1
  • 26
  • 32
  • The first line of my `/etc/resolv.conf` contains `192.168.1.1`. I don't know how it got there. My router's default gateway is `192.168.220.1`. I removed it by becoming a superuser (root) first and using a text editor for the purpose. After reboot, it reappeared. I tried it many times and failed. First question: Is it safe for me to remove it? Second question: If yes, how to remove it *permanently*? – virvegto Jul 16 '15 at 08:36
  • 1
    @virvegto If your `resolv.conf` is getting automatically updated, I can only think it's the DHCP client on your OpenBSD machine that's doing it. The server it's getting its IP from is pushing that IP to it. The the [FAQ](http://www.openbsd.org/faq/faq6.html#DHCPclient) for more information. Basically, remove the `domain-name-servers` option from `/etc/dhclient.conf` to stop `/etc/resolv.conf` from being updated automatically. Alternatively, you can configure your DHCP server to pass the correct DNS server(s) to your OpenBSD machine. – mjturner Jul 16 '15 at 08:47
  • `The server it's getting its IP from is pushing that IP to it`. I'm guessing it's my ISP that pushing its DNS to me. You see, my subscription with my ISP is for dynamic IP addresses, not static ones. `Basically, remove the domain-name-servers option from /etc/dhclient.conf to stop /etc/resolv.conf from being updated automatically.` If I do that, will I be able to surf the internet? `Alternatively, you can configure your DHCP server to pass the correct DNS server(s) to your OpenBSD machine.` I don't have a DHCP server and don't know how to configure and use one. – virvegto Jul 16 '15 at 11:01
  • 1
    @virvegto Ok, if that DNS server is coming from your ISP you will need to make sure you can connect to public DNS servers before disabling `resolv.conf` updates. You can test this by removing your ISP's DNS server from `resolv.conf` and replacing it with the Google entries and seeing if you can still lookup hostnames (eg, `nslookup www.openbsd.org`). As an aside, what is your router's IP address? – mjturner Jul 16 '15 at 11:29
  • `Ok, if that DNS server is coming from your ISP you will need to make sure you can connect to public DNS servers before disabling resolv.conf updates.` How do I disable resolv.conf updates after connecting to public DNS servers? Will doing so break my internet connection or worse lead to instability of the operating system? – virvegto Jul 16 '15 at 13:05
  • 1
    @virvegto If the public DNS servers work, you will need to change `/etc/dhclient.conf`, as I mentioned in an earlier comment. As long as you can connect to the DNS servers, changing the setting shouldn't "break" your internet connection or lead to instability. – mjturner Jul 16 '15 at 13:17
  • `As an aside, what is your router's IP address?` It's 192.168.177.1. A few days ago it was 192.168.220.1. – virvegto Jul 16 '15 at 13:21
  • I read the man pages regarding `resolv.conf`. Instead of adding two more DNS nameservers to `/etc/resolv.conf` file, can we add them via `/etc/resolv.conf.tail`? – virvegto Jul 16 '15 at 13:23
  • 1
    @virvegto You can, but your ISP's DNS server will remain there. – mjturner Jul 16 '15 at 13:25
  • Thanks for all your replies and help. I hope it isn't too much to ask of you but I'd be grateful if you could answer my question referenced by https://unix.stackexchange.com/questions/216462/remove-uninstall-desktop-environment-from-second-user-account-on-openbsd – virvegto Jul 16 '15 at 13:31
1

If I'm reading the code correctly, the maximum number is now 5.

So you could change it in asr_private.h and re-compile (make obj?).

But why are you doing this? If it's anything like Linux/glibc, each query is done in series, with a 5-second timeout, so even going beyond 3 implies the query will take at least 15 seconds if the first three aren't working.

Does your application wait that long for DNS lookups?

You may be better off running a caching nameserver locally, for example dnsmasq, Unbound, or BIND.

See also: http://comments.gmane.org/gmane.os.openbsd.misc/209494

Mikel
  • 56,387
  • 13
  • 130
  • 149
  • Thanks for letting me know that the maximum is 5, not 3. – virvegto Jul 16 '15 at 08:30
  • `Does your application wait that long for DNS lookups?` Yes, it does. I don't know why. Firefox takes a long time, about 45 seconds, launch on OpenBSD 5.7. – virvegto Jul 16 '15 at 08:41
-1
  • To release current lease, run (as root) 
    ~# dhclient -r interface
  • To obtain a new lease from your vpn_gateway which will update /etc/resolv.conf: 
    ~# route_vpn_gateway=(ipv4 gw_addr)
~# echo "prepend domain-name-servers $route_vpn_gateway;" > /etc/dhclient.conf
~# dhclient interface
AdminBee
  • 21,637
  • 21
  • 47
  • 71
Colin Tree
  • 1