Skip to content
Snippets Groups Projects
Clayton Craft's avatar
Clayton Craft authored
Fixes #1430 by basically filtering DNS queries to remove any with addresses
that might cause traffic to go over a lower priority interface. See that issue
for a more detailed explanation of the problem.

It does this by:
        1) configuring NetworkManager to send DNS config to resolvconf, instead
           of writing to resolv.conf directly. In my (limited) testing, this
           seems to be necessary to get NM to trigger resolvconf which is
           needed for...
        2) configuring resolvconf to ignore any DNS it receives and use
           localhost, when writing resolv.conf

openresolv is used because the alternative of modifying resolv.conf
manually gets messy, specifically with apk where it may not replace
/etc/resolv.conf if the user / something else has modified it...

Note that there's still some possibilities for apps that have hardcoded DNS
nameservers to bypass dnsane. It's not trivial to catch this. The most straight
forward way is to use a firewall rule to redirect all outbound DNS to dnsane.
But this would break mmsd and any other apps that actually need to query
specific nameservers to function properly.

I used a SIM that had a mobile data connection, but traffic was dropped by the
carrier outside of the phone. In other words, my phone was often in the exact
situation described in #1430. When connected to wifi, I could very easily
notice when traffic was being routed incorrectly because anything destined for
mobile data would fail (pages stopped loading, etc). After some amount of
casual testing while using the phone "normally", I haven't noticed any failures
yet from that problem.
3c99d388
History