Bug#318464: [Resolvconf-devel] Bug#318464: resolvconf: Cascaded dnscache incompatibility

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Mon Feb 5 20:32:16 CET 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 2007-02-05 09:12, tobias.reckhard at secunet.com said:

> The advantage of this setup over one with only one dnscache is that
> you can make changes to the dnscache redirection configuration,
> which requires a restart of dnscache to take effect, without losing
> your cache of DNS data, because the dnscache instance with the large
> cache needn't be restarted.

interesting.  i'd never thought of using dnscache cascaded like this.
You're adding a layer of indirection (and caching most requests twice
on your machine), but i can see how there's an advantage in what you
describe, if you want to retain your dnscache between restarts.

> The dnscache script in the resolvconf package breaks this setup by
> overwriting the root/servers/@ file of the forward-only-dnscache
> with its own address, leading to a forwarding loop. This effectively
> breaks all DNS reolution on the system.

yuck.  That's no good at all.  How is your dnscache instance's IP
address getting added to the nameserver list?

> If resolvconf is to continue to manage the root/servers/@ file of
> all forward-only dnscache instances on a host, it would make sense
> to modify only those which do not point to the host itself, i.e. to
> an address within 127/8 or to one of the host's own IP addresses,
> such as 1.2.3.4 in the example above.

Can you try the following patch to /etc/resolvconf/update.d/dnscache
and see if it works for you?  The logic is (or should be):

   if the IP address this dnscache instance binds to is listed in the
   set of nameservers, do not repoint its "@" reference.

Does that sound right to you?

Thanks for your report,

	--dkg


Index: dnscache
===================================================================
- --- dnscache	(revision 47)
+++ dnscache	(working copy)
@@ -72,6 +72,21 @@
 	done
 }
 
+# returns 0 only if the first argument is repeated in the rest of the
+# arguments
+is_in() { 
+    local tester="$1"
+    local foo
+    shift
+    for foo in "$@"; do
+	if [ "$tester" == "$foo" ]; then
+	    return 0
+	fi
+    done
+    return 1
+}
+
+
 RSLVCNFFILES="$(/lib/resolvconf/list-records)"
 
 ### Compile list of nameservers ###
@@ -102,6 +117,12 @@
 
 
 for CACHE in $CACHES ; do
+    if ( [ -f "$CACHE/env/IP" ] && is_in "$(cat "$CACHE/env/IP")" $NMSRVRS ); then
+	# don't bother with this one, because its ip address is in
+	# the nameservers list and we don't want a loop (see
+	# discussion on bug 318464)
+	continue
+    else
 	cp "$TMPFILE" "$CACHE/root/servers/@"
 	# Restart the cache if it's already running:
 	if [ `dirname "$CACHE"`x == '/var/servicex' ]; then
@@ -111,6 +132,7 @@
 	    # this is probably managed by daemontools
 	    [ "$SVC_CMD" ] && $SVC_CMD -t "$CACHE"
 	fi
+    fi
 done
 
 rm -f "$TMPFILE"



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFFx4YviXTlFKVLY2URAq7bAKDW/OE8zOtzEhPa/Y1cXsqQUvtquwCbBYSR
k3b2h7Z2bDyAEvs+XkKGqY8=
=WbG7
-----END PGP SIGNATURE-----

More information about the Resolvconf-devel mailing list