Jump to content

resolvconf

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Libnoon (talk | contribs) at 15:33, 16 September 2016 (Split a too large paragraph in two.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In some FreeBSD, Linux distributions, and other Unix-like operating systems, the resolvconf program maintains the system information about the currently available name servers and manages the contents of the configuration file resolv.conf, which determines Domain Name System (DNS) resolver parameters.

Before a computer can connect to an external network resource by name, it must convert that alpha-numeric name (e.g., wikipedia.org) into its corresponding network address called an IP address (e.g., 66.230.200.10). The computer performs this conversion by contacting one of a number of special computers called name servers, which have tables of resource names and corresponding IP addresses. The information about the servers is kept in the configuration file resolv.conf. However, when multiple programs need to dynamically modify the resolv.conf file, they can interfere with each other and store incorrect information in the file.

The resolvconf program addresses this problem. It acts as an intermediary between programs that supply name server information (e.g., DHCP clients) and programs that use name server information (e.g., resolvers). When resolvconf is properly installed, the resolv.conf file is replaced by a symbolic link to /etc/resolvconf/run/resolv.conf and the resolver instead uses the dynamically generated linked file. In a system without resolvconf, the file is normally maintained manually or by a collection of scripts. The scripts may cause problems, because there is no program to control access to the file. Resolvconf controls access to the file, allowing many programs to use it at the same time.

resolvconf cannot easily be disabled on some systems. On FreeBSD it can be disabled by placing resolvconf=NO in resolvconf.conf(5).[1]

In securely administered environments the resolvconf program (or daemon, depending on the implementation) causes uneasiness since it interferes with the containment of resolv.conf security vulnerabilities, making changes to it without authorization. (Centralized change management, or centralized compliance, requires that system changes cannot be made from the sidelines.)

References