[Dnssec-trigger] more bugs :P

W.C.A. Wijngaards wouter at NLnetLabs.nl
Wed Sep 21 07:06:52 UTC 2011

Hash: SHA1

Hi Paul,

On 09/20/2011 08:35 PM, Paul Wouters wrote:
> When I got home, my laptop did not unsuspend, so i had to reboot it.

Ok, so a Linux, Networkmanager trigger hooks.

> After it was back, it came up before network manager had the connection
> on the wifi (init script for dnssec-triggerd stats after nm, but apparently
> nm was slow) and so it seemed to remain in "network disconnected" mode.

But your rc.d init script has the line where it starts the
networkmanager/dispatcher.d/01-dnssec-trigger.sh script, right?  Or did
you update the rpm but not your laptop?

> bug #1: It should more often probe when in network disconnected mode, or
>         better pick up NM changes.

Yex exponential backoff probes when disconnected are probably useful.
But it should also pickup the NM changes well.

> Then the results of my manual probe said:
> results from probe at 2011-09-20 14:29:44
> authority OK DNSSEC results fetched direct from authorities
> I was confused why it didn't say anything about the cache.

Because there is no NM change, and it has 0 DNS servers from NM.

> bug #2: always display a line about the local cache even if just to say
>         "status unknown".

Yes, it means ' There are no DNS servers from DHCP '

> Meanwhile, I had no working DNS. Running unbound-control forward, I
> found out that unbound wasn't autostarted on boot on my laptop :)
> bug #3: Do not rewrite resolv.conf when unbound is not running, OR
>         present a popup saying "I broke your dns please start unbound" OR
>         start unbound for me :)

That should be the system's work to bootup unbound, or the unbound-rpm's
work to set that up?  I guess we could sortof check: it does tell you if
unbound-control fails, that goes into the syslog I think.  I think it
already logs to syslog if unbound-control fails.

You also forwarded Dan's NM mail to here, not sure where to reply now,
to dnssec-trigger, the networkmanager-list or devel at fedora list?  I just
want the NM plugin to call: /usr/bin/dnssec-trigger-control submit <ip4
and ip6 DNS from DHCP separated by spaces>  ; the dnssec-triggerd has
hooks where it wants to overwrite the resolv.conf - not sure how to feed
that data into NM (there may be a delay for probes too) ?

Best regards,
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/


More information about the dnssec-trigger mailing list