From owner-freebsd-net@freebsd.org Mon Nov 20 14:43:19 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1DE4DED4F5 for ; Mon, 20 Nov 2017 14:43:19 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id BB68D80C4D; Mon, 20 Nov 2017 14:43:19 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 50F7410257; Mon, 20 Nov 2017 14:43:12 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 64D629FFA; Mon, 20 Nov 2017 14:43:16 +0000 (UTC) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Andriy Gapon Cc: freebsd-net@FreeBSD.org Subject: Re: local_unbound, resolvconf, vpn References: <5689438f-6734-6b57-b700-d70ee2b7578a@FreeBSD.org> <86a7zq8er7.fsf@desk.des.no> <8a098542-9f04-3a41-76f1-e463e3e89c99@FreeBSD.org> Date: Mon, 20 Nov 2017 15:43:16 +0100 In-Reply-To: <8a098542-9f04-3a41-76f1-e463e3e89c99@FreeBSD.org> (Andriy Gapon's message of "Mon, 20 Nov 2017 15:23:14 +0200") Message-ID: <86y3n16mez.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Nov 2017 14:43:20 -0000 Andriy Gapon writes: > Dag-Erling Sm=C3=B8rgrav writes: > > Andriy Gapon writes: > > > What and when is going to overwrite my modifications? > > service local_unbound setup > So, this is not going to happen automatically (after the initial setup) ? > I have to manually run that command? Currently, yes, but we will sometimes recommend that users run it after an upgrade or patch, and I may at some point change the rc script to run setup every time you start or restart the service. > > > I think that a nicer solution is to just set name_servers=3D127.0.0.1: > > No, if we let resolvconf overwrite resolv.conf then we lose "options > > edns0". > There seems to be a small misunderstanding. The point I was trying to > make is that resolvconf would NOT overwrite resolv.conf if it's > configured the way I suggested. It will. > > What it boils down to is that resolvconf is a piece of shit and the > > only way to get it to do what we want would be to write a special > > backend for the local_unbound case (see /libexec/resolvconf). > Well, I do not see why... We already configure resolvconf to not > touch resolv.conf. And resolvconf already has a backend for unbound, > it is able to manage the local_unbound configuration quite reasonably > (from my experience). Yes, we use that to maintain forward.conf. But please believe me when I say that I have spent a *lot* of time with resolvconf and its various backends and I am neither joking nor exaggerating when I call it a piece of shit. > Alexander Zagrebin already explained what's going on here. > local_unbound setup produces this configuration: > chroot: /var/unbound > directory: /var/unbound > > And with it unbound apparently tries to chdir to "" after chrooting to > /var/unbound. That is, it removes $chroot from $directory and chdir-s > to the result. Changing directory to /var/unbound/ makes the > complaint go away. I understand, and it's been fixed upstream: Index: util/configparser.y =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- util/configparser.y (revision 3975) +++ util/configparser.y (revision 3976) @@ -585,9 +585,11 @@ strncmp(d, cfg_parser->chroot, strlen( cfg_parser->chroot)) =3D=3D 0) d +=3D strlen(cfg_parser->chroot); - if(chdir(d)) + if(d[0]) { + if(chdir(d)) log_err("cannot chdir to directory: %s (%s)", d, strerror(errno)); + } } } ; but I am unable to reproduce the issue on 11.1. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no