[Dnssec-trigger] dhclient-exit-hooks support

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Apr 15 08:00:03 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

While you create your new dnssec-trigger set up, it would probably be
nice to know that we are planning to release a new version of
dnssec-trigger very soon.  The reason is that our ip-address block is
changing, and this needs to be reflected in the dnssec-trigger.conf
file.  Our server (fallback to tcp80 and ssl443) changes.  Without
that server dnssec-trigger will still work but has less fallback
options that work.

So prepare to get an update soon after you set this up.  Perhaps just
fixing up the tcp80 and ssl443 statements in the dnssec-trigger.conf
is enough to get up to speed.

Best regards,
   Wouter

On 04/15/2014 09:15 AM, Thomas Jost wrote:
> Le 15 avril 2014 à 04:07 CEST, Xavier Belanger
> <nlnetlabs at belanger.fr> a écrit :
>> Hi,
>> 
>>> Has anyone created /etc/dhclient-exit-hooks support for 
>>> dnssec-trigger?  One of my desktops isn't using NetworkManager
>>> because it is doing bridging, bonding, VLANs, and all sorts of
>>> other fancy stuff via the Fedora network scripts that
>>> NetworkManager didn't support until recently.  I don't need VPN
>>> support, just a way to inject DHCP provided DNS forwarders (and
>>> maybe domain as well).
>> 
>> Sort of. Long time ago I have wrote a couple of scripts to use 
>> unbound and dnssec-trigger on Slackware (before NetworkManager
>> get included in that distro).
>> 
>> Here are the steps:
>> 
>> - modify dhcpcd.conf to add the option 'resolv.conf' to the
>> 'nohook' command. That way dhcpcd will not try to change
>> /etc/resolv.conf.
>> 
>> - add a dhcpcd hook script to send the DNS servers provided by
>> the local DHCP server to Unbound or (especially during the system
>> boot) store the DNS servers into a temporary file.
>> 
>> - in the dnssec-trigger startup script look for the temporary 
>> file and load the DNS servers into the Unbound configuration.
>> 
>> It's far from perfect or even reliable, not heavily tested, but
>> it works.
>> 
>> Files are here:
>> http://www.ellendhel.net/fichiers/dnssec-slackware.zip The most
>> useful to you should be '25-dnssec-trigger'.
>> 
>> And there is a more detailled blog post, but in French:
>> 
>> [ http://www.ellendhel.net/article.php?ref=2011+12+24-0 ]
>> 
>> I don't have any experience with Fedora so you will probably
>> need to adjust the files locations.
>> 
>> Sincerely. -- Xavier Belanger 
>> _______________________________________________ dnssec-trigger
>> mailing list dnssec-trigger at NLnetLabs.nl 
>> http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger
> 
> Hi there,
> 
> If it can be of any use, I have a similar setup on Arch Linux.
> After installing unbound and dnssec-trigger, I just added a hook
> in /usr/lib/dhcpcd/dhcpcd-hooks, and changed the
> dnssec-triggerdd.service file (for systemd).
> 
> This setup is described here: 
> http://schnouki.net/posts/2014/03/30/dnssec-trigger-on-arch-linux-without-network-manager/
>
>  Hope this helps.
> 
> Cheers,
> 
> 
> 
> _______________________________________________ dnssec-trigger
> mailing list dnssec-trigger at NLnetLabs.nl 
> http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTTOcDAAoJEJ9vHC1+BF+NKsEP/RpwSKPQxazIAZf5FOAQY5io
lq0Ggz0jhSgafOUThw2Tc7pd1Yw/bySSD6OINdZ6FnFEQqwNiHaFZAt0DmUSYU+f
KlXY+PE3Z7T76/fKzHJpZcQ7Apxmu4wMEWscKpRCIJKDok1fBuspE491cJxQv2V7
opik0WyaaQiFKdz8y+v+3hpLnxZsO5FJvd9l/tDSF+zpJERd1dDDtmq16kfpDOS9
PBdXYk32bGzWzJGPNAa9Sr+JW9TaiIWxcNrjU0uDjyh5zxMYaQKeWE7OslUeRPXx
G7QGwMMavTdVhjsfpeiex8yBhXaa4P0F7eFMpLY2g9B++ug1kOU/ZWGdrLsA522v
4AFJXtA2Yq5U4fC7sXOYNCO4leaq2/SSG8M4CVN9R+jvL+1Oij1ni6qjNbxyHVZJ
j62USrTkiIOZPxcAA2jDhiE8vZMDqGExwjB2npyl67ZJVnIfWx5WW8raSMtb9HnK
ImhUhDOMqkBpY2Q3IPFg51YYPA6yD0tPVSbjhG6usUk/KGa9xAtiza3TfjMFJL+v
DCklPwwq0eqQa+ZdA4RYM2E64pCA16OURLYc9D2bBseaLBF5JWbxt8pF8ucWjFjM
3FK5oo3Z4aRU6HL61brEG5KSUjazSK0SF3nuHhUoxArC6fDt3T9/F0QiLAIA3Tun
hYgdIyzxvUzL23WyChDn
=+9H4
-----END PGP SIGNATURE-----



More information about the dnssec-trigger mailing list