[FS#97] dnsmasq doesn't receive updated dns servers when running inside ujail

LEDE Bugs lede-bugs at lists.infradead.org
Tue Oct 17 16:14:19 PDT 2017 

Good idea, but to ponder a little more: how would this relate to other (caching) forwarding resolvers ?

For instance, unbound, besides being a recursive resolver itself, can also (selectively) forward queries and may for that purpose use the upstream nameservers that netifd lists in resolv.conf.auto. So any forwarding nameserver running jailed would need to add this file into its jail. To be clear: a DNS service only needs access to netifd's auto resolvfile when it want to know what upstream nameservers are available for forwarding.

Once started, a forwarding resolver may add itself to the the local resolvers for clib that are listed in /etc/resolv.conf (typically 127.0.0.1, no port can be specified and is therefor 53, unless port redirection is set up). When no local resolver is (yet) running /etc/resolv.conf by default soft links to the auto resolvfile. The current implementation of setting /etc/resolv.conf could be improved on.

Especially when running unbound and dnsmasq together, the latter providing DHCP for local subnets and name resolution for the leased IPs, and unbound being the main resolver, is a use case that needs improvement. The master branch of unbound, when configured to (also) listen on 17.0.0.1#53 and no other resolver yet listening there on, handles the local resolvfile, but the stable for-17.1 branch does not.

An attempt at changing streamlining dnsmasq its handling of the local resolvfile to that as implemented in the master branch of unbound wasn't merged because it seemed wiser to devise a more generic solution that also would be atomic.

Is the addition of an API to netifd that would allow a resolver to be (atomically) added or removed (push/pop) from the local resolvfile a good idea ? BTW, in what specific order does clib query the nameservers listed in the local resolvfile ?

Paul


> Op 9 okt. 2017, om 22:09 heeft LEDE Bugs <lede-bugs at lists.infradead.org> het volgende geschreven:
> 
> The following task has a new comment added:
> 
> FS#97 - dnsmasq doesn't receive updated dns servers when running inside ujail
> User who did this - Nathaniel Wesley Filardo (nwf)
> 
> ----------
> May I propose that netifd write not to /tmp/resolv.conf.auto but to /tmp/netifd/resolv.conf or similar, so that /tmp/netifd can be mounted into the jail as a directory and inotify will work?
> ----------
> 
> More information can be found at the following URL:
> https://bugs.lede-project.org/index.php?do=details&task_id=97#comment3581
> 
> _______________________________________________
> lede-bugs mailing list
> lede-bugs at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-bugs



-- 
Paul Oranje
M	+31 (6) 21278389
T	+31 (20) 4941306
Achterlaan 20, 1027 AK Zunderdorp

GPG key ID 0xB833CA27


p.s.
ik gebruik voortaan paul at oranjevos.nl voor privémail; mail gericht aan mijn xs4all adressen (p.oranje, paul.oranje, por en phoranje) blijft voorlopig nog arriveren.

More information about the lede-bugs mailing list