From d1060e7ee35d07747e3c522b5d97573596a72f41 Mon Sep 17 00:00:00 2001
From: Olivier <olivier@raspot.in>
Date: Fri, 22 May 2026 14:21:02 +0200
Subject: [PATCH] Persist DNS across Debian resolvers

---
 README.md                   |  5 ++-
 configure-debian-network.sh | 83 +++++++++++++++++++++++++++++++++++--
 2 files changed, 84 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 1481aa0..bc4a2c7 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,8 @@ Le script réseau cible une installation serveur Debian classique utilisant :
 - 🔐 une exécution en root via `sudo`
 
 Il ne vise pas les postes avec NetworkManager, interface graphique ou gestion réseau desktop.
-Si `dhcpcd` est présent ou si `/etc/resolv.conf` est généré par `dhcpcd`, le script ajoute aussi un bloc statique dédié dans `/etc/dhcpcd.conf` afin que les DNS soient conservés après redémarrage.
+Si `dhcpcd` est présent ou si `/etc/resolv.conf` est généré par `dhcpcd`, le script ajoute aussi un bloc statique dédié dans `/etc/dhcpcd.conf` et un hook `/etc/dhcpcd.exit-hook` afin que les DNS soient conservés après régénération.
+Si `systemd-resolved` est détecté, le script écrit également une configuration persistante dans `/etc/systemd/resolved.conf.d/99-configure-debian-network.conf`.
 
 ## 🚀 Utilisation réseau
 
@@ -102,6 +103,8 @@ Avant modification, le script sauvegarde les fichiers concernés avec un suffixe
 /etc/hosts.bak.YYYYMMDD-HHMMSS
 /etc/network/interfaces.bak.YYYYMMDD-HHMMSS
 /etc/dhcpcd.conf.bak.YYYYMMDD-HHMMSS
+/etc/dhcpcd.exit-hook.bak.YYYYMMDD-HHMMSS
+/etc/systemd/resolved.conf.d/99-configure-debian-network.conf.bak.YYYYMMDD-HHMMSS
 /etc/resolv.conf.bak.YYYYMMDD-HHMMSS
 ```
 
diff --git a/configure-debian-network.sh b/configure-debian-network.sh
index 2a8914b..519e409 100755
--- a/configure-debian-network.sh
+++ b/configure-debian-network.sh
@@ -211,6 +211,16 @@ has_dhcpcd() {
     grep -qi 'dhcpcd' /etc/resolv.conf 2>/dev/null
 }
 
+# Indique si systemd-resolved semble gerer la resolution DNS.
+has_systemd_resolved() {
+  local resolv_target
+
+  resolv_target="$(readlink -f /etc/resolv.conf 2>/dev/null || true)"
+  [[ "${resolv_target}" == *systemd/resolve* ]] ||
+    [[ -e /lib/systemd/system/systemd-resolved.service ]] ||
+    [[ -e /usr/lib/systemd/system/systemd-resolved.service ]]
+}
+
 # Met a jour /etc/dhcpcd.conf avec un bloc statique dedie au script.
 write_dhcpcd_conf() {
   local interface="$1"
@@ -244,14 +254,73 @@ write_dhcpcd_conf() {
   rm -f "${tmp_file}"
 }
 
-# Ecrit les serveurs DNS dans /etc/resolv.conf quand ce fichier n'est pas gere par lien symbolique.
+# Ajoute un hook dhcpcd qui restaure les DNS apres regeneration de resolv.conf.
+write_dhcpcd_dns_hook() {
+  local dns_servers="$1"
+  local resolv_target
+  local server tmp_file
+
+  if ! has_dhcpcd; then
+    return 0
+  fi
+
+  resolv_target="$(readlink -f /etc/resolv.conf 2>/dev/null || true)"
+  if [[ "${resolv_target}" == *systemd/resolve* ]]; then
+    return 0
+  fi
+
+  touch /etc/dhcpcd.exit-hook
+  tmp_file="$(mktemp)"
+  awk '
+    $0 == "# BEGIN configure-debian-network.sh" { skip = 1; next }
+    $0 == "# END configure-debian-network.sh" { skip = 0; next }
+    skip != 1 { print }
+  ' /etc/dhcpcd.exit-hook > "${tmp_file}"
+
+  {
+    printf '\n# BEGIN configure-debian-network.sh\n'
+    printf 'cat > /etc/resolv.conf <<'\''EOF_DNS'\''\n'
+    printf '# Fichier genere par configure-debian-network.sh via dhcpcd.exit-hook\n'
+    for server in ${dns_servers}; do
+      printf 'nameserver %s\n' "${server}"
+    done
+    printf 'EOF_DNS\n'
+    printf '# END configure-debian-network.sh\n'
+  } >> "${tmp_file}"
+
+  install -m 0755 "${tmp_file}" /etc/dhcpcd.exit-hook
+  rm -f "${tmp_file}"
+}
+
+# Configure les DNS persistants pour systemd-resolved si ce backend est present.
+write_systemd_resolved_conf() {
+  local dns_servers="$1"
+
+  if ! has_systemd_resolved; then
+    return 0
+  fi
+
+  install -m 0755 -d /etc/systemd/resolved.conf.d
+  cat > /etc/systemd/resolved.conf.d/99-configure-debian-network.conf <<EOF
+# Fichier genere par configure-debian-network.sh
+[Resolve]
+DNS=${dns_servers}
+Domains=~.
+EOF
+}
+
+# Ecrit les serveurs DNS dans /etc/resolv.conf quand c'est pertinent.
 write_resolv_conf() {
   local dns_servers="$1"
+  local resolv_target
   local server
 
   if [[ -L /etc/resolv.conf ]]; then
-    echo "/etc/resolv.conf est un lien symbolique, il ne sera pas modifie directement."
-    return 0
+    resolv_target="$(readlink -f /etc/resolv.conf 2>/dev/null || true)"
+    if [[ "${resolv_target}" == *systemd/resolve* ]] || ! has_dhcpcd; then
+      echo "/etc/resolv.conf est un lien symbolique, il ne sera pas modifie directement."
+      return 0
+    fi
   fi
 
   {
@@ -322,9 +391,13 @@ main() {
   if [[ "${network_changed}" -eq 1 ]]; then
     backup_file /etc/network/interfaces
     backup_file /etc/dhcpcd.conf
+    backup_file /etc/dhcpcd.exit-hook
+    backup_file /etc/systemd/resolved.conf.d/99-configure-debian-network.conf
     backup_file /etc/resolv.conf
     write_network_interfaces "${interface}" "${ip_cidr}" "${gateway}" "${dns_servers}"
     write_dhcpcd_conf "${interface}" "${ip_cidr}" "${gateway}" "${dns_servers}"
+    write_dhcpcd_dns_hook "${dns_servers}"
+    write_systemd_resolved_conf "${dns_servers}"
     write_resolv_conf "${dns_servers}"
   fi
 
@@ -337,6 +410,10 @@ main() {
         systemctl restart dhcpcd
         echo "Service dhcpcd redemarre."
       fi
+      if has_systemd_resolved && systemctl is-active --quiet systemd-resolved; then
+        systemctl restart systemd-resolved
+        echo "Service systemd-resolved redemarre."
+      fi
       if systemctl restart networking; then
         echo "Service networking redemarre."
       else