From owner-freebsd-arch@FreeBSD.ORG Thu Sep 15 08:32:18 2005 Return-Path: X-Original-To: arch@FreeBSD.ORG Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E53FA16A41F for ; Thu, 15 Sep 2005 08:32:17 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: from mail1.fluidhosting.com (mail1.fluidhosting.com [204.14.90.61]) by mx1.FreeBSD.org (Postfix) with SMTP id 3144B43D45 for ; Thu, 15 Sep 2005 08:32:16 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 90482 invoked by uid 399); 15 Sep 2005 08:32:12 -0000 Received: from localhost (HELO ?192.168.1.101?) (dougb@dougbarton.net@127.0.0.1) by localhost with SMTP; 15 Sep 2005 08:32:12 -0000 Message-ID: <43293189.5000200@FreeBSD.org> Date: Thu, 15 Sep 2005 01:32:09 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050908) X-Accept-Language: en-us, en MIME-Version: 1.0 To: "Matthew N. Dodd" References: <20050826202713.X1915@sasami.jurai.net> <20050827014153.GA14720@odin.ac.hmc.edu> <20050826221016.B1915@sasami.jurai.net> <20050827170600.GB14720@odin.ac.hmc.edu> <20050828022351.F63789@sasami.jurai.net> <20050908181052.GH31354@odin.ac.hmc.edu> <20050914091957.P56212@sasami.jurai.net> In-Reply-To: <20050914091957.P56212@sasami.jurai.net> X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: arch@FreeBSD.ORG Subject: Re: [CFR] reflect resolv.conf update to running application X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2005 08:32:18 -0000 Matthew N. Dodd wrote: > On Thu, 8 Sep 2005, Brooks Davis wrote: > >> I've looked this over and while I like the concept, I think the >> implementation could be improved. First, it looks like named.conf has >> an include directive what is conveniently undocumented in the manpage, >> but in the BIND 9 Administrator Reference Manual at: >> >> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch06.html#AEN1534 >> >> so if it actually works, we should use that instead of rebuiling the >> config file each time. Yes, include works, but it runs a similar risk to modifying the named.conf file, namely if the syntax of the the statements in the include file are not right, loading named.conf will fail. So, we should build some caution into the process of updating the file, but that's easily done with the named-checkconf program that comes with the distribution. >> Second, the forwarders file should default to >> living in the /var/run of the named chroot since we default to chrooted >> operation these day. chroot good, yes. :) I'm not sure exactly where the forwarders file should live though. I'm leaning towards (the chrooted) /etc/namedb, but I need to think about it a little more. >> Third, I think we need to kick the server with >> "rndc reconfig" once the file is updated. Yeah, but we need to work in the test of the new conf file first, as above. > Attached. Matthew, this is great stuff, thanks! A few comments. > + rm -f ${dhclient_script_forwarders_file}.$$ > + echo " forward only;" > ${dhclient_script_forwarders_file}.$$ This should really be 'forward first'. That configuration is less likely to fail in weird, and hard to diagnose ways. This is wrong in the default named.conf file, but it's not enabled by default, and I need to change that. > + mv ${dhclient_script_forwarders_file}.$$ ${dhclient_script_forwarders_file} This isn't perfect, but something like: if [ -f "${dhclient_script_forwarders_file}" ]; then if named-checkconf /etc/namedb/named.conf; then rm ${dhclient_script_forwarders_file}. old mv ${dhclient_script_forwarders_file} \ ${dhclient_script_forwarders_file}.old && mv ${dhclient_script_forwarders_file}.$$ \ ${dhclient_script_forwarders_file} if named-checkconf /etc/namedb/named.conf; then rm ${dhclient_script_forwarders_file}.old else mv ${dhclient_script_forwarders_file}.old \ ${dhclient_script_forwarders_file} fi else mv ${dhclient_script_forwarders_file}.$$ \ ${dhclient_script_forwarders_file} fi else mv ${dhclient_script_forwarders_file}.$$ \ ${dhclient_script_forwarders_file} fi if named-checkconf /etc/namedb/named.conf; then rndc reconfig fi hth, Doug -- This .signature sanitized for your protection