Bug#318464: [Resolvconf-devel] Bug#318464: resolvconf: Cascaded
Daniel Kahn Gillmor
dkg-debian.org at fifthhorseman.net
Mon Feb 5 20:32:16 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
At 2007-02-05 09:12, tobias.reckhard at secunet.com said:
> The advantage of this setup over one with only one dnscache is that
> you can make changes to the dnscache redirection configuration,
> which requires a restart of dnscache to take effect, without losing
> your cache of DNS data, because the dnscache instance with the large
> cache needn't be restarted.
interesting. i'd never thought of using dnscache cascaded like this.
You're adding a layer of indirection (and caching most requests twice
on your machine), but i can see how there's an advantage in what you
describe, if you want to retain your dnscache between restarts.
> The dnscache script in the resolvconf package breaks this setup by
> overwriting the root/servers/@ file of the forward-only-dnscache
> with its own address, leading to a forwarding loop. This effectively
> breaks all DNS reolution on the system.
yuck. That's no good at all. How is your dnscache instance's IP
address getting added to the nameserver list?
> If resolvconf is to continue to manage the root/servers/@ file of
> all forward-only dnscache instances on a host, it would make sense
> to modify only those which do not point to the host itself, i.e. to
> an address within 127/8 or to one of the host's own IP addresses,
> such as 188.8.131.52 in the example above.
Can you try the following patch to /etc/resolvconf/update.d/dnscache
and see if it works for you? The logic is (or should be):
if the IP address this dnscache instance binds to is listed in the
set of nameservers, do not repoint its "@" reference.
Does that sound right to you?
Thanks for your report,
- --- dnscache (revision 47)
+++ dnscache (working copy)
@@ -72,6 +72,21 @@
+# returns 0 only if the first argument is repeated in the rest of the
+ local tester="$1"
+ local foo
+ for foo in "$@"; do
+ if [ "$tester" == "$foo" ]; then
+ return 0
+ return 1
### Compile list of nameservers ###
@@ -102,6 +117,12 @@
for CACHE in $CACHES ; do
+ if ( [ -f "$CACHE/env/IP" ] && is_in "$(cat "$CACHE/env/IP")" $NMSRVRS ); then
+ # don't bother with this one, because its ip address is in
+ # the nameservers list and we don't want a loop (see
+ # discussion on bug 318464)
cp "$TMPFILE" "$CACHE/root/servers/@"
# Restart the cache if it's already running:
if [ `dirname "$CACHE"`x == '/var/servicex' ]; then
@@ -111,6 +132,7 @@
# this is probably managed by daemontools
[ "$SVC_CMD" ] && $SVC_CMD -t "$CACHE"
rm -f "$TMPFILE"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
-----END PGP SIGNATURE-----
More information about the Resolvconf-devel