[Dnssec-trigger] dnssec trigger 0.10 release
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Wed Feb 22 08:10:16 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Paul,
On 02/21/2012 08:22 PM, Paul Wouters wrote:
> On Tue, 21 Feb 2012, W.C.A. Wijngaards wrote:
>
>> So, you are using hotspot-signon (insecure mode). NM disconnect
>> and connect would trigger dnssec-trigger to rewrite the
>> resolv.conf file. And reprobe the network too. But
>> dnssec-trigger thinks there are zero DHCP DNS servers. That is
>> the root cause of the problem, and I think that is what we need
>> to fix.
>
> laptop opened at coffee please. did not do anything for 5 minutes
> while talking to owner :)
>
> then did:
>
> [paul at thinkpad ~]$ nmcli -f IP4-DNS,IP6-DNS dev list IP4-DNS1.DNS:
> 192.168.101.1
>
> [paul at thinkpad ~]$ cat /etc/resolv.conf # Generated by
> dnssec-trigger 0.10 nameserver 127.0.0.1
>
> tried browsing, I got redirected to the internal-only dns, so
> firefox failed lookup (because unbound could not get the name). I
> then selected "hotspot signon" and ran:
>
> [paul at thinkpad ~]$ cat /etc/resolv.conf # Generated by
> dnssec-trigger 0.10 [paul at thinkpad ~]$
>
> *poof*
>
> logs only show:
>
> Feb 21 13:31:16 thinkpad logger:
> dnssec-trigger-hook(networkmanager) wlan1 up DNS 192.168.101.1
This looks good, so the script does pick up the DHCP DNS. But does
not tell dnssec-trigger, the next command is
(from /etc/NetworkManager.d/dispatcher.d/01-dnssec-trigger-hook ..)
dnssec-trigger-control submit "$ips"
Can it be that the config script is in a non-default location?
That the control key files have wrong permissions?
You coudl change the last line to read:
dnssec-trigger-control submit "$ips" 2>&1 | logger
and then see from syslog what goes wrong here?
Since dnssec-triggerd has no DHCP DNS, this command must fail.
(verbosity: set in dnssec-trigger.conf; reload or restart).
Best regards,
Wouter
> Feb 21 13:36:52 thinkpad dnssec-triggerd: [19165] notice: state
> dark forced_insecure
>
> That's not very verbosity:4 ?
>
> [paul at thinkpad ~]$ dnssec-trigger-control verbosity 4 error unknown
> command [paul at thinkpad ~]$
>
> not like unbound I guess.
>
> Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPRKLoAAoJEJ9vHC1+BF+NKwAQAISIbY96UdK404ODe1aNkBzy
VWFMJAKKhopR/tg3ymc70kOm+jkPY/fqMKdl7FoNTC5PFGT0ME6MVQCCxP0rHoVp
rT7TDuUttArr+eBNayRrXBcLp1QD5vQAndkyiVzhSVaE/J3MfFtFbL86YSf11jlX
KUgmppdVW9oDSKP32HKsM/8VM5IFK0KeftBEYQiR9cgKi+JETFzDn8KZlbtUv6YD
42n9OX0XKjmHXpXT9gmJPy9sh96gALhsWHaoBb2ZuFOCHIABE07mgfJ8goNOtAEv
vB7/ggZOynHk4FjJPrdXlUb9Mw1t/n07lH5gGcmQ678iGjhkLZ00BrwZZtvKhST1
3awn1n5KyYf2bPp6Q+kr10HSMqV7UqSgHUhCxRoOqynEF6GNyFhmwb6avyvPsiWQ
BahUh6Yy5BdVR9UGKXNQFok5CnXhzwpA1sPynAYyHZq1SK0b8dw8nab9e7zAAAph
PFHqJGLeALF7rf2JkFu33SzuS6XRbRrlIfJVJDaqYZi1b8AeNpO5sEkJTkkLK13B
pmX1/RRSCMcn4glZBqVn5RdPuvtncDPa5YwtDdHNyp0117V/JyJROXu/IQ1EKH7J
ymjebic8RXIm2vGa+qmyb1CVu6Y7fkaWeMHWC0VRUWypZ5Rc31gPJQquOUYX2JC4
+BfH1SLvjBq2GlS5d2SG
=cGJi
-----END PGP SIGNATURE-----
More information about the dnssec-trigger
mailing list