New rc.d/named features for testing: auto-forwarding and wait on boot

Tue Mar 31 23:14:00 PDT 2009

On Tuesday 31 March 2009 22:22:45 Doug Barton wrote:
> Mel Flynn wrote:
> > Hi Doug,
> >
> > On Tuesday 31 March 2009 08:17:35 Doug Barton wrote:
> >>> In addition to enabling auto_forward you can also enable
> >>> auto_forward_only which changes from the default 'forward first' to
> >>> (you guessed it) 'forward only'.
> >>
> >> And of course, the patch:
> >> http://dougbarton.us/Downloads/rcd-named.diff
> >
> > Snippet:
> > +				if [ -z "$firstns" ]; then
> > +					if [ ! "$nsip" = '127.0.0.1' ]; then
> > +						echo 'nameserver 127.0.0.1'
> > +						echo "		${nsip};" >> /var/run/auto_forward.conf
> > +					fi
> >
> > I think the hardcoded 127.0.0.1 should be configurable especially
> > considering prepend-domain-nameservers option for dhclient.conf(5).
>
> I'm not sure you understand the goal. The idea here is to use the
> local resolver first, as a forwarder. If that usage would conflict
> with something that you prepend in dhclient.conf, don't enable both
> options.

But the local resolver is assumed to be 127.0.0.1, not for example 
192.168.1.10 or ::1. I agree prepending a nameserver and autoforward are not 
the best combo, but it can be handy in case you stop named (free up resources, 
you temporarily want) to still be able to resolve (though with a delay).
Either way, you're writing 127.0.0.1 to resolv.conf, yet not setting a listen-
on in named so the two can be out of sync, though documentation can fix this.
On my home network, pppoe on the gateway updates /etc/resolv.conf and I later 
insert the named running on 192.168.2.51. Named doesn't listen on 127.0.0.1 
(didn't see a need to do this). At the very least, it would be nice if a 
warning was added if listen-on.*127.0.0.1 could not be found in 
/etc/namedb/named.conf.

> > Now you risk using
> > yourself as forwarder if you expose the resolver to the internal network
>
> Sorry, I'm not parsing this. The 127.0.0.1 address is not added to the
> forwarders list, if that's what you're concerned about.

But a 192.168.1.10 would be.

> Come to think
> of it, the lines you pasted handle that address only if it's first. I
> just updated the patch to handle 127.0.0.1 coming later in the file,
> thanks!

>
> > (whether it be through dhclient or statically).
> > Also, maybe the combo of autoforward and dhclient should be guarded
> > against, since there's no telling which comes up first
>
> Ummmm.... that's completely false. rcorder determines that the network
> will be up first, so not only is there no harm in using both, it's how
> I've done all my testing.

And what happens if the DHCP server cannot be reached within 5 tries, but will 
once it's in the background?
Also, rcorder shows NETWORKING before named, yet dhclient after, though with 
the changes of (a)sync dhclient lately, I should probably familiarize myself 
again with what exactly is done.

> There is really no point in using this
> option if you are on a static network, you could just configure
> forwarders in named.conf yourself.

Since forwarders are picked up from /etc/resolv.conf I was ready to abuse the 
feature and not worry about changing named.conf, but yes you are right :).

> > Lastly, 127.0.0.1 and ::1 aren't equal, yet they are the same thing ;)
>
> I have no idea what you're trying to say here. However, we currently
> don't support (TMK anyway) IPv6-only configurations, although I'd like
> to see us do so sometime soon ...

Noted.
-- 
Mel