From owner-freebsd-net@freebsd.org Tue Nov 21 08:34:16 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B3286DE77D6 for ; Tue, 21 Nov 2017 08:34:16 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 7A4BC64BFA; Tue, 21 Nov 2017 08:34:15 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 98C5510841; Tue, 21 Nov 2017 08:34:14 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 28E444811B; Tue, 21 Nov 2017 08:34:19 +0000 (UTC) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Alexander Zagrebin Cc: freebsd-net@freebsd.org, Andriy Gapon Subject: Re: local_unbound, resolvconf, vpn References: <5689438f-6734-6b57-b700-d70ee2b7578a@FreeBSD.org> <86a7zq8er7.fsf@desk.des.no> <8a098542-9f04-3a41-76f1-e463e3e89c99@FreeBSD.org> <86y3n16mez.fsf@desk.des.no> <37f97bc5-5187-2700-5811-a9cf173eeb10@FreeBSD.org> <86tvxp6jja.fsf@desk.des.no> <20171121094527.0952f3b9@vm2.home.zagrebin.ru> Date: Tue, 21 Nov 2017 09:34:19 +0100 In-Reply-To: <20171121094527.0952f3b9@vm2.home.zagrebin.ru> (Alexander Zagrebin's message of "Tue, 21 Nov 2017 09:45:27 +0300") Message-ID: <86po8c6nec.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2017 08:34:16 -0000 Alexander Zagrebin writes: > Also I have to notice that there is another issue with the default > local_unbound setup: > by default unbound uses syslog for logging, but usually the > local_unbound service starts before syslogd and so logging doesn't work > until local_unbound will be reloaded. That's a chicken-and-egg problem since syslogd may need DNS to log to an external aggregator. > So it's looks reasonable to use logging to file by default. No, it's not reasonable. We have syslogd for a reason. What we need to do is give unbound its own log socket inside the chroot, as we used to do for named: 1) Have local-unbound-setup edit /var/run/syslogd.sockets if necessary. 2) Edit log_init() in contrib/unbound/util/log.c so it notices if the log socket is inside the chroot and does the right thing (including but not limited to rewriting the socket path and not using NDELAY). This should be sufficient since syslog() will retry openlog() every time you call it, so it doesn't matter if the log socket isn't present or connected when Unbound starts, as long as it's reachable from within the chroot when it does appear. Log messages emitted before syslogd starts will go to the console, so they won't be lost. For bonus points, modify syslogd so log sockets can be specified in syslog.conf instead of (or in addition to) being passed on the command line. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no