[Resolvconf-devel] Bug#318464: resolvconf: Cascaded dnscache
tobias.reckhard at secunet.com
Mon Feb 5 09:12:57 CET 2007
Followup-For: Bug #318464
The behaviour of the dnscache script in the resolvconf package is
incompatible with systems using two (or more) cascaded dnscaches. Here
is a brief explanation of the setup:
* A system has a dnscache with a small cache on its externally
reachable IP address. This dnscache is configured as a FORWARDONLY
cache by means of the env/FORWARDONLY file, instructing it to
forward all of the requests it can't answer from its cache to the
parent server(s) listed in the file root/servers/@. However, it
still obeys locally configured redirections in the directory
root/servers, meaning that it will e.g. query the DNS server at
18.104.22.168 for DNS info regarding www.example.com if there is a file
root/servers/example.com containing "22.214.171.124" (minus the quotes).
In this case, the @ file contains the IP address of the second
dnscache instance (see below), in my case 127.0.0.3.
* The system has a second dnscache instance on another IP address, in
my case 127.0.0.3, with a large chache. It is an iterative resolver,
meaning that env/FORWARDONLY does not exist and it's got the list of
root servers in the file root/servers/@.
* /etc/resolv.conf contains the address of the forward-only-cache,
i.e. a line containing "nameserver 126.96.36.199" in this example.
The advantage of this setup over one with only one dnscache is that you
can make changes to the dnscache redirection configuration, which
requires a restart of dnscache to take effect, without losing your cache
of DNS data, because the dnscache instance with the large cache needn't
The dnscache script in the resolvconf package breaks this setup by
overwriting the root/servers/@ file of the forward-only-dnscache with
its own address, leading to a forwarding loop. This effectively breaks
all DNS reolution on the system.
If resolvconf is to continue to manage the root/servers/@ file of all
forward-only dnscache instances on a host, it would make sense to modify
only those which do not point to the host itself, i.e. to an address
within 127/8 or to one of the host's own IP addresses, such as 188.8.131.52
in the example above.
Could you please consider this option?
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-2-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages resolvconf depends on:
ii coreutils 5.97-5 The GNU core utilities
ii debconf [debconf-2.0] 1.5.8 Debian configuration management sy
ii lsb-base 3.1-22 Linux Standard Base 3.1 init scrip
resolvconf recommends no packages.
-- debconf information:
More information about the Resolvconf-devel