I am in the process of adding fix / feature to openresolv and I have encountered a potential problem with the way the package is configured, but I am unsure whether it is a bug or deliberate.
The following is the context in which I encountered the problem:
Namely I am adding a config flag to it which automatically adds private dns zones to the unbound config file it generates when used with i.e. NetworkManager. Without it users would still have to manually keep a list of private top level domains, which the related feature already in openresolv unbound_insecure
is supposed to prevent.
During the process of reverse-engineering how openresolv is used in nixos I encountered an error in the package that occurs when the following is set:
networking.networkmanager.enable = true;
networking.resolvconf.extraConfig = ''
private_interfaces="*"
unbound_conf=/etc/unbound/resolvconf.conf
'';
unbound_conf
is a feature of openresolv which makes it automatically create a file at the specified location containing a forward zone for local dns.
https://roy.marples.name/projects/openresolv/configuration/resolvers/unbound
Enabling this feature causes the following warning to appear in NetworkManager:
NetworkManager[214529]: <warn> [1722794513.2615] dns-mgr: resolvconf failed with status 256
NetworkManager[214529]: <warn> [1722794513.2616] dns-mgr: could not commit DNS changes: resolvconf failed with status 256
The reason for this is that, after writing the file, openresolv tries to restart unbound using a command given to it at build time.
Which brings us to the source of the problem:
In the package in nixpkgs the restart command is set to false
.
This ends up as the literal string “false” when it is compiled into the package.
I am still experimenting with what I can set it to to make it work or at least not error.
However, this was deliberately set very early in NixOS’s development:
Unfortunately there isn’t much information on why this was unset.
So before I submit a PR I wanted to ask if there is a reason why this feature is disabled…?