Date: Mon, 20 Nov 2017 15:23:14 +0200 From: Andriy Gapon <avg@FreeBSD.org> To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@des.no> Cc: freebsd-net@FreeBSD.org Subject: Re: local_unbound, resolvconf, vpn Message-ID: <8a098542-9f04-3a41-76f1-e463e3e89c99@FreeBSD.org> In-Reply-To: <86a7zq8er7.fsf@desk.des.no> References: <5689438f-6734-6b57-b700-d70ee2b7578a@FreeBSD.org> <86a7zq8er7.fsf@desk.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13/11/2017 15:55, Dag-Erling Smørgrav wrote:
> Andriy Gapon <avg@FreeBSD.org> writes:
>> First, there is now an automatically generated /etc/resolvconf.conf.
>> It has the following comment:
>> # This file was generated by local-unbound-setup.
>> # Modifications will be overwritten.
>> Is that comment really true?
>> What and when is going to overwrite my modifications?
>
> service local_unbound setup
So, this is not going to happen automatically (after the initial setup) ?
I have to manually run that command?
If yes, then this is much less scary then the unconditional warning in the file.
>> Next. The auto-generated resolvconf.conf has this trick to prevent modifications
>> of resolv.conf: resolv_conf="/dev/null"
>> The trick works but it causes some small noise when resolvconf is run, like
>> cannot copy /dev/null to /dev/null.bak.
>> I think that a nicer solution is to just set name_servers=127.0.0.1:
>
> No, if we let resolvconf overwrite resolv.conf then we lose "options
> edns0".
There seems to be a small misunderstanding. The point I was trying to make is
that resolvconf would NOT overwrite resolv.conf if it's configured the way I
suggested. The details are in my original email. I never tried to suggest that
we should let resolvconf overwrite resolv.conf.
> What it boils down to is that resolvconf is a piece of shit and the only
> way to get it to do what we want would be to write a special backend for
> the local_unbound case (see /libexec/resolvconf).
Well, I do not see why...
We already configure resolvconf to not touch resolv.conf.
And resolvconf already has a backend for unbound, it is able to manage the
local_unbound configuration quite reasonably (from my experience).
>> unbound: [7457:0] error: cannot chdir to directory: (No such file or directory)
>
> This error is emitted by the configuration parser when it encounters the
> "directory" directive in the "server" section and fails to chdir to the
> specified directory, but there should be a name there. Can you do:
>
> # service local_unbound stop
> # mv /var/unbound /var/unbound.orig
> # mtree -deU -f /etc/mtree/BSD.var.dist
> # service local_unbound setup
> # diff -ru /var/unbound.orig /var/unbound
>
> and tell me if there are any differences?
Alexander Zagrebin already explained what's going on here.
local_unbound setup produces this configuration:
chroot: /var/unbound
directory: /var/unbound
And with it unbound apparently tries to chdir to "" after chrooting to
/var/unbound. That is, it removes $chroot from $directory and chdir-s to the
result. Changing directory to /var/unbound/ makes the complaint go away.
--
Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8a098542-9f04-3a41-76f1-e463e3e89c99>