[CFR] reflect resolv.conf update to running application

Doug Barton dougb at FreeBSD.org
Thu Sep 15 01:32:18 PDT 2005 

Matthew N. Dodd wrote:
> On Thu, 8 Sep 2005, Brooks Davis wrote:
> 
>> I've looked this over and while I like the concept, I think the
>> implementation could be improved.  First, it looks like named.conf has
>> an include directive what is conveniently undocumented in the manpage,
>> but in the BIND 9 Administrator Reference Manual at:
>>
>> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch06.html#AEN1534
>>
>> so if it actually works, we should use that instead of rebuiling the
>> config file each time. 

Yes, include works, but it runs a similar risk to modifying the named.conf 
file, namely if the syntax of the the statements in the include file are not 
  right, loading named.conf will fail. So, we should build some caution into 
the process of updating the file, but that's easily done with the 
named-checkconf program that comes with the distribution.

>> Second, the forwarders file should default to
>> living in the /var/run of the named chroot since we default to chrooted
>> operation these day. 

chroot good, yes. :) I'm not sure exactly where the forwarders file should 
live though. I'm leaning towards (the chrooted) /etc/namedb, but I need to 
think about it a little more.

>> Third, I think we need to kick the server with
>> "rndc reconfig" once the file is updated.

Yeah, but we need to work in the test of the new conf file first, as above.

> Attached.

Matthew, this is great stuff, thanks! A few comments.


> +	rm -f ${dhclient_script_forwarders_file}.$$
> +	echo "	forward only;" > ${dhclient_script_forwarders_file}.$$

This should really be 'forward first'. That configuration is less likely to 
fail in weird, and hard to diagnose ways. This is wrong in the default 
named.conf file, but it's not enabled by default, and I need to change that.

> +	mv ${dhclient_script_forwarders_file}.$$ ${dhclient_script_forwarders_file}

This isn't perfect, but something like:

if [ -f "${dhclient_script_forwarders_file}" ]; then
	if named-checkconf /etc/namedb/named.conf; then
		rm ${dhclient_script_forwarders_file}. old
		mv ${dhclient_script_forwarders_file} \
		    ${dhclient_script_forwarders_file}.old &&
		mv ${dhclient_script_forwarders_file}.$$ \
		    ${dhclient_script_forwarders_file}
		if named-checkconf /etc/namedb/named.conf; then
			rm ${dhclient_script_forwarders_file}.old
		else
			mv ${dhclient_script_forwarders_file}.old \
			    ${dhclient_script_forwarders_file}
		fi
	else
		mv ${dhclient_script_forwarders_file}.$$ \
		    ${dhclient_script_forwarders_file}
	fi
else
	mv ${dhclient_script_forwarders_file}.$$ \
	    ${dhclient_script_forwarders_file}
fi

if named-checkconf /etc/namedb/named.conf; then
	rndc reconfig
fi


hth,

Doug

-- 

     This .signature sanitized for your protection

More information about the freebsd-arch mailing list