Route .vm DNS through systemd-resolved

Banger was already serving VM records on 127.0.0.1:42069, but hosts using systemd-resolved were not routing .vm queries there. That made direct lookups against the local server work while normal host resolution and commands like opencode attach <vm>.vm:4096 failed.\n\nSync resolvectl dns/domain/default-route settings onto the banger bridge when the daemon opens and whenever VM DNS records are published, and revert that bridge-scoped configuration on daemon shutdown. This uses sudo resolvectl because unprivileged resolved reconfiguration on this host requires interactive authentication.\n\nValidation: GOCACHE=/tmp/banger-gocache go test ./..., make build, daemon restart, resolvectl dns/domain br-fc, resolvectl query vrum.vm, and curl http://vrum.vm:4096.
2026-03-22 15:07:22 -03:00 · 2026-03-22 15:07:22 -03:00 · b7f6d1fe1b
commit b7f6d1fe1b
parent 0ad3dae502
4 changed files with 145 additions and 2 deletions
--- a/internal/daemon/dns_routing.go
+++ b/internal/daemon/dns_routing.go
@ -0,0 +1,63 @@
+package daemon
+
+import (
+	"context"
+	"strings"
+
+	"banger/internal/system"
+	"banger/internal/vmdns"
+)
+
+const vmResolverRouteDomain = "~vm"
+
+var (
+	lookupExecutableFunc = system.LookupExecutable
+	vmDNSAddrFunc        = func(server *vmdns.Server) string { return server.Addr() }
+)
+
+func (d *Daemon) syncVMDNSResolverRouting(ctx context.Context) error {
+	if d == nil || d.vmDNS == nil {
+		return nil
+	}
+	if strings.TrimSpace(d.config.BridgeName) == "" {
+		return nil
+	}
+	if _, err := lookupExecutableFunc("resolvectl"); err != nil {
+		return nil
+	}
+	if _, err := d.runner.Run(ctx, "ip", "link", "show", d.config.BridgeName); err != nil {
+		return nil
+	}
+	serverAddr := strings.TrimSpace(vmDNSAddrFunc(d.vmDNS))
+	if serverAddr == "" {
+		return nil
+	}
+	if _, err := d.runner.RunSudo(ctx, "resolvectl", "dns", d.config.BridgeName, serverAddr); err != nil {
+		return err
+	}
+	if _, err := d.runner.RunSudo(ctx, "resolvectl", "domain", d.config.BridgeName, vmResolverRouteDomain); err != nil {
+		return err
+	}
+	_, err := d.runner.RunSudo(ctx, "resolvectl", "default-route", d.config.BridgeName, "no")
+	return err
+}
+
+func (d *Daemon) clearVMDNSResolverRouting(ctx context.Context) error {
+	if d == nil || strings.TrimSpace(d.config.BridgeName) == "" {
+		return nil
+	}
+	if _, err := lookupExecutableFunc("resolvectl"); err != nil {
+		return nil
+	}
+	if _, err := d.runner.Run(ctx, "ip", "link", "show", d.config.BridgeName); err != nil {
+		return nil
+	}
+	_, err := d.runner.RunSudo(ctx, "resolvectl", "revert", d.config.BridgeName)
+	return err
+}
+
+func (d *Daemon) ensureVMDNSResolverRouting(ctx context.Context) {
+	if err := d.syncVMDNSResolverRouting(ctx); err != nil && d.logger != nil {
+		d.logger.Warn("vm dns resolver route sync failed", "bridge", d.config.BridgeName, "error", err.Error())
+	}
+}