diff --git a/build_debian.sh b/build_debian.sh
index c6393196f017..f71bdd9fd0fb 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -400,6 +400,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
jq \
auditd \
linux-perf \
+ resolvconf \
lsof \
sysstat
@@ -781,7 +782,11 @@ sudo rm -f $ONIE_INSTALLER_PAYLOAD $FILESYSTEM_SQUASHFS
## Note: -x to skip directories on different file systems, such as /proc
sudo du -hsx $FILESYSTEM_ROOT
sudo mkdir -p $FILESYSTEM_ROOT/var/lib/docker
-sudo cp files/image_config/resolv-config/resolv.conf $FILESYSTEM_ROOT/etc/resolv.conf
+
+## Clear DNS configuration inherited from the build server
+sudo rm -f $FILESYSTEM_ROOT/etc/resolvconf/resolv.conf.d/original
+sudo cp files/image_config/resolv-config/resolv.conf.head $FILESYSTEM_ROOT/etc/resolvconf/resolv.conf.d/head
+
sudo mksquashfs $FILESYSTEM_ROOT $FILESYSTEM_SQUASHFS -comp zstd -b 1M -e boot -e var/lib/docker -e $PLATFORM_DIR
## Reduce /boot permission
diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2
index 2a560e87a58d..29510542a2f2 100644
--- a/files/build_templates/sonic_debian_extension.j2
+++ b/files/build_templates/sonic_debian_extension.j2
@@ -430,6 +430,15 @@ j2 files/dhcp/dhclient.conf.j2 | sudo tee $FILESYSTEM_ROOT/etc/dhcp/dhclient.con
sudo cp files/dhcp/ifupdown2_policy.json $FILESYSTEM_ROOT/etc/network/ifupdown2/policy.d
sudo cp files/dhcp/90-dhcp6-systcl.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
+# Copy DNS configuration files and templates
+sudo cp $IMAGE_CONFIGS/resolv-config/resolv-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
+sudo cp $IMAGE_CONFIGS/resolv-config/resolv-config.sh $FILESYSTEM_ROOT/usr/bin/
+sudo cp $IMAGE_CONFIGS/resolv-config/resolv.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
+echo "resolv-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
+sudo LANG=C chroot $FILESYSTEM_ROOT systemctl disable resolvconf.service
+sudo mkdir -p $FILESYSTEM_ROOT/etc/resolvconf/update-libc.d/
+sudo cp $IMAGE_CONFIGS/resolv-config/update-containers $FILESYSTEM_ROOT/etc/resolvconf/update-libc.d/
+
# Copy initial interfaces configuration file, will be overwritten on first boot
sudo cp $IMAGE_CONFIGS/interfaces/init_interfaces $FILESYSTEM_ROOT/etc/network/interfaces
sudo mkdir -p $FILESYSTEM_ROOT/etc/network/interfaces.d
diff --git a/files/image_config/interfaces/interfaces-config.sh b/files/image_config/interfaces/interfaces-config.sh
index f6aa4147a4e4..cb2faea91f31 100755
--- a/files/image_config/interfaces/interfaces-config.sh
+++ b/files/image_config/interfaces/interfaces-config.sh
@@ -60,6 +60,8 @@ for intf_pid in $(ls -1 /var/run/dhclient*.Ethernet*.pid 2> /dev/null); do
[[ -f ${intf_pid} ]] && kill `cat ${intf_pid}` && rm -f ${intf_pid}
done
+/usr/bin/resolv-config.sh cleanup
+
# Read sysctl conf files again
sysctl -p /etc/sysctl.d/90-dhcp6-systcl.conf
diff --git a/files/image_config/resolv-config/resolv-config.service b/files/image_config/resolv-config/resolv-config.service
new file mode 100644
index 000000000000..18a261dcf5d0
--- /dev/null
+++ b/files/image_config/resolv-config/resolv-config.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Update DNS configuration
+Requires=updategraph.service
+After=updategraph.service
+BindsTo=sonic.target
+After=sonic.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/resolv-config.sh start
+
+[Install]
+WantedBy=sonic.target
diff --git a/files/image_config/resolv-config/resolv-config.sh b/files/image_config/resolv-config/resolv-config.sh
new file mode 100755
index 000000000000..cffda6acb54b
--- /dev/null
+++ b/files/image_config/resolv-config/resolv-config.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+WD=/var/run/resolvconf/
+CONFIG_DIR=${WD}/interface/
+STATIC_CONFIG_FILE=mgmt.static
+DYNAMIC_CONFIG_FILE_TEMPLATE=*.dhclient
+
+update_symlink()
+{
+ ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
+}
+
+start()
+{
+ update_symlink
+
+ redis-dump -d 4 -k "DNS_NAMESERVER*" -y > /tmp/dns.json
+ if [[ $? -eq 0 && "$(cat /tmp/dns.json)" != "{}" ]]; then
+ # Apply static DNS configuration and disable updates
+ /sbin/resolvconf --disable-updates
+ pushd ${CONFIG_DIR}
+ # Backup dynamic configuration to restore it when the static configuration is removed
+ mv ${DYNAMIC_CONFIG_FILE_TEMPLATE} ${WD} || true
+
+ sonic-cfggen -d -t /usr/share/sonic/templates/resolv.conf.j2,${STATIC_CONFIG_FILE}
+
+ /sbin/resolvconf --enable-updates
+ /sbin/resolvconf -u
+ /sbin/resolvconf --disable-updates
+ popd
+ else
+ # Dynamic DNS configuration. Enable updates. It is expected to receive configuraution for DHCP server
+ /sbin/resolvconf --disable-updates
+ pushd ${CONFIG_DIR}
+ rm -f ${STATIC_CONFIG_FILE}
+ # Restore dynamic configuration if it exists
+ mv ${WD}/${DYNAMIC_CONFIG_FILE_TEMPLATE} ${CONFIG_DIR} || true
+
+ /sbin/resolvconf --enable-updates
+ /sbin/resolvconf -u
+ fi
+}
+
+clean-dynamic-conf()
+{
+ rm -f ${WD}/${DYNAMIC_CONFIG_FILE_TEMPLATE}
+ rm -f ${WD}/postponed-update
+}
+
+case $1 in
+ start)
+ start
+ ;;
+ cleanup)
+ clean-dynamic-conf
+ ;;
+ *)
+ echo "Usage: $0 {start|clean-dynamic-conf}"
+ exit 2
+ ;;
+esac
diff --git a/files/image_config/resolv-config/resolv.conf b/files/image_config/resolv-config/resolv.conf
deleted file mode 100644
index e69de29bb2d1..000000000000
diff --git a/files/image_config/resolv-config/resolv.conf.head b/files/image_config/resolv-config/resolv.conf.head
new file mode 100644
index 000000000000..db81bded75e9
--- /dev/null
+++ b/files/image_config/resolv-config/resolv.conf.head
@@ -0,0 +1,2 @@
+# Dynamic resolv.conf(5) file generated by resolvconf(8)
+# The content of this file may be overwritten during a config reload.
diff --git a/files/image_config/resolv-config/resolv.conf.j2 b/files/image_config/resolv-config/resolv.conf.j2
new file mode 100644
index 000000000000..4887d2e01d45
--- /dev/null
+++ b/files/image_config/resolv-config/resolv.conf.j2
@@ -0,0 +1,3 @@
+{% for ip in DNS_NAMESERVER|sort %}
+nameserver {{ ip }}
+{% endfor -%}
diff --git a/files/image_config/resolv-config/update-containers b/files/image_config/resolv-config/update-containers
new file mode 100755
index 000000000000..47d8328a80fe
--- /dev/null
+++ b/files/image_config/resolv-config/update-containers
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+for container in $(docker ps -a --format=" {{ .ID }}"); do
+ docker cp -L /etc/resolv.conf ${container}:/_resolv.conf
+ docker exec -t ${container} bash -c "cat /_resolv.conf > /etc/resolv.conf"
+ docker exec -t ${container} bash -c "rm /_resolv.conf"
+done
diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py
index 0b2f8b0e7640..d7a3d00510f6 100644
--- a/src/sonic-config-engine/minigraph.py
+++ b/src/sonic-config-engine/minigraph.py
@@ -1002,6 +1002,7 @@ def parse_meta(meta, hname):
dhcp_servers = []
dhcpv6_servers = []
ntp_servers = []
+ dns_nameservers = []
tacacs_servers = []
mgmt_routes = []
erspan_dst = []
@@ -1032,6 +1033,8 @@ def parse_meta(meta, hname):
dhcp_servers = value_group
elif name == "NtpResources":
ntp_servers = value_group
+ elif name == "DnsNameserverResources":
+ dns_nameservers = value_group
elif name == "SyslogResources":
syslog_servers = value_group
elif name == "TacacsServer":
@@ -1070,7 +1073,7 @@ def parse_meta(meta, hname):
qos_profile = value
elif name == "RackMgmtMap":
rack_mgmt_map = value
- return syslog_servers, dhcp_servers, dhcpv6_servers, ntp_servers, tacacs_servers, mgmt_routes, erspan_dst, deployment_id, region, cloudtype, resource_type, downstream_subrole, switch_id, switch_type, max_cores, kube_data, macsec_profile, downstream_redundancy_types, redundancy_type, qos_profile, rack_mgmt_map
+ return syslog_servers, dhcp_servers, dhcpv6_servers, ntp_servers, dns_nameservers, tacacs_servers, mgmt_routes, erspan_dst, deployment_id, region, cloudtype, resource_type, downstream_subrole, switch_id, switch_type, max_cores, kube_data, macsec_profile, downstream_redundancy_types, redundancy_type, qos_profile, rack_mgmt_map
def parse_linkmeta(meta, hname):
@@ -1497,6 +1500,7 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
dhcp_servers = []
dhcpv6_servers = []
ntp_servers = []
+ dns_nameservers = []
tacacs_servers = []
mgmt_routes = []
erspan_dst = []
@@ -1552,7 +1556,7 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
elif child.tag == str(QName(ns, "UngDec")):
(u_neighbors, u_devices, _, _, _, _, _, _) = parse_png(child, hostname, None)
elif child.tag == str(QName(ns, "MetadataDeclaration")):
- (syslog_servers, dhcp_servers, dhcpv6_servers, ntp_servers, tacacs_servers, mgmt_routes, erspan_dst, deployment_id, region, cloudtype, resource_type, downstream_subrole, switch_id, switch_type, max_cores, kube_data, macsec_profile, downstream_redundancy_types, redundancy_type, qos_profile, rack_mgmt_map) = parse_meta(child, hostname)
+ (syslog_servers, dhcp_servers, dhcpv6_servers, ntp_servers, dns_nameservers, tacacs_servers, mgmt_routes, erspan_dst, deployment_id, region, cloudtype, resource_type, downstream_subrole, switch_id, switch_type, max_cores, kube_data, macsec_profile, downstream_redundancy_types, redundancy_type, qos_profile, rack_mgmt_map) = parse_meta(child, hostname)
elif child.tag == str(QName(ns, "LinkMetadataDeclaration")):
linkmetas = parse_linkmeta(child, hostname)
elif child.tag == str(QName(ns, "DeviceInfos")):
@@ -2010,6 +2014,7 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
results['DHCP_SERVER'] = dict((item, {}) for item in dhcp_servers)
results['DHCP_RELAY'] = dhcp_relay_table
results['NTP_SERVER'] = dict((item, {}) for item in ntp_servers)
+ results['DNS_NAMESERVER'] = dict((item, {}) for item in dns_nameservers)
results['TACPLUS_SERVER'] = dict((item, {'priority': '1', 'tcp_port': '49'}) for item in tacacs_servers)
if len(acl_table_types) > 0:
results['ACL_TABLE_TYPE'] = acl_table_types
diff --git a/src/sonic-config-engine/tests/data/dns/resolv.conf b/src/sonic-config-engine/tests/data/dns/resolv.conf
new file mode 100644
index 000000000000..b90cade8f92d
--- /dev/null
+++ b/src/sonic-config-engine/tests/data/dns/resolv.conf
@@ -0,0 +1,3 @@
+nameserver 1.1.1.1
+nameserver 2001:4860:4860::8888
+
diff --git a/src/sonic-config-engine/tests/data/dns/static_dns.json b/src/sonic-config-engine/tests/data/dns/static_dns.json
new file mode 100644
index 000000000000..0d2cf1804317
--- /dev/null
+++ b/src/sonic-config-engine/tests/data/dns/static_dns.json
@@ -0,0 +1,6 @@
+{
+ "DNS_NAMESERVER": {
+ "1.1.1.1": {},
+ "2001:4860:4860::8888": {}
+ }
+}
diff --git a/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph.xml b/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph.xml
index be3938f24bc4..0adcec5c8420 100644
--- a/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph.xml
+++ b/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph.xml
@@ -1425,6 +1425,11 @@
17.39.1.129;17.39.1.130
+
+ DnsNameserverResources
+
+ 1.1.1.1;8.8.8.8
+
SnmpResources
diff --git a/src/sonic-config-engine/tests/simple-sample-graph-case.xml b/src/sonic-config-engine/tests/simple-sample-graph-case.xml
index 69b27c33e7b4..7e8f1579cdf4 100644
--- a/src/sonic-config-engine/tests/simple-sample-graph-case.xml
+++ b/src/sonic-config-engine/tests/simple-sample-graph-case.xml
@@ -500,6 +500,12 @@
10.0.10.1;10.0.10.2
+
+ DnsNameserverResources
+
+ 1.1.1.1;8.8.8.8
+
+
SnmpResources
diff --git a/src/sonic-config-engine/tests/simple-sample-graph-metadata.xml b/src/sonic-config-engine/tests/simple-sample-graph-metadata.xml
index fbc33b49862a..c841ff8d1a9f 100644
--- a/src/sonic-config-engine/tests/simple-sample-graph-metadata.xml
+++ b/src/sonic-config-engine/tests/simple-sample-graph-metadata.xml
@@ -236,6 +236,12 @@
10.0.10.1;10.0.10.2
+
+ DnsNameserverResources
+
+ 20.2.2.2;30.3.3.3
+
+
SnmpResources
diff --git a/src/sonic-config-engine/tests/test_cfggen.py b/src/sonic-config-engine/tests/test_cfggen.py
index 66635a9f78bb..221f44a726e0 100644
--- a/src/sonic-config-engine/tests/test_cfggen.py
+++ b/src/sonic-config-engine/tests/test_cfggen.py
@@ -696,6 +696,11 @@ def test_metadata_ntp(self):
output = self.run_script(argument)
self.assertEqual(utils.to_dict(output.strip()), utils.to_dict("{'10.0.10.1': {}, '10.0.10.2': {}}"))
+ def test_metadata_dns_nameserver(self):
+ argument = ['-m', self.sample_graph_metadata, '-p', self.port_config, '-v', "DNS_NAMESERVER"]
+ output = self.run_script(argument)
+ self.assertEqual(utils.to_dict(output.strip()), utils.to_dict("{'20.2.2.2': {}, '30.3.3.3': {}}"))
+
def test_minigraph_vnet(self, **kwargs):
graph_file = kwargs.get('graph_file', self.sample_graph_simple)
argument = ['-m', graph_file, '-p', self.port_config, '-v', "VNET"]
diff --git a/src/sonic-config-engine/tests/test_j2files.py b/src/sonic-config-engine/tests/test_j2files.py
index ae49c445f583..50e5df4a4660 100644
--- a/src/sonic-config-engine/tests/test_j2files.py
+++ b/src/sonic-config-engine/tests/test_j2files.py
@@ -695,6 +695,14 @@ def test_backend_acl_template_render(self):
self.run_script(argument, output_file=self.output_file)
assert utils.cmp(sample_output_file, self.output_file), self.run_diff(sample_output_file, self.output_file)
+ def test_dns_template_render(self):
+ conf_template = os.path.join(self.test_dir, '..', '..', '..', 'files', 'image_config', 'resolv-config', 'resolv.conf.j2')
+ static_dns_conf = os.path.join(self.test_dir, "data", "dns", "static_dns.json")
+ expected = os.path.join(self.test_dir, "data", "dns", "resolv.conf")
+
+ argument = ['-j', static_dns_conf, '-t', conf_template]
+ self.run_script(argument, output_file=self.output_file)
+ assert utils.cmp(expected, self.output_file), self.run_diff(expected, self.output_file)
def test_buffers_edgezone_aggregator_render_template(self):
self._test_buffers_render_template('arista', 'x86_64-arista_7060_cx32s', 'Arista-7060CX-32S-D48C8', 'sample-arista-7060-t0-minigraph.xml', 'buffers.json.j2', 'buffer-arista7060-t0.json')
diff --git a/src/sonic-config-engine/tests/test_minigraph_case.py b/src/sonic-config-engine/tests/test_minigraph_case.py
index d33d2c14e825..035cff6edb25 100644
--- a/src/sonic-config-engine/tests/test_minigraph_case.py
+++ b/src/sonic-config-engine/tests/test_minigraph_case.py
@@ -277,6 +277,11 @@ def test_metadata_ntp(self):
output = self.run_script(argument)
self.assertEqual(output.strip(), "{'10.0.10.1': {}, '10.0.10.2': {}}")
+ def test_metadata_dns_nameserver(self):
+ argument = ['-m', self.sample_graph, '-p', self.port_config, '-v', "DNS_NAMESERVER"]
+ output = self.run_script(argument)
+ self.assertEqual(output.strip(), "{'1.1.1.1': {}, '8.8.8.8': {}}")
+
def test_minigraph_vnet(self):
argument = ['-m', self.sample_graph, '-p', self.port_config, '-v', "VNET"]
output = self.run_script(argument)
diff --git a/src/sonic-config-engine/tests/test_multinpu_cfggen.py b/src/sonic-config-engine/tests/test_multinpu_cfggen.py
index bc4227f85d52..7026dfa84a61 100644
--- a/src/sonic-config-engine/tests/test_multinpu_cfggen.py
+++ b/src/sonic-config-engine/tests/test_multinpu_cfggen.py
@@ -150,6 +150,17 @@ def test_metadata_ntp(self):
print("Log:asic{} sku {}".format(asic,output))
self.assertDictEqual(output, {})
+ def test_metadata_dns_nameserver(self):
+ argument = ['-m', self.sample_graph, '-p', self.sample_port_config, '--var-json', "DNS_NAMESERVER"]
+ output = json.loads(self.run_script(argument))
+ self.assertDictEqual(output, {'1.1.1.1': {}, '8.8.8.8': {}})
+ #DNS_NAMESERVER data is present only in the host config
+ argument = ['-m', self.sample_graph, '--var-json', "DNS_NAMESERVER"]
+ for asic in range(NUM_ASIC):
+ output = json.loads(self.run_script_for_asic(argument, asic, self.port_config[asic]))
+ print("Log:asic{} sku {}".format(asic,output))
+ self.assertDictEqual(output, {})
+
def test_mgmt_port(self):
argument = ['-m', self.sample_graph, '-p', self.sample_port_config, '--var-json', "MGMT_PORT"]
output = json.loads(self.run_script(argument))