Bug#318464: [Resolvconf-devel] Bug#318464: resolvconf: Cascaded
dnscache incompatibility
Tobias Reckhard
tobias.reckhard at secunet.com
Tue Feb 6 09:30:27 CET 2007
Hi Daniel
First of all, thanks a lot for the quick response.
Daniel Kahn Gillmor wrote the following on 05.02.2007 20:32:
> At 2007-02-05 09:12, tobias.reckhard at secunet.com said:
>
>>> The advantage of this setup over one with only one dnscache is that
>>> you can make changes to the dnscache redirection configuration,
>>> which requires a restart of dnscache to take effect, without losing
>>> your cache of DNS data, because the dnscache instance with the large
>>> cache needn't be restarted.
>
> interesting. i'd never thought of using dnscache cascaded like this.
It's been talked about on the djbdns mailing list, however that was a
while ago.
> You're adding a layer of indirection (and caching most requests twice
> on your machine), but i can see how there's an advantage in what you
> describe, if you want to retain your dnscache between restarts.
This is especially the case if the contents of the root/servers
directory are rather fluctuative. In this specific case, some NAT idiocy
(IMHO) forces us to short-circuit many DNS paths using entries in the
root/servers directory. Any change to the latter previously lost us the
entire cache.
>>> The dnscache script in the resolvconf package breaks this setup by
>>> overwriting the root/servers/@ file of the forward-only-dnscache
>>> with its own address, leading to a forwarding loop. This effectively
>>> breaks all DNS reolution on the system.
>
> yuck. That's no good at all.
Yep, you've said it.
> How is your dnscache instance's IP
> address getting added to the nameserver list?
The forward-only dnscache's IP address (1.2.3.4 in my example) is
defined as the nameserver in /etc/resolv.conf. If I understood it right,
the dnscache script in the resolvconf package looks for forward-only
dnscaches and overwrites their root/servers/@ with the nameserver
entries in /etc/resolv.conf.
>>> If resolvconf is to continue to manage the root/servers/@ file of
>>> all forward-only dnscache instances on a host, it would make sense
>>> to modify only those which do not point to the host itself, i.e. to
>>> an address within 127/8 or to one of the host's own IP addresses,
>>> such as 1.2.3.4 in the example above.
>
> Can you try the following patch to /etc/resolvconf/update.d/dnscache
> and see if it works for you? The logic is (or should be):
>
> if the IP address this dnscache instance binds to is listed in the
> set of nameservers, do not repoint its "@" reference.
>
> Does that sound right to you?
Yes, that's an alternative to the approach I outline. In fact, I came up
with the same idea later yesterday and had thought about telling you
about it. No need to do that anymore. :-)
I'll try the patch on another machine that's not in production use yet
but is otherwise almost identical.
> Thanks for your report,
Don't mention it. Thanks for your Quick help.
Cheers,
Tobias
More information about the Resolvconf-devel
mailing list