[LEDE-DEV] [PATCH v3] dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53

Paul Oranje phoranje at gmail.com
Tue Jun 20 01:41:58 PDT 2017 

For those that want to test the dnsmasq patch on LEDE 17.01, see the attached patch file adapted for 17.01(.2).
In the LEDE source root dir:

git apply 0001-dnsmasq-manage-resolv.conf-iff-when-listening-on-127-lede-17.01.2.patch

For those that also want to test the accompanying unbound patch on LEDE 17.01, see the attached patch file adapted for 17.01(.2).
In the feeds/packages dir:

git apply 0001-unbound-manage-resolv.conf-iff-when-listening-on-127-17.01.patch

Good luck,
Paul

> Op 19 jun. 2017, om 21:08 heeft Ben Pfountz <netprince at vt.edu> het volgende geschreven:
> 
> I tested this patch with a standard install, as well as with noresolv=1 and 2 servers configured with opendns, and it worked fine. /etc/resolv.conf still correctly listed 127.0.0.1 and ::1 as the local nameserver.
> 
> Ben
> 
> On 6/19/2017 6:16 AM, Paul Oranje wrote:
>> this patch has been resend with corrected title (not "if", but "iff")
>> sorry for the spamming
>>> Op 18 jun. 2017, om 09:46 heeft Paul Oranje <por at xs4all.nl> het volgende geschreven:
>>> 
>>> With this patch the dnsmasq init script manages resolv.conf if and only if
>>> when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance).
>>> Also adds ::1 to the resolver file.
>>> 
>>> For unbound a likewise patch exists (PR#4454).
>>> Fixes (combined with the unbound PR) FS#785
>>> 
>>> Signed-off-by: Paul Oranje <por at xs4all.nl>
>>> ---
>>> The intended invariant is that resolv.conf is managed whenever a resolver
>>> listens on 127.0.0.1#53. Besides dnsmasq, unbound can take that role as well
>>> (but only when dnsmasq is not already listens on 127.0.0.1#53).
>>> When no instance of dnsmasq has been configured to listen on 127.0.0.1#53 then
>>> resolv.conf is not touched by dnsmasq.
>>> 
>>> Currently unbound handles resolv.conf also, but leaves it to dnsmasq whenever
>>> that will run, even when no dnsmasq instance will listen on localhost:53. So
>>> for unbound PR#4454  has been submitted to make sure it always manages
>>> resov.conf when it owns localhost:domain.
>>> 
>>> 
>>> Tests performed:
>>> 
>>> - with/without unbound, dhcp linkages none and dnsmasq
>>> - dnsmasq listens on #53, not #53 (dnsmasq takes precedence when also on #53)
>>> - listen on localhost, not localhost
>>> - noresolv false and true
>>> - one/multiple dnsmasq instances (useless combinations are omitted in testing)
>>> 
>>> single dnsmasq instance
>>>    standard setup
>>> ==> dnsmasq manages resolv.conf
>>> 
>>> two dnsmasq instances, each serving another LAN
>>>    both dnsmasq on #53
>>>    dnsmasq-2 notinterface loopback
>>> ==> dnsmasq-1 manages resolv.conf
>>> 
>>> two dnsmasq unstances and unbound (dhcp_link: none, one dnsmasq behind ubound)
>>>    both dnsmasq on #53
>>>    dnsmasq-2 on #53, notinterface loopback
>>>        noresolv true and server 127.0.0.1#1053
>>>    unbound on #1053
>>> ==> dnsmasq-1 manages resolv.conf
>>> 
>>> two dnsmasq instances and unbound (dhcp_link: dnsmasq)
>>>    dnsmasq-1 on #1053, noresolv true
>>>    dnsmasq-2 on #2053, noresolv true
>>>    unbound on #53
>>>        forward LAN1 to 127.0.0.1#1053, forward LAN2 to 127.0.0.1#2053
>>> ==> unbound manages resolv.conf
>>> 
>>> on init stops resolv.conf is reset to the auto resolvfile.
>>> 
>>> 
>>> History:
>>> v1 -> v2        corrected synxtax error
>>> 		increased PKG_RELEASE
>>> v2		reverted with commit 8180bbac7c237a31bd6e06c63e342c72342b7303
>>> v3		corected errors, setup/teardown routines and thoroughly tested
>>> 
>>> Paul
>>> 
>>> 
>>> package/network/services/dnsmasq/Makefile          |  2 +-
>>> .../network/services/dnsmasq/files/dnsmasq.init    | 79 +++++++++++++++-------
>>> 2 files changed, 55 insertions(+), 26 deletions(-)
>>> 
>>> diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
>>> index f9ab13aef0..35ac6b2891 100644
>>> --- a/package/network/services/dnsmasq/Makefile
>>> +++ b/package/network/services/dnsmasq/Makefile
>>> @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
>>> 
>>> PKG_NAME:=dnsmasq
>>> PKG_VERSION:=2.77
>>> -PKG_RELEASE:=3
>>> +PKG_RELEASE:=4
>>> 
>>> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
>>> PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/
>>> diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
>>> index d5177ecb0c..2a4d7b2239 100644
>>> --- a/package/network/services/dnsmasq/files/dnsmasq.init
>>> +++ b/package/network/services/dnsmasq/files/dnsmasq.init
>>> @@ -707,9 +707,51 @@ dhcp_relay_add() {
>>> 	fi
>>> }
>>> 
>>> +_resolv_setup()
>>> +{
>>> +	local cfg="$1"
>>> +	local port notinterfaces
>>> +
>>> +	config_get port "$cfg" port "53"
>>> +	[ $port = "53" ] || return
>>> +
>>> +	config_get notinterfaces "$cfg" notinterface ""
>>> +	[ -n "$notinterfaces" ] && list_contains notinterfaces "loopback" && return
>>> +
>>> +	# dnsmasq instance is designated to listen on 127.0.0.1#53.
>>> +	# rewrite /tmp/resolv.conf
>>> +	rm -f /tmp/resolv.conf
>>> +	{
>>> +		echo "# /tmp/resolv.conf generated by dnsmasq $cfg $( date )"
>>> +		[ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && {
>>> +			echo "search $DOMAIN"
>>> +		}
>>> +		DNS_SERVERS="$DNS_SERVERS 127.0.0.1 ::1"
>>> +		for DNS_SERVER in $DNS_SERVERS ; do
>>> +			echo "nameserver $DNS_SERVER"
>>> +		done
>>> +	} > /tmp/resolv.conf
>>> +
>>> +	return
>>> +}
>>> +
>>> +_resolv_teardown()
>>> +{
>>> +	cfg="$1"
>>> +
>>> +	case $( cat /tmp/resolv.conf ) in
>>> +	*"generated by dnsmasq $cfg"*)
>>> +		# resolv.conf was written by this instance,
>>> +		# reset /tmp/resolv.conf to default.
>>> +		[ -f /tmp/resolv.conf ] && rm -f /tmp/resolv.conf
>>> +		ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
>>> +		;;
>>> +	esac
>>> +}
>>> +
>>> dnsmasq_start()
>>> {
>>> -	local cfg="$1" disabled resolvfile user_dhcpscript
>>> +	local cfg="$1" disabled noresolv resolvfile user_dhcpscript
>>> 
>>> 	config_get_bool disabled "$cfg" disabled 0
>>> 	[ "$disabled" -gt 0 ] && return 0
>>> @@ -785,7 +827,6 @@ dnsmasq_start()
>>> 	append_bool "$cfg" nonegcache "--no-negcache"
>>> 	append_bool "$cfg" strictorder "--strict-order"
>>> 	append_bool "$cfg" logqueries "--log-queries=extra"
>>> -	append_bool "$cfg" noresolv "--no-resolv"
>>> 	append_bool "$cfg" localise_queries "--localise-queries"
>>> 	append_bool "$cfg" readethers "--read-ethers"
>>> 	append_bool "$cfg" dbus "--enable-dbus"
>>> @@ -854,14 +895,15 @@ dnsmasq_start()
>>> 	config_get_bool cachelocal "$cfg" cachelocal 1
>>> 
>>> 	config_get_bool noresolv "$cfg" noresolv 0
>>> -	if [ "$noresolv" != "1" ]; then
>>> +	if [ "$noresolv" = "1" ]; then
>>> +		xappend "--no-resolv"
>>> +	else
>>> 		config_get resolvfile "$cfg" resolvfile "/tmp/resolv.conf.auto"
>>> +		xappend "--resolv-file=$resolvfile"
>>> 		# So jail doesn't complain if file missing
>>> -		[ -n "$resolvfile" -a \! -e "$resolvfile" ] && touch "$resolvfile"
>>> +		[ -e "$resolvfile" ] && touch "$resolvfile"
>>> 	fi
>>> 
>>> -	[ -n "$resolvfile" ] && xappend "--resolv-file=$resolvfile"
>>> -
>>> 	config_get hostsfile "$cfg" dhcphostsfile
>>> 	[ -e "$hostsfile" ] && xappend "--dhcp-hostsfile=$hostsfile"
>>> 
>>> @@ -973,16 +1015,6 @@ dnsmasq_start()
>>> 	echo >> $CONFIGFILE_TMP
>>> 	mv -f $CONFIGFILE_TMP $CONFIGFILE
>>> 
>>> -	[ "$resolvfile" = "/tmp/resolv.conf.auto" ] && {
>>> -		rm -f /tmp/resolv.conf
>>> -		[ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && {
>>> -			echo "search $DOMAIN" >> /tmp/resolv.conf
>>> -		}
>>> -		DNS_SERVERS="$DNS_SERVERS 127.0.0.1"
>>> -		for DNS_SERVER in $DNS_SERVERS ; do
>>> -			echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf
>>> -		done
>>> -	}
>>> 
>>> 	procd_open_instance $cfg
>>> 	procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."${cfg}".pid
>>> @@ -1000,21 +1032,18 @@ dnsmasq_start()
>>> 	procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile
>>> 
>>> 	procd_close_instance
>>> +
>>> +
>>> +	# rewrite /tmp/resolv.conf only for main instance
>>> +	_resolv_setup $cfg
>>> }
>>> 
>>> dnsmasq_stop()
>>> {
>>> 	local cfg="$1"
>>> 
>>> -	config_get resolvfile "$cfg" "resolvfile"
>>> -
>>> -	#relink /tmp/resolve.conf only for main instance
>>> -	[ "$resolvfile" = "/tmp/resolv.conf.auto" ] && {
>>> -		[ -f /tmp/resolv.conf ] && {
>>> -			rm -f /tmp/resolv.conf
>>> -			ln -s "$resolvfile" /tmp/resolv.conf
>>> -		}
>>> -	}
>>> +	#relink /tmp/resolv.conf only for main instance
>>> +	_resolv_teardown $cfg
>>> 
>>> 	rm -f ${BASEDHCPSTAMPFILE}.${cfg}.*.dhcp
>>> }
>>> -- 
>>> 2.13.1
>>> 
>>> 
>>> _______________________________________________
>>> Lede-dev mailing list
>>> Lede-dev at lists.infradead.org
>>> http://lists.infradead.org/mailman/listinfo/lede-dev
>> _______________________________________________
>> Lede-dev mailing list
>> Lede-dev at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
> 
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dnsmasq-manage-resolv.conf-iff-when-listening-on-127-lede-17.01.2.patch
Type: application/octet-stream
Size: 5030 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170620/f81cb9cf/attachment-0002.obj>
-------------- next part --------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-unbound-manage-resolv.conf-iff-when-listening-on-127-17.01.patch
Type: application/octet-stream
Size: 5763 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170620/f81cb9cf/attachment-0003.obj>

More information about the Lede-dev mailing list