dns

func Check ¶

func Check(tld string) (bool, error)

Check resolves test-lerd-probe.{tld} and reports whether the answer is one the lerd dnsmasq could legitimately return. With lan:expose off, the expected answer is 127.0.0.1 (loopback). With lan:expose on, the dnsmasq answers with the host's primary LAN IP so remote clients can reach the actual nginx instance, but the local host still routes those packets through its own loopback interface so the site is reachable from the server itself too.

Returns (true, nil) if DNS resolution is working correctly for the given TLD in either mode.

func ConfigureResolver ¶ added in v0.1.53

func ConfigureResolver() error

ConfigureResolver configures the system DNS resolver to forward .test to the lerd-dns dnsmasq container on port 5300. Call this after lerd-dns is running so that any immediate resolvectl changes don't break DNS before dnsmasq is up.

func DebounceEvents ¶ added in v1.22.0

func DebounceEvents(in <-chan struct{}, out chan<- struct{}, wait time.Duration, done <-chan struct{})

DebounceEvents collapses a burst on in into a single emit on out after wait of silence. The first event after silence starts the timer; every later event during the window resets it. done closes shut the goroutine down on caller exit. Used by both the lerd-watcher and lerd-ui processes to smooth the kernel's RTM_NEWLINK / RTM_NEWADDR burst that follows a single VPN connect or disconnect into one settled reaction.

func InstallSudoers ¶ added in v0.3.0

func InstallSudoers() error

InstallSudoers writes a sudoers drop-in granting the current user passwordless access to resolvectl commands. This is required for the autostart service which runs non-interactively and cannot prompt for a sudo password.

func LinkChanges ¶ added in v1.22.0

func LinkChanges(out chan<- struct{}, done <-chan struct{}) error

LinkChanges opens an rtnetlink multicast subscription and emits a struct{} on out every time the kernel reports a link or address state change. Message contents are intentionally discarded: callers re-fingerprint the host DNS environment on each settled event, so we only need the "something moved" signal. Returns nil after done closes, or a non-nil error if the netlink socket can't be opened or bound so the caller can log a one-shot warning before falling back to its time-based poll.

func ReadContainerDNS ¶ added in v1.0.4

func ReadContainerDNS() []string

ReadContainerDNS returns DNS servers for aardvark-dns on the lerd network, preferring pasta's info.json (typically 169.254.1.1) and falling back to host upstreams then pastaDefaultForwarder so the list is never empty.

func ReadUpstreamDNS ¶ added in v1.0.3

func ReadUpstreamDNS() []string

ReadUpstreamDNS returns upstream DNS server IPs from the running system. Sources tried in order:

1. /run/systemd/resolve/resolv.conf — real upstreams on systemd-resolved systems
2. /etc/resolv.conf — fallback
3. nmcli — DHCP-provided DNS from NetworkManager

Returns nil if nothing is found; callers should omit no-resolv in that case.

func RepairPossible ¶ added in v1.20.0

func RepairPossible() bool

RepairPossible reports whether the DNS watcher can fix /etc/resolv.conf or NetworkManager configuration from the current process. Linux's repair path runs through systemd-resolved / nmcli / resolvectl and does not require root for the user-scoped commands lerd issues, so this is always true. Mirrors the macOS variant which gates on whether the lerd passwordless-sudo drop-in is in place.

func ResolverHint ¶ added in v1.6.0

func ResolverHint() string

ResolverHint returns a user-facing hint for restarting the active DNS resolver.

func Teardown ¶ added in v0.1.55

func Teardown()

Teardown removes all lerd DNS configuration from the system and restores normal resolution.

func VPNActive ¶ added in v1.22.0

func VPNActive() bool

VPNActive reports whether a VPN tunnel interface is currently up. It is used to word the "DNS degraded" hint and the doctor diagnostic, since a VPN client rewriting the system resolver is by far the most common cause of the system-resolver path failing while lerd-dns itself stays healthy. Detection is name-prefix first and falls back to the POINTOPOINT flag so branded clients (ProtonVPN's proton0, Mullvad's wg variants, custom names) are recognised even when they don't follow the conventional prefix.

func WaitReady ¶ added in v0.4.3

func WaitReady(timeout time.Duration) error

WaitReady blocks until lerd-dns is accepting TCP connections on port 5300 (dnsmasq supports DNS over TCP), or until the timeout elapses. Returns nil when ready, error on timeout.

func WriteDnsmasqConfig ¶

func WriteDnsmasqConfig(dir string) error

WriteDnsmasqConfig writes the lerd dnsmasq config to the given directory, auto-detecting the right target based on whether `lerd lan:expose` is on.

When cfg.LAN.Exposed is false the config answers .test queries with 127.0.0.1 / ::1, suitable for local-only use. When it's true the config answers with the host's primary LAN IP (v4 + v6 when available) so remote clients reach the actual nginx instance through the lerd-dns-forwarder service.

func WriteDnsmasqConfigDual ¶ added in v1.18.0

func WriteDnsmasqConfigDual(dir, v4Target, v6Target string) error

WriteDnsmasqConfigDual is the v4+v6 form of WriteDnsmasqConfigFor. Pass v6Target = "" to skip the AAAA record entirely.

func WriteDnsmasqConfigFor ¶ added in v1.8.0

func WriteDnsmasqConfigFor(dir, target string) error

WriteDnsmasqConfigFor writes the lerd dnsmasq config with `target` as the IPv4 answer for `*.test`. An AAAA pair is derived (::1 locally, host's global v6 when LAN-exposed). Upstreams come from the system; if none are usable, the pasta default forwarder is used so .test routing keeps working.