Route .vm DNS through systemd-resolved

Banger was already serving VM records on 127.0.0.1:42069, but hosts using systemd-resolved were not routing .vm queries there. That made direct lookups against the local server work while normal host resolution and commands like opencode attach <vm>.vm:4096 failed.\n\nSync resolvectl dns/domain/default-route settings onto the banger bridge when the daemon opens and whenever VM DNS records are published, and revert that bridge-scoped configuration on daemon shutdown. This uses sudo resolvectl because unprivileged resolved reconfiguration on this host requires interactive authentication.\n\nValidation: GOCACHE=/tmp/banger-gocache go test ./..., make build, daemon restart, resolvectl dns/domain br-fc, resolvectl query vrum.vm, and curl http://vrum.vm:4096.
2026-03-22 15:07:22 -03:00 · 2026-03-22 15:07:22 -03:00 · b7f6d1fe1b
commit b7f6d1fe1b
parent 0ad3dae502
4 changed files with 145 additions and 2 deletions
--- a/internal/daemon/daemon.go
+++ b/internal/daemon/daemon.go
@ -98,6 +98,7 @@ func Open(ctx context.Context) (d *Daemon, err error) {
 		d.logger.Error("daemon open failed", "stage", "reconcile", "error", err.Error())
 		return nil, err
 	}
+	d.ensureVMDNSResolverRouting(ctx)
 	if err = d.initializeTapPool(ctx); err != nil {
 		d.logger.Error("daemon open failed", "stage", "initialize_tap_pool", "error", err.Error())
 		return nil, err
@ -122,7 +123,7 @@ func (d *Daemon) Close() error {
 		if d.webListener != nil {
 			_ = d.webListener.Close()
 		}
-		err = errors.Join(d.stopVMDNS(), d.store.Close())
+		err = errors.Join(d.clearVMDNSResolverRouting(context.Background()), d.stopVMDNS(), d.store.Close())
 	})
 	return err
 }