[Dnssec-trigger] dnssec trigger 0.10 release

Paul Wouters paul at nohats.ca
Mon Feb 20 18:20:52 UTC 2012

On Fri, 17 Feb 2012, W.C.A. Wijngaards wrote:

> It did hotspot_signon when dnssec-trigger thinks there are zero DHCP
> DNS servers.  Hence it writes zero DHCP DNS servers to resolv.conf.

0.10 still shows this problem

Yes. IMHO, it should never ever write an empty resolv.conf. Worse, it
makes it immutable, so even if I click "disconnect" and "connect" in
NM, it fails to overwrite resolv.conf (I guess to protect it, but it
means I have to manually chattr to fix this, not something a user should
ever engage in)

> Fix 1.  Fork off the DHCP hook on linuxes (like it does on OSX and
> Windows).  So it does not think the list is empty at start-up.
> Fix 2.  Run the DHCP hook from the startup scripts (are they
> missing?).  But those get difficult with systemd and whatnot?  Easier
> if no special processing, its forked from the daemon?  (is this also
> the case for unbound-anchor? Does that need to get forked from the
> main daemon too?)

from the init script:

     # if not running, start it up here
     daemon --pidfile=$pidfile $exec
     [ $retval -eq 0 ] && touch $lockfile
     # start the first probe, the daemon missed any previous events.
     /etc/NetworkManager/dispatcher.d/01-dnssec-trigger-hook "all" "bootup"

So it should be doing that?

> Fix 3.  Bug is something else, not to do with DHCP script and startup
> I want to get to the root cause here: you press the hotsign button,
> but dnssec-trigger think: no DNS servers.

I think the file is immutable by the trigger pointing to localhost. I
close my laptop, go elsewhere, open it. NM connects to a new network
and fails to write the resolv.conf (though the cli util seems to
remember?). I hit "hotspot" and somehow trigger thinks NM got no DNS
servers... The timing of this last happens differently too. Sometimes
I click "hotspot" before the wifi signal picked up and NM connected to
it. Perhaps that is part of the problem?


More information about the dnssec-trigger mailing list