1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
# Changelog
## 1.3.0 (2019.05.19)
### NOTES
A number of pull-requests and updates added, fixing some bugs and adding new
features.
### IMPROVEMENTS
- Added support for DNS6 option which can take only IPv6 addresses
(@thecodingrobot)
- Based on some feedback by (@tbaumann), alter the handling of script_type and
dev within the body in the main() function to allow it to work more
effectively between the environment and command-line parameters.
- The DNS caches are now flushed when the script as made the configuration
changes for the link (@Edu4rdSHL)
- Change the handling of DOMAIN to support multiple options, with a change in the
way the values are processed and added to systemd-resolved (@adq)
- Updated the documentation in a number of areas, including a new section
specifically on DNS Leakage, links to the DBus commands, NetworkManager and
DNSSEC issues, and spelling corrections, etc. (Thanks to @bohlstry and
@dannyk81 for the help with a script for NetworkManager)
- Now recommended using the `up-restart` option in the configuration files to
ensure that `update-systemd-resolved` is re-run when the connection only
partially restarts (i.e connection restarts, but not the TUN/TAP device).
### BACKWARDS INCOMPATIBILITIES
- The DOMAIN option now supports multiple calls, and rather than the last
provided version being the primary domain for the link, the first value is the
primary domain, and all subsequent calls are added as the equivalent of
DOMAIN-SEARCH.
## 1.2.7 (2017.11.12)
### NOTES
Following a request by @JoshDobbin, support has been added for passing
`ADAPTER_DOMAIN_SUFFIX` via `dhcp-options` to work with the Microsoft standard.
Also included some additional notes in README.md about using `down` in dropped
privilege situations for clarification.
### IMPROVEMENTS
- Added support for ADAPTER_DOMAIN_SUFFIX (@jonathanio)
- Added notes in README.md about `down` with dropped privileges (@jonathanio)
## 1.2.6 (2017.07.24)
### NOTES
Improvements made to the `logger` command to prevent issues with privilege
dropping under the assistance of @dermarens, @terminalmage, @guruxu, and @benvh.
Updated some documentation for consistency and clarity. Thanks to @flungo and
@dawansv here.
### IMPROVEMENTS
- Updated to include a full list in PATH, including sbin paths. (@jonathanio)
- Updated documentation regarding DNS leakage. (@jonathanio)
- Updated all script locations to be consistent. (@jonathanio)
- Add some installation instructions to README.md. (@flungo)
- Update command-line parameters needed within Makefile/README.md. (@noraj1337)
- Fix script name in command-line path within README.md. (@phR0ze)
## 1.2.5 (2017.03.02)
### IMPROVEMENTS
- Updated to include a full list in PATH, including sbin paths. (@jonathanio)
## 1.2.4 (2017.03.02)
### NOTES
@piotr-dobrogost, @mgu, and @aRkadeFR helped improve the documentation.
### IMPROVEMENTS
- It was noted that the PATH setting used in the documentation doesn't work on
all systems (sorry, my bad), so it has now been updated so it should now work.
(@aRkadeFR)
## 1.2.3 (2016.12.25)
### NOTES
@Nauxuron provided a patch to improve DESTDIR and PREFIX handling in Makefile.
### IMPROVEMENTS
- Improve handling of DESTDIR and PREFIX in the Makefile to follow the GNU
guidelines. (@Nauxuron)
## 1.2.2 (2016.12.13)
### NOTES
This one is a thanks to @mikken and helps support OpenVPN 2.4 as well as fix
an issue with `DNSSEC` handling on the `busctl` call.
### BUG FIXES
- The incorrect usage of `down-pre` which as of OpenVPN 2.4 is now a fatal error
when you pass it an argument (i.e. the script we were originally thought it
should be calling). (@mikken)
- Issues with `busctl` and bash properly handling the "empty string" case to use
the default `DNSSEC` option. (@jonathanio)
- Noise when `busctl` is called on the down case when privileges have been
dropped in the client. (@mikken)
- Added documentation for `allow-downgrade` support in `DNSSEC` option (which
was supported, but not documented). (@jonathanio)
## 1.2.1 (2016.10.06)
### NOTES
Thanks for @arjenschol for spotting this one: An error in the AF_INET value
provided to SetLinkDNS prevented IPv6 DNS servers from being added.
### BUG FIXES
- Fix IPv6 DNS by specifying AF_INET6 value (10) insteadof array size (2)
(@arjenschol)
## 1.2.0 (2016.08.29)
### NOTES
Add support for DNSSEC processing, improve logic around `DOMAIN` and
`DOMAIN-SEARCH` handling, add support for `DOMAIN-ROUTE`, and improve
documentation.
### BACKWARDS INCOMPATIBILITIES
- Due to (probably) an incorrect assumption on my part (@jonathanio) in the
purpose of `DOMAIN-SEARCH` verses `DOMAIN`, domains added via `DOMAIN` were
marked as searchable, and so would be appended to bare domain names, while
those added via `DOMAIN-SEARCH` would not. This was a divergance from how
older OpenVPN handler scripts (such as `update-resolv-conf` and
`update-systemd-network`) processed them (i.e. in all cases they were just
made searchable). Note that both scripts didn't really have the concept of
`domain` in the same way as `/etc/resolv.conf` understood it. This script now
(hopefully) properly handles `DOMAIN` and `DOMAIN-SEARCH` (single of the
former, and is primary, multiple of the latter and secondary).
### FEATURES
- Add support for `DNSSEC` option which allows you to enable or disable (or
leave to system default) the `DNSSEC` setting for any DNS queries made to the
DNS servers provided for this link. (@jonathanio)
- Add support for `DOMAIN-ROUTE` which, through `systemd-resolved`, allows you
to set domain names which should be routed over this link to the DNS servers
provided. (@jonathanio)
### IMPROVEMENTS
- Correct the logic around the handling of `DOMAIN` and `DOMAIN-SEARCH` to be
more compatible with previous versions of these handlers. (@jonathanio)
## 1.1.1 (2016.08.10)
### NOTES
Thanks to the help from @pid1 for this release. The documentation mistakenly
noted to use pre-down for the script now (compared to down originally, which
failed as the tun or tap device would have been removed before the script
ran). However, this should have in fact been down-pre.
### BUG FIXES
- Fix `pre-down` to `down-pre` in the documentation else you'll break your
OpenVPN configuration. (@pid1)
## 1.1.0 (2016.08.08)
### NOTES
Thanks to the work by @BaxterStockman, the script has been refactored, hopefully
making it easier to read and follow, while additional tests around IPv6
processing have been added.
### IMPROVEMENTS
- Refactor the codebase to make it easier to read and expand. (@BaxterStockman)
- Improve run-tests so multiple tests can be run within a file, and can expect
failures within a test. (@BaxterStockman)
- Add tests for invalid IPv6 addresses. (@BaxterStockman)
## 1.0.0 (2016.06.23)
### NOTES
First release of `update-systemd-resolved`. Should fully support the three
standard DHCP options in OpenVPN (`DNS`, `DOMAIN`, and `DOMAIN-SEARCH`) with
integration tests around the code to manage and monitor regressions. Also
supports multiple (and combined) IPv4 and IPv6 DNS addresses.
|
