dns

func Check ¶

func Check(tld string) (bool, error)

Check resolves test-lerd-probe.{tld} and reports whether the answer is one the lerd dnsmasq could legitimately return. With lan:expose off, the expected answer is 127.0.0.1 (loopback). With lan:expose on, the dnsmasq answers with the host's primary LAN IP so remote clients can reach the actual nginx instance, but the local host still routes those packets through its own loopback interface so the site is reachable from the server itself too.

Returns (true, nil) if DNS resolution is working correctly for the given TLD in either mode.

func ConfigureResolver ¶ added in v0.1.53

func ConfigureResolver() error

ConfigureResolver configures the system DNS resolver to forward .test to the lerd-dns dnsmasq container on port 5300. Call this after lerd-dns is running so that any immediate resolvectl changes don't break DNS before dnsmasq is up.

func InstallSudoers ¶ added in v0.3.0

func InstallSudoers() error

InstallSudoers writes a sudoers drop-in granting the current user passwordless access to resolvectl commands. This is required for the autostart service which runs non-interactively and cannot prompt for a sudo password.

func ReadContainerDNS ¶ added in v1.0.4

func ReadContainerDNS() []string

ReadContainerDNS returns the DNS servers to configure as aardvark-dns upstreams for the lerd Podman bridge network. It reads DnsForwardIps from the pasta rootless-netns info.json (typically 169.254.1.1), which chains through systemd-resolved and therefore resolves both .test domains (via lerd-dns) and internet domains. Falls back to ReadUpstreamDNS if the file is unavailable (e.g. before Podman initialises the netns).

func ReadUpstreamDNS ¶ added in v1.0.3

func ReadUpstreamDNS() []string

ReadUpstreamDNS returns upstream DNS server IPs from the running system. Sources tried in order:

1. /run/systemd/resolve/resolv.conf — real upstreams on systemd-resolved systems
2. /etc/resolv.conf — fallback
3. nmcli — DHCP-provided DNS from NetworkManager

Returns nil if nothing is found; callers should omit no-resolv in that case.

func ResolverHint ¶ added in v1.6.0

func ResolverHint() string

ResolverHint returns a user-facing hint for restarting the active DNS resolver.

func Teardown ¶ added in v0.1.55

func Teardown()

Teardown removes all lerd DNS configuration from the system and restores normal resolution.

func WaitReady ¶ added in v0.4.3

func WaitReady(timeout time.Duration) error

WaitReady blocks until lerd-dns is accepting TCP connections on port 5300 (dnsmasq supports DNS over TCP), or until the timeout elapses. Returns nil when ready, error on timeout.

func WriteDnsmasqConfig ¶

func WriteDnsmasqConfig(dir string) error

WriteDnsmasqConfig writes the lerd dnsmasq config to the given directory, auto-detecting the right target based on whether `lerd lan:expose` is on.

When cfg.LAN.Exposed is false the config answers .test queries with 127.0.0.1, suitable for local-only use. When it's true the config answers with the host's primary LAN IP so remote clients reach the actual nginx instance through the lerd-dns-forwarder service.

All legacy callers (lerd start, lerd install, the DNS watcher) go through this function, so they automatically pick up the right target without each one having to know about the exposed flag.

func WriteDnsmasqConfigFor ¶ added in v1.8.0

func WriteDnsmasqConfigFor(dir, target string) error

WriteDnsmasqConfigFor writes the lerd dnsmasq config with `target` as the IP returned for any `*.test` query. The default `127.0.0.1` is correct when the only client is the local machine — nginx is reachable on loopback. When remote devices need to resolve the same hostnames, pass the server's LAN IP instead. The server itself will still be able to reach `.test` URLs because the kernel routes packets destined for any of its own addresses through the loopback interface.

Upstream DNS servers are detected from the running system (DHCP / systemd-resolved). If no upstreams are detected, no-resolv is omitted so dnsmasq falls back to the container's /etc/resolv.conf (populated by Podman from the host's DNS config).