Bring back DNS and /etc/resolv.conf user control

Isn’t connmand used by default? So don’t change /etc/resolv.conf but connmand’ s nameserver config. First list the services:

# connmanctl services
*AO SSID                 wifi_xyz_xyz_managed_psk
*A  XYZ                    cellular_IMSI_context123

Next you can change the nameserver:

# connmanctl config wifi_xyz_xyz_managed_psk --nameservers

That change should apply to AD as well but will be overwritten by every network change.

1 Like

Exactly. And mdns can be resolved at the application level (i suppose that’s what firefox does when it detect an address ending in .local).

@kan_ibal I fully agree to your initial request, once, as you wrote, because of AD, to keep control over what Android apps may do, but also in general to retain control over wanted or preferred device behavior.
In the last few days I struggled with making dnsmasq work in parallel to connman’s central role in SFOS, and unluckily failed.

wiki.ubuntu says about connman: ‘The Connection Manager is designed to be slim and to use as few resources as possible, so it can be easily integrated.’
Searcing the net and comparing range of functions of both, in my opinion connman is too slim. My idea (and suggestion) is, Jolla should replace connman by dnsmasq, and restore full user control over it.

edit: Or Jolla could provide a well tested way to enable dnsmasq beside connman without crashes and one break the other.

You are claiming it works but according this bug it doesn’t. How is that possible?

No. It doesn’t apply to AD.

1 Like

You are right. I just ran a trace and tcpdump told me that AD uses with DNS over TLS (port 853) for DNS resolution by default. In this thread they claim, that blocking these requests will make android fall back to plain DNS (port 53) but I haven’t tested that.



[root@xperia ~]# iptables -A OUTPUT -p tcp --dport 853 -j REJECT`

AD uses on port 53 and still not connmand. But now a redirect to some other DNS server becomes feasible.

2nd edit:

I tested some more. DNS over TLS can be disabled in the Android settings app, no need for a firewall hack.


There you also find the DNS IP that is in use for your current connection. It seems to be provided by connman since it shows my locally changed address ( at that time).

No idea.

1 Like

My attempt to set a consistent DNS system for SailfishOS as
DNS alternative package that contains set of config files.
Dnsmasq serves as local DNS service @, Dnscrypt-proxy serves as DNS service for external request @ with blocklist (ads, malware etc.). AlienDalvik uses /etc/host via dnsmasq.

Is it possible to install Dnsmasq and delete/uninstall Connman and use Dnsmasq for everything that the Sailfish phone needs? (because in my experience Dnsmasq + Connman conflict one with the other when installed on the same phone)

Connman is a connection manager, which establishes a connection to network. So you would need an alternative connection manager.


It is impossible to remove Connman.
Connman and dnsmasq doesn’t interfere with each other if you properly configure a Connman. This package disables connman’s dns proxy and disables connman’s changes in /etc/resolv.conf.


Thanks for info, so I can try again (had bad luck and no success last time I tried).

@miau I thought of using Dnsmasq instead of Connman as an alternative connection manager, exactly as you wrote.

In SFOS 4.5 AD is set to use dns proxy @ and @::1. That is connman’s dns proxy.
So that issue is fixed.

1 Like

@Seven.of.nine You need to add the --nodnsproxy proxy flag to connmand. You can do that by runing devel-su systemctl edit connman and pasting this into there:


Afterwards run devel-su systemctl restart connman and connman won’t touch your resolv.conf again.

Edit: Corrected override.conf. Thx to @kan_ibal


I created a wiki article for this topic: Custom DNS | SailfishOS community wiki

If there are errors or things I missed out, I hope you contribute your gained knowledge and fix that.


Does this package configure everything automatically, or some manual tweaking should be done?

No. This is not true. You haven’t checked that. Have you?
Parameter --nodnsproxy disables only dns proxy that Connman runs @localhost. To force Connman not to touch /etc/resolv.conf you have to use:


in override.conf file. All details you can find at DNS alternative page.

It is supposed to be completely configured and run without manual tweaking. At the moment it should run after install but upgrading and uninstalling is not tested enough so if you don’t want to dig in terminal wait for revision 1.0.

1 Like

I used this method for more than a year on a my Laptop. Your override.conf was probably misconfigured your override.conf and it didn’t do the effect you wanted. It is also instructed on the manpage and on Archwiki that way. Maybe I misunderstood you, can you elaborate further?

Thanks. I think I’ll wait a bit longer but it does sound pretty cool.