From thozza at redhat.com Thu Apr 2 18:19:59 2015 From: thozza at redhat.com (Tomas Hozza) Date: Thu, 02 Apr 2015 20:19:59 +0200 Subject: [Dnssec-trigger] [PATCH] dnssec-trigger-script: Don't configure RFC1918 zones if there are no global forwarders Message-ID: <551D884F.2080104@redhat.com> Hi. I'm attaching patch for issue caught by ABRT - Automatic Bug Reporting Tool. Previously the script tried to install RFC1918 zones even if there were no global forwarders from NetworkManager. This lead to removing the zones from Unbound which is good, but not from zones Store. Also on subsequent calls the script tried to remove the zones from Unbound again and crashed with traceback. When a machine had configuration of RFC1918 zones enabled by default, the script crashed also during boot, if the machine was not connected to any network. Please also see https://bugzilla.redhat.com/show_bug.cgi?id=1205864 This change makes the script to add RFC1918 zones only if there are global forwarders, otherwise it will remove them from Unbound and zones Store. If zones are not configured in Unbound or are not present in the zones Store, it will do nothing. Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-dnssec-trigger-script-Don-t-configure-RFC1918-zones-.patch Type: text/x-patch Size: 3865 bytes Desc: not available URL: From wouter at nlnetlabs.nl Tue Apr 7 12:57:39 2015 From: wouter at nlnetlabs.nl (W.C.A. Wijngaards) Date: Tue, 07 Apr 2015 14:57:39 +0200 Subject: [Dnssec-trigger] [PATCH] dnssec-trigger-script: Don't configure RFC1918 zones if there are no global forwarders In-Reply-To: <551D884F.2080104@redhat.com> References: <551D884F.2080104@redhat.com> Message-ID: <5523D443.4080803@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Tomas, Applied, that must have been a painful issue for the user. Best regards, Wouter On 02/04/15 20:19, Tomas Hozza wrote: > Hi. > > I'm attaching patch for issue caught by ABRT - Automatic Bug > Reporting Tool. > > Previously the script tried to install RFC1918 zones even if there > were no global forwarders from NetworkManager. This lead to > removing the zones from Unbound which is good, but not from zones > Store. Also on subsequent calls the script tried to remove the > zones from Unbound again and crashed with traceback. > > When a machine had configuration of RFC1918 zones enabled by > default, the script crashed also during boot, if the machine was > not connected to any network. > > Please also see > https://bugzilla.redhat.com/show_bug.cgi?id=1205864 > > This change makes the script to add RFC1918 zones only if there are > global forwarders, otherwise it will remove them from Unbound and > zones Store. If zones are not configured in Unbound or are not > present in the zones Store, it will do nothing. > > Regards, > > > > _______________________________________________ dnssec-trigger > mailing list dnssec-trigger at NLnetLabs.nl > http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVI9RDAAoJEJ9vHC1+BF+NtEUP/0q5dGzrZXoamnnrlKEgu/Vp e6nq1+zPskMrsxb4x9JUGK4d8s0BDX3k7oPDPmBMGqK5imatbnyfLIZ6Jivvfp41 a6XrFzi8BREups9crY3ikgy3uSa1CkH4kK9JhKVTsfxXYAoNoUO9xF08zdwW7ZcU hVcivZsqveBX229SC2YVUrxLoh/fDHSLGqm0Y4v4ZC5Of8L5vNZhV1/fQhLbQXgk z9AbbGd9hqzhh2j4UozabZq216CiwoN9DxEHRxXCxdu4B5S7fI0swuIhZH0V6OzG 8f2Xu1ugXEaWKT0OT85vAgyBV0GKYGA+dmqrpI8f0Pyti99eTAGquRBHwrWVThqF Zx0juaXN4PVXDy0PsePDQeqaRQaUaHoPxLThVU8n+x84KOq/Vqxd5s6cHLIWEma2 0J8CyD1cW6ioQugpRmiuQfwlcwGTz2Y1kdsdHpxCP91IPIpYGuI2Y2sWYp/rR8Id vcST9dpQk4B5ko41fBId7xdwSvDDDJ0h/V5SxTpmiX9hMcfARJeSCaJh2IGcJyQE L59Ac0IYvHcIpzCjJj3KSs384dhYfPNdHdbZUAekiB1O2x9KxcRmq/EiBnk4xk8G CVybvIakLPg7YF/XGO3tK/YxvpoZ8loz5dkpPJExKh4oEEPxzh4OoTyM+aVLDuf7 JixLBwbgvK+AN7dM4sGg =2iBP -----END PGP SIGNATURE----- From thozza at redhat.com Tue Apr 7 15:16:40 2015 From: thozza at redhat.com (Tomas Hozza) Date: Tue, 07 Apr 2015 17:16:40 +0200 Subject: [Dnssec-trigger] [PATCH] dnssec-trigger-script: Don't configure RFC1918 zones if there are no global forwarders In-Reply-To: <5523D443.4080803@nlnetlabs.nl> References: <551D884F.2080104@redhat.com> <5523D443.4080803@nlnetlabs.nl> Message-ID: <5523F4D8.5080304@redhat.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Wouter. It sure was. I experienced the same issue and in my case it delayed the boot for 2,5 minutes. I also found out that the configuration of reverse address zones does not work, since Unbound configures them as static local zones. I'm working on the fix and will send it soon. Regards, Tomas On 04/07/2015 02:57 PM, W.C.A. Wijngaards wrote: > Hi Tomas, > > Applied, that must have been a painful issue for the user. > > Best regards, Wouter > > On 02/04/15 20:19, Tomas Hozza wrote: >> Hi. > >> I'm attaching patch for issue caught by ABRT - Automatic Bug >> Reporting Tool. > >> Previously the script tried to install RFC1918 zones even if there >> were no global forwarders from NetworkManager. This lead to >> removing the zones from Unbound which is good, but not from zones >> Store. Also on subsequent calls the script tried to remove the >> zones from Unbound again and crashed with traceback. > >> When a machine had configuration of RFC1918 zones enabled by >> default, the script crashed also during boot, if the machine was >> not connected to any network. > >> Please also see >> https://bugzilla.redhat.com/show_bug.cgi?id=1205864 > >> This change makes the script to add RFC1918 zones only if there are >> global forwarders, otherwise it will remove them from Unbound and >> zones Store. If zones are not configured in Unbound or are not >> present in the zones Store, it will do nothing. > >> Regards, > > > >> _______________________________________________ dnssec-trigger >> mailing list dnssec-trigger at NLnetLabs.nl >> http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger > > > _______________________________________________ > dnssec-trigger mailing list > dnssec-trigger at NLnetLabs.nl > http://open.nlnetlabs.nl/mailman/listinfo/dnssec-trigger > - -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVI/TXAAoJEMWIetUdnzwtAF4IAMbvyF6h/EV/Av4zMb1O2xUX pOMwSQbGd0emzT3+Vod4WUE2OuQvbCpxraoPhXKeOi9KPw9Crdzh+KPKiNsF8T2f hhYIyOlJ1DBZwuNGtjDygMzyG/XQi8VojrOlZwLhhyl8OEJ18jWiAGZPxYKbyGpB GccoTWwwyNWrT8u0mPqUAH4NCHC60JE01JWOvXJYOGQJKlOgEQyFcZWv7N4Q9l2b Hu13YiBFKw7AA4HWk8mcR438WYinLwd3gz3BuJ9pm8VH05bmwiLujbufWF2Za7uX U5WqZ0+UnYSPDH6aQigsvzSTTElwgU+JANgZDn4TX0H5wpF8JOftCx/yGbr81lA= =ONCi -----END PGP SIGNATURE----- From thozza at redhat.com Wed Apr 8 12:37:35 2015 From: thozza at redhat.com (Tomas Hozza) Date: Wed, 08 Apr 2015 14:37:35 +0200 Subject: [Dnssec-trigger] [PATCH] Fix configuration of private address ranges reverse zones Message-ID: <5525210F.7010005@redhat.com> Hi. Previously Local zones configured by default in Unbound were not removed when private address range reverse "forward zones" were configured. Also Local zones were not added when private address range forward zones were removed. I'm attaching two patches, one for the issue, another just simple PEP-8 formatting fixes. Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Add-newlines-between-classes-to-conform-with-PEP-8-a.patch Type: text/x-patch Size: 2172 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 0002-Add-remove-local-zones-in-Unbound-when-configuring-r.patch Type: text/x-patch Size: 6334 bytes Desc: not available URL: From wouter at nlnetlabs.nl Wed Apr 8 13:00:58 2015 From: wouter at nlnetlabs.nl (W.C.A. Wijngaards) Date: Wed, 08 Apr 2015 15:00:58 +0200 Subject: [Dnssec-trigger] [PATCH] Fix configuration of private address ranges reverse zones In-Reply-To: <5525210F.7010005@redhat.com> References: <5525210F.7010005@redhat.com> Message-ID: <5525268A.9030608@nlnetlabs.nl> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Tomas, On 04/08/2015 02:37 PM, Tomas Hozza wrote: > Hi. > > Previously Local zones configured by default in Unbound were not > removed when private address range reverse "forward zones" were > configured. Also Local zones were not added when private address > range forward zones were removed. > > I'm attaching two patches, one for the issue, another just simple > PEP-8 formatting fixes. Committed to the python script. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVJSaKAAoJEJ9vHC1+BF+NAyUP/j10h5pOQt5+OXFjlwaemlmD CkAivSsOjhJkGsIYXbde/1yGiUg4BD9X/7j/bLW7dtjCHA6ruQr+TD5k/fE4RNRw WOnzMCLv2cIXsF1bLQDUfL3FDXSFAXPMGVsNiEypJqbeZ47/WChyGfzA/MqtmIK4 CdFJY3u48UlwVnuRVNltWprwJE+Gc72vSeImJhz//of4ZMJVhTW1not0X6HBnxV4 7PVDEb8F4oyOW3VAxHYhkqWb11LbmukC6LiUVuzpmOA6PiRhMobPpsYrU7hd8Lnd OJUu/pW8vO+R3rHe5La71l+zsonrCySZFN/SeiwFHCAjSQDtnYi/pFePUqbzr17X E/cEZuQYWaweM7r3IPixULMQ715Dka3FpfM6u24dpOgWBZpO8gfEDDK9YIemdQHJ wK+ZZoC+hJWr5Rr2GmtD0HY3l18Nh6pLWzEziuVuBABiJoEwt4ABnCU4VsEePF4x U0fKwXquXapaL2rMZovuiV0iNB+Kp/YAYz48Lnvfr6+bmoeRsWkcDWpPCD5BRsoI 6FiA4Nf5G19rhZBp7pT/GA+p1zOlj3x0CNYK7Oen45hGlCGYKaDaTUV6WFcljYIE LP5oseI9Ivkt/fz81xj84PDDfqo3euQNa3y9B9PtMlOu2czvNDgwYzcX07rYzX4R 3RyoArtaAbbAWYArhJ98 =/hXM -----END PGP SIGNATURE-----