From a6ae9f740991888bede82884bd9609db220430e3 Mon Sep 17 00:00:00 2001 From: Antonio Torres Date: Mon, 23 Jun 2025 10:49:34 +0200 Subject: [PATCH] dns: only overwrite resolv.conf during eDNS setup when needed Don't overwrite resolv.conf if it already points to 127.0.0.1. This ensures compatibility with read-only containers. Fixes: https://pagure.io/freeipa/issue/9813 Signed-off-by: Antonio Torres Reviewed-By: Florence Blanc-Renaud --- ipaserver/install/dns.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index 9740faeddb244a56b2dc8a274ff82158f6dd2204..0f7a3073f4de1641afb7fdfa77413b978fd23974 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -33,7 +33,7 @@ from ipapython import ipautil from ipapython import dnsutil from ipapython.certdb import EXTERNAL_CA_TRUST_FLAGS from ipapython.dn import DN -from ipapython.dnsutil import check_zone_overlap +from ipapython.dnsutil import check_zone_overlap, get_ipa_resolver from ipapython.install import typing from ipapython.install.core import group, knob from ipapython.admintool import ScriptError @@ -171,17 +171,19 @@ def _setup_dns_over_tls(options): f.write("\n".join(dns_none)) nm.reload_or_restart() - # Overwrite resolv.conf to point to IPA + # Ensure resolv.conf points to IPA cfg = [ "# auto-generated by IPA installer", "search .", "nameserver 127.0.0.1\n" ] - fstore = sysrestore.FileStore(paths.SYSRESTORE) - fstore.backup_file(paths.RESOLV_CONF) - with open(paths.RESOLV_CONF, 'w') as f: - f.write('\n'.join(cfg)) - os.chmod(paths.RESOLV_CONF, 0o644) + nameservers = get_ipa_resolver().nameservers + if not nameservers or nameservers[0] != "127.0.0.1": + fstore = sysrestore.FileStore(paths.SYSRESTORE) + fstore.backup_file(paths.RESOLV_CONF) + with open(paths.RESOLV_CONF, 'w') as f: + f.write('\n'.join(cfg)) + os.chmod(paths.RESOLV_CONF, 0o644) services.knownservices.unbound.enable() services.knownservices.unbound.restart() -- 2.50.1