[Dnssec-trigger] dhclient-exit-hooks support

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Apr 15 08:00:03 UTC 2014

Hash: SHA1


While you create your new dnssec-trigger set up, it would probably be
nice to know that we are planning to release a new version of
dnssec-trigger very soon.  The reason is that our ip-address block is
changing, and this needs to be reflected in the dnssec-trigger.conf
file.  Our server (fallback to tcp80 and ssl443) changes.  Without
that server dnssec-trigger will still work but has less fallback
options that work.

So prepare to get an update soon after you set this up.  Perhaps just
fixing up the tcp80 and ssl443 statements in the dnssec-trigger.conf
is enough to get up to speed.

Best regards,

On 04/15/2014 09:15 AM, Thomas Jost wrote:
> Le 15 avril 2014 à 04:07 CEST, Xavier Belanger
> <nlnetlabs at belanger.fr> a écrit :
>> Hi,
>>> Has anyone created /etc/dhclient-exit-hooks support for 
>>> dnssec-trigger?  One of my desktops isn't using NetworkManager
>>> because it is doing bridging, bonding, VLANs, and all sorts of
>>> other fancy stuff via the Fedora network scripts that
>>> NetworkManager didn't support until recently.  I don't need VPN
>>> support, just a way to inject DHCP provided DNS forwarders (and
>>> maybe domain as well).
>> Sort of. Long time ago I have wrote a couple of scripts to use 
>> unbound and dnssec-trigger on Slackware (before NetworkManager
>> get included in that distro).
>> Here are the steps:
>> - modify dhcpcd.conf to add the option 'resolv.conf' to the
>> 'nohook' command. That way dhcpcd will not try to change
>> /etc/resolv.conf.
>> - add a dhcpcd hook script to send the DNS servers provided by
>> the local DHCP server to Unbound or (especially during the system
>> boot) store the DNS servers into a temporary file.
>> - in the dnssec-trigger startup script look for the temporary 
>> file and load the DNS servers into the Unbound configuration.
>> It's far from perfect or even reliable, not heavily tested, but
>> it works.
>> Files are here:
>> http://www.ellendhel.net/fichiers/dnssec-slackware.zip The most
>> useful to you should be '25-dnssec-trigger'.
>> And there is a more detailled blog post, but in French:
>> [ http://www.ellendhel.net/article.php?ref=2011+12+24-0 ]
>> I don't have any experience with Fedora so you will probably
>> need to adjust the files locations.
>> Sincerely. -- Xavier Belanger 
>> _______________________________________________ dnssec-trigger
>> mailing list dnssec-trigger at NLnetLabs.nl 
>> http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger
> Hi there,
> If it can be of any use, I have a similar setup on Arch Linux.
> After installing unbound and dnssec-trigger, I just added a hook
> in /usr/lib/dhcpcd/dhcpcd-hooks, and changed the
> dnssec-triggerdd.service file (for systemd).
> This setup is described here: 
> http://schnouki.net/posts/2014/03/30/dnssec-trigger-on-arch-linux-without-network-manager/
>  Hope this helps.
> Cheers,
> _______________________________________________ dnssec-trigger
> mailing list dnssec-trigger at NLnetLabs.nl 
> http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger

Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the dnssec-trigger mailing list