Why openresolv over the Debian implementation? Here’s some reasons:

  • Works with POSIX shell and userland
  • Does not need awk, grep or sed which means we can work without /usr mounted
  • Works with other init systems than Debians’ out of the box
  • Available as a 2 clause BSD license
  • Prefer configurations via IF_METRIC for dynamic ordering
  • Ability to Deprecate and Activate configurations by pattern
  • Configures zones for local resolvers other than libc
  • Mark configurations as private (so not in /etc/resolv.conf)

The last two points are quite important, especially when running VPN systems. Take the following resolv.conf files which have been generated by a DHCP client and sent to resolvconf:

# resolv.conf from bge0
search foo.com

# resolv.conf from tap0
domain bar.org

In this instance, queries for foo.com will go to and queries for bar.org will go to If either have been marked as private then they will only be forwarded queries for their search or domain names. This does require the resolvers to be configured to pickup the resolvconf generated configuration for them though. openresolv ships with helpers for dnsmasq, ISC BIND, PowerDNS Recursor and unbound.

See the configuration section for more details.