[Dnssec-trigger] dhclient-exit-hooks support

Xavier Belanger nlnetlabs at belanger.fr
Tue Apr 15 02:07:56 UTC 2014


> Has anyone created /etc/dhclient-exit-hooks support for
> dnssec-trigger?  One of my desktops isn't using NetworkManager because
> it is doing bridging, bonding, VLANs, and all sorts of other fancy
> stuff via the Fedora network scripts that NetworkManager didn't
> support until recently.  I don't need VPN support, just a way to
> inject DHCP provided DNS forwarders (and maybe domain as well).

Sort of. Long time ago I have wrote a couple of scripts to use
unbound and dnssec-trigger on Slackware (before NetworkManager get
included in that distro).

Here are the steps:

 - modify dhcpcd.conf to add the option 'resolv.conf' to the 'nohook'
command. That way dhcpcd will not try to change /etc/resolv.conf.

 - add a dhcpcd hook script to send the DNS servers provided
by the local DHCP server to Unbound or (especially during the system boot)
store the DNS servers into a temporary file.

 - in the dnssec-trigger startup script look for the temporary
file and load the DNS servers into the Unbound configuration.

It's far from perfect or even reliable, not heavily tested, but it works.

Files are here: http://www.ellendhel.net/fichiers/dnssec-slackware.zip
The most useful to you should be '25-dnssec-trigger'.

And there is a more detailled blog post, but in French:

 [ http://www.ellendhel.net/article.php?ref=2011+12+24-0 ]

I don't have any experience with Fedora so you will probably need
to adjust the files locations.

Xavier Belanger

More information about the dnssec-trigger mailing list