[Dnssec-trigger] more bugs :P

W.C.A. Wijngaards wouter at NLnetLabs.nl
Wed Sep 21 07:06:52 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

On 09/20/2011 08:35 PM, Paul Wouters wrote:
> 
> When I got home, my laptop did not unsuspend, so i had to reboot it.

Ok, so a Linux, Networkmanager trigger hooks.

> After it was back, it came up before network manager had the connection
> on the wifi (init script for dnssec-triggerd stats after nm, but apparently
> nm was slow) and so it seemed to remain in "network disconnected" mode.

But your rc.d init script has the line where it starts the
networkmanager/dispatcher.d/01-dnssec-trigger.sh script, right?  Or did
you update the rpm but not your laptop?

> bug #1: It should more often probe when in network disconnected mode, or
>         better pick up NM changes.

Yex exponential backoff probes when disconnected are probably useful.
But it should also pickup the NM changes well.

> Then the results of my manual probe said:
> 
> results from probe at 2011-09-20 14:29:44
> authority 192.112.36.4: OK DNSSEC results fetched direct from authorities
> 
> I was confused why it didn't say anything about the cache.

Because there is no NM change, and it has 0 DNS servers from NM.

> bug #2: always display a line about the local cache even if just to say
>         "status unknown".

Yes, it means ' There are no DNS servers from DHCP '

> Meanwhile, I had no working DNS. Running unbound-control forward, I
> found out that unbound wasn't autostarted on boot on my laptop :)
> 
> bug #3: Do not rewrite resolv.conf when unbound is not running, OR
>         present a popup saying "I broke your dns please start unbound" OR
>         start unbound for me :)

That should be the system's work to bootup unbound, or the unbound-rpm's
work to set that up?  I guess we could sortof check: it does tell you if
unbound-control fails, that goes into the syslog I think.  I think it
already logs to syslog if unbound-control fails.

You also forwarded Dan's NM mail to here, not sure where to reply now,
to dnssec-trigger, the networkmanager-list or devel at fedora list?  I just
want the NM plugin to call: /usr/bin/dnssec-trigger-control submit <ip4
and ip6 DNS from DHCP separated by spaces>  ; the dnssec-triggerd has
hooks where it wants to overwrite the resolv.conf - not sure how to feed
that data into NM (there may be a delay for probes too) ?

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOeY0MAAoJEJ9vHC1+BF+NlaoP/0ReAC+RHyYxn2ac/Bohpq3L
I838dovqFO3sXEQA1nU4ia4YFZ618+6x0Qa8U5HXBKsgjtjc+4i8ptjc8+c0id21
TJL5QC+yTqHrtbRiR5M0U2Dsq9c0i8JUBYk594+6ssjePW6EvQJJyf3KenRJ5x35
yKtFQ8LqHDcdXwqLhCWpH/ZBjULKTHoN5vFOQG66G6K+V2dYEypKb4aw4tj8INb+
QlhXlMyN8bwhyEY/WCMiDrTAMBLT/Csbw/cwcnxKhoE3BkErma2cwGD0qXzOiD67
fW5ERkPiVGjXfvIInremuTonwA8uCFcddRAxK3hxNOyQFX+WN5AOJxYI1fLBSWIi
vTkVz3kGvRmh7ijqm7sS/h+A7BNyBagfr1z3B2bMhhjCmt8oG2PF0Uy89CukRUNO
9rDsLy2v3+MUJfnYxde2IgugKVEXfg5AUB7joS8XArhi4G6LvfH+18XDdNfX+In+
GcAoSKi9yDSlEFRi1iqOVoBN8j+8sMBeHv7qq8IZ1fhdtttIwtfkwZZQ0odcOQzs
ea4/fmVE2pp22dp1qV/skjd/YIgYIGgTbOYCAo5c0GVfrC3F0AZZOwpvQ5HeAfgC
PGe/dZhEBbePu1GyOkQyUSgpIdJgqqRMZWztHvvpE2DOF2NyuJvwpqq+H+jnHU/G
IwxWnPzjoMiNzjyOVVnJ
=bKaN
-----END PGP SIGNATURE-----



More information about the dnssec-trigger mailing list