[CFR] reflect resolv.conf update to running application
Doug Barton
dougb at FreeBSD.org
Thu Sep 15 01:32:18 PDT 2005
Matthew N. Dodd wrote:
> On Thu, 8 Sep 2005, Brooks Davis wrote:
>
>> I've looked this over and while I like the concept, I think the
>> implementation could be improved. First, it looks like named.conf has
>> an include directive what is conveniently undocumented in the manpage,
>> but in the BIND 9 Administrator Reference Manual at:
>>
>> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch06.html#AEN1534
>>
>> so if it actually works, we should use that instead of rebuiling the
>> config file each time.
Yes, include works, but it runs a similar risk to modifying the named.conf
file, namely if the syntax of the the statements in the include file are not
right, loading named.conf will fail. So, we should build some caution into
the process of updating the file, but that's easily done with the
named-checkconf program that comes with the distribution.
>> Second, the forwarders file should default to
>> living in the /var/run of the named chroot since we default to chrooted
>> operation these day.
chroot good, yes. :) I'm not sure exactly where the forwarders file should
live though. I'm leaning towards (the chrooted) /etc/namedb, but I need to
think about it a little more.
>> Third, I think we need to kick the server with
>> "rndc reconfig" once the file is updated.
Yeah, but we need to work in the test of the new conf file first, as above.
> Attached.
Matthew, this is great stuff, thanks! A few comments.
> + rm -f ${dhclient_script_forwarders_file}.$$
> + echo " forward only;" > ${dhclient_script_forwarders_file}.$$
This should really be 'forward first'. That configuration is less likely to
fail in weird, and hard to diagnose ways. This is wrong in the default
named.conf file, but it's not enabled by default, and I need to change that.
> + mv ${dhclient_script_forwarders_file}.$$ ${dhclient_script_forwarders_file}
This isn't perfect, but something like:
if [ -f "${dhclient_script_forwarders_file}" ]; then
if named-checkconf /etc/namedb/named.conf; then
rm ${dhclient_script_forwarders_file}. old
mv ${dhclient_script_forwarders_file} \
${dhclient_script_forwarders_file}.old &&
mv ${dhclient_script_forwarders_file}.$$ \
${dhclient_script_forwarders_file}
if named-checkconf /etc/namedb/named.conf; then
rm ${dhclient_script_forwarders_file}.old
else
mv ${dhclient_script_forwarders_file}.old \
${dhclient_script_forwarders_file}
fi
else
mv ${dhclient_script_forwarders_file}.$$ \
${dhclient_script_forwarders_file}
fi
else
mv ${dhclient_script_forwarders_file}.$$ \
${dhclient_script_forwarders_file}
fi
if named-checkconf /etc/namedb/named.conf; then
rndc reconfig
fi
hth,
Doug
--
This .signature sanitized for your protection
More information about the freebsd-arch
mailing list