[Dnssec-trigger] status of dnssec-trigger and NetworkManager in upstream and Fedora

Tomas Hozza thozza at redhat.com
Fri Jun 27 07:11:32 UTC 2014

----- Original Message -----
>    Hello Pavel,
> > On Tuesday, 24 June 2014 11:41 AM, P J P wrote:
> > And over wi-fi, even internet domains could not be resolved. I'll continue
> > testing with the latest build above.
> Please see -> http://fpaste.org/113693/51627140/
> I'm testing the latest build of dnssec-trigger-0.12.11.f20.x86_64. It seems
> to work quite well so far. It received the local forwarders list via DHCP
> and uses the same to resolve domains. It's able to resolve internal domains
> and it seems to work seamlessly across ethernet and wi-fi networks too.
> One glithc though, if I set chroot="/var/lib/unbound" in
> /etc/unbound/unbound.conf, the unbound service fails to start citing missing
> configuration files error. IMO, it'd be better to start unbound service
> under chroot(2) jail by default.

I think this is expected since the configuration is not present in the chroot.
Although we could provide a new systemd service file unbound-chroot.service,
like we do for BIND. It would prepare the chroot before starting (bind-mount
all necessary configuration files into the chroot), start unbound in chroot
and when stopping, unmount all files from the chroot.

It would be better for this purpose if unbound could take the chroot dir as
a command line argument. But we can drop a config file into /etc/unbound/conf.d/
when starting unbound and then remove it when stopping unbound.

What do you think?

> I'll continue to use/test it and let you know if anything fails. Thank you!
> :)
> ---
> Regards
>    -Prasad
> http://feedmug.com

Tomas Hozza
Software Engineer - EMEA ENG Developer Experience

Red Hat Inc.                               http://cz.redhat.com

More information about the dnssec-trigger mailing list