SysV and systemd script to change DNS servers

[TimothySimon]

Hello all.
I need to make a fully GUI app using Qt/C++ (Intended for users with no CLI knowledge).
It is a parental control app (it SHOULD NOT be usable for non-root users).

It needs to change DNS servers on one hand and restore them to automatic on the other hand (based on the options given).

For this, it writes a shell script and launches it as root (via su-to-root , which is bundled in the final AppImage)

Now, it is required to support old systems with SysV init (and I want to support distros like MX/antiX too).

We can change the DNS servers by removing /etc/resolv.conf , editing it and then making it chattr +i

In systemd, we can restore automatic (ISP) DNS by

Code: Select all

ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

(Ref: https://wiki.archlinux.org/title/Systemd-resolved)

in SysV, we can restore automatic (ISP) DNS with:

Code: Select all

ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf

(This works on MX Linux with SysV, because /etc/resolv.conf is managed by resolvconf on )

Is there a better way to do it on SysV systems ?

I think this may cause breakage on switching between SysV and systemd (like in MX Linux).
Is there a better way to do it on such systems as MX Linux (with both SysV and systemd) ?

[dolphin_oracle]

I might be wrong, but I think on mx19 that resolvconf manages the /run/resolvconf/resolv.conf file, and that /etc/resolv.conf is already a symlink. in both systemd and sysvinit.

as far as how other folks do it...I don't think there are other folks that allow a choice of systemd vs. sysvinit at boot time anymore.

[nXecure]

As an average user (not a real programmer), I would recommend you store the original symlink in a file and then restore it from it when needed, instead of playing guesswork.
Some network managers (like connman) will take control of the /etc/resolv.conf symlink, so there are more than 2 possible cases. Better just restore the original symlink and add a notice that "a reboot may be required", just in case you need the service to restart (and you don't know which service is in control of resolving DNS).

[TimothySimon]

I might be wrong, but I think on mx19 that resolvconf manages the /run/resolvconf/resolv.conf file, and that /etc/resolv.conf is already a symlink. in both systemd and sysvinit.

as far as how other folks do it...I don't think there are other folks that allow a choice of systemd vs. sysvinit at boot time anymore.

Thank you. I asked in this forum because I really want to support MX Linux too (and that requires some more tweaking).

So, I think

Code: Select all

ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf

would be guaranteed to work for MX Linux in SysV mode.

[TimothySimon]

As an average user (not a real programmer), I would recommend you store the original symlink in a file and then restore it from it when needed, instead of playing guesswork.
Some network managers (like connman) will take control of the /etc/resolv.conf symlink, so there are more than 2 possible cases. Better just restore the original symlink and add a notice that "a reboot may be required", just in case you need the service to restart (and you don't know which service is in control of resolving DNS).

Thank you so much. I think that is the more sensible way.

Is it reasonable to assume that /etc/resolv.conf will be a symlink to some other, fairly constant location ?
Is there a better way to change DNS servers with a script / API / system call etc., ?

BTW: I'm not a real programmer yet. God willing, this app is going to be my undergrad project.

[dolphin_oracle]

I might be wrong, but I think on mx19 that resolvconf manages the /run/resolvconf/resolv.conf file, and that /etc/resolv.conf is already a symlink. in both systemd and sysvinit.

as far as how other folks do it...I don't think there are other folks that allow a choice of systemd vs. sysvinit at boot time anymore.

Thank you. I asked in this forum because I really want to support MX Linux too (and that requires some more tweaking).

So, I think

Code: Select all

ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf

would be guaranteed to work for MX Linux in SysV mode.

that is the default on mx19.

[TimothySimon]

...

Is it reasonable to assume that /etc/resolv.conf will be a symlink to some other, fairly constant location ?
Is there a better way to change DNS servers with a script / API / system call etc., ?

Would that assumption be a reasonable one, and is there a better way ?

[dolphin_oracle]

I don't think there is any reason to delete any files, just write whatever nameserver information you want to /etc/resolv.conf and you are good to go. on mx19, /etc/resolv.conf is a symlink to /run/resolvconf/resolv.conf. on mx21 it will be just a file /etc/resolv.conf. either way, you can write the information directly. for instance, if you want to replace what's in there with google's dns, you could

Code: Select all

echo "nameserver 8.8.8.8" > /etc/resolv.conf

and similar to place your usually information back.

Code: Select all

echo "nameserver w.h.a.t.e.v.e.r." > /etc/resolv.conf
echo "line 2 " >>/etc/resolv.conf
echo "line 3" >>/etc/resolv.conf

or you could keep two files, one with each of your desired settings, and copy it back and forth to /run/resolvconf/resolv.conf. the only trick then is the chattr step to keep the file from being overwritten by simply disconnecting and reconnecting with the network manager gui.

you would also need to remove the kids accounts from the "sudo" user group, or else as soon as they learn about sudo all this is for naught.

if they are on there own PC, it may be easier to set limits in the router controls rather than on the PC.

[TimothySimon]

I don't think there is any reason to delete any files, just write whatever nameserver information you want to /etc/resolv.conf and you are good to go. on mx19, /etc/resolv.conf is a symlink to /run/resolvconf/resolv.conf. on mx21 it will be just a file /etc/resolv.conf. either way, you can write the information directly. for instance, if you want to replace what's in there with google's dns, you could

Code: Select all

echo "nameserver 8.8.8.8" > /etc/resolv.conf

and similar to place your usually information back.

Code: Select all

echo "nameserver w.h.a.t.e.v.e.r." > /etc/resolv.conf
echo "line 2 " >>/etc/resolv.conf
echo "line 3" >>/etc/resolv.conf

or you could keep two files, one with each of your desired settings, and copy it back and forth to /run/resolvconf/resolv.conf. the only trick then is the chattr step to keep the file from being overwritten by simply disconnecting and reconnecting with the network manager gui.

This is what I'm doing now:
(For your kind review)

To change DNS:

Code: Select all

#!/bin/sh
chattr -i /etc/resolv.conf
rm -f /etc/resolv.conf
echo "# DNS nameservers set by your administrator" > /etc/resolv.conf"
echo "nameserver $DNS_1" >> /etc/resolv.conf
echo "nameserver $DNS_2" >> /etc/resolv.conf
# Make /etc/resolv.conf immutable
chattr +i /etc/resolv.conf
exit 0

To Restore DNS :

Code: Select all

#!/bin/sh
chattr -i /etc/resolv.conf
rm -f /etc/resolv.conf
if pidof systemd ; then
 # Ref: https://wiki.archlinux.org/title/Systemd-resolved
 ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
else
 ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
fi
exit 0

you would also need to remove the kids accounts from the "sudo" user group, or else as soon as they learn about sudo all this is for naught.

Surely. in the first screen itself, I provide step-by-step instructions for doing that in Windows, macOS and Linux.

if they are on there own PC, it may be easier to set limits in the router controls rather than on the PC.

But this app is aimed at less tech-savvy people, who may not know to access the router controls and change the DNS.
This app also does a lot many things apart from changing the DNS.

[nXecure]

Is it reasonable to assume that /etc/resolv.conf will be a symlink to some other, fairly constant location ?
Is there a better way to change DNS servers with a script / API / system call etc., ?

Normally it is symlinked to a program that manages it. Depending on what the program does, adding the dns servers to the file without blocking it will only survive the session (and once the system reboots, the entries will disappear).

I think your idea of locking the /etc/resolv.conf to a file and not a symlink for the dns parental control is better than "echoing" the servers to /etc/resolv.conf (for the reason that it may not survive a reboot).

I would first check if the /etc/resolv.conf is a symlink (and save the symlink to a file for later restoring), and replace it with your current idea, but if it is instead a file, save the contents for later restoration.

Anyway, you need to select what you think is the better method. The code is under your control and you will be the one who will maintain it.

BTW: I'm not a real programmer yet. God willing, this app is going to be my undergrad project.

Real programmers create programs for real people. If you do so, you are a real programmer (sorry, robot programmers).