Provided by: resolvconf-admin_0.3-1_amd64 bug

NAME

       resolvconf-admin - a setuid program for setting up DNS resolution

SYNOPSIS

       resolvconf-admin add NETIF [-s SEARCH] [-d DOMAIN] NAMESERVER [...]

       resolvconf-admin del NETIF

DESCRIPTION

       This setuid program allows specific non-privileged users to invoke /sbin/resolvconf (if it
       is present)  with  a  constrained  argument  to  add  or  remove  DNS  resolvers;  or,  if
       /sbin/resolvconf is not executable, it can replace /etc/resolv.conf.

       This is useful, for example, for running a DHCP client as a non-privileged user.

       When  the  non-privileged  user  wants  to  set up the DNS resolvers due to information it
       learned from interface NETIF, it should invoke:

              resolvconf-admin add NETIF [-s SEARCH] [-d DOMAIN] NAMESERVER [...]

       Note that DNS search path and domain name are optional.  However, at least one  nameserver
       is required.

       When  the  non-privileged user wants to tear down the DNS resolver information that it had
       previously set for interface NETIF, it should invoke:

              resolvconf-admin del NETIF

WARNING

       A better (non-suid) approach for setting up the DNS in a non-privileged way is to make  an
       authenticated  IPC  call  to  some  running  daemon  that  already  manages  the local DNS
       resolution configuration (e.g., systemd-resolved(8)).  However, some systems  do  not  run
       such a daemon, so we offer this setuid approach instead, for those limited systems only.

       This  setuid  program  should  not be installed on systems that already run such a daemon,
       because every setuid program increases the attack surface of the operating system.

       DO NOT INSTALL THIS TOOL IF YOU HAVE BETTER OPTIONS AVAILABLE TO YOU!

INTERLEAVED OPERATION WITHOUT RESOLVCONF(8)

       On a system where resolvconf(8) is not installed, the behavior is not very  sophisticated.
       On these systems:

       • The first time resolvconf-admin add is invoked, the old /etc/resolv.conf is backed up to
         /etc/resolv.conf.bak.resolvconf-admin.

       • The first time resolvconf-admin del is invoked, the backed up file is restored.

       If multiple daemons (or a single  daemon  monitoring  multiple  sources  of  DNS  resolver
       information)  invokes  resolvconf-admin in an interleaved fashion (e.g.  two adds before a
       del), this will almost certainly not be the behavior that you want.   If  your  system  is
       likely  to  have  this  kind  of  interleaved operation, it should also have resolvconf(8)
       installed.

SEE ALSO

       resolvconf(8), resolv.conf(5), systemd-resolved(8)

AUTHORS

       Daniel Kahn Gillmor <dkg@fifthhorseman.net>.

                                          2017 September                      RESOLVCONF-ADMIN(1)