Date: Mon, 20 Nov 2017 15:43:16 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Andriy Gapon <avg@FreeBSD.org> Cc: freebsd-net@FreeBSD.org Subject: Re: local_unbound, resolvconf, vpn Message-ID: <86y3n16mez.fsf@desk.des.no> In-Reply-To: <8a098542-9f04-3a41-76f1-e463e3e89c99@FreeBSD.org> (Andriy Gapon's message of "Mon, 20 Nov 2017 15:23:14 %2B0200") References: <5689438f-6734-6b57-b700-d70ee2b7578a@FreeBSD.org> <86a7zq8er7.fsf@desk.des.no> <8a098542-9f04-3a41-76f1-e463e3e89c99@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Andriy Gapon <avg@FreeBSD.org> writes:
> Dag-Erling Smørgrav <des@des.no> writes:
> > Andriy Gapon <avg@FreeBSD.org> writes:
> > > What and when is going to overwrite my modifications?
> > service local_unbound setup
> So, this is not going to happen automatically (after the initial setup) ?
> I have to manually run that command?
Currently, yes, but we will sometimes recommend that users run it after
an upgrade or patch, and I may at some point change the rc script to run
setup every time you start or restart the service.
> > > I think that a nicer solution is to just set name_servers=127.0.0.1:
> > No, if we let resolvconf overwrite resolv.conf then we lose "options
> > edns0".
> There seems to be a small misunderstanding. The point I was trying to
> make is that resolvconf would NOT overwrite resolv.conf if it's
> configured the way I suggested.
It will.
> > What it boils down to is that resolvconf is a piece of shit and the
> > only way to get it to do what we want would be to write a special
> > backend for the local_unbound case (see /libexec/resolvconf).
> Well, I do not see why... We already configure resolvconf to not
> touch resolv.conf. And resolvconf already has a backend for unbound,
> it is able to manage the local_unbound configuration quite reasonably
> (from my experience).
Yes, we use that to maintain forward.conf.
But please believe me when I say that I have spent a *lot* of time with
resolvconf and its various backends and I am neither joking nor
exaggerating when I call it a piece of shit.
> Alexander Zagrebin already explained what's going on here.
> local_unbound setup produces this configuration:
> chroot: /var/unbound
> directory: /var/unbound
>
> And with it unbound apparently tries to chdir to "" after chrooting to
> /var/unbound. That is, it removes $chroot from $directory and chdir-s
> to the result. Changing directory to /var/unbound/ makes the
> complaint go away.
I understand, and it's been fixed upstream:
Index: util/configparser.y
===================================================================
--- util/configparser.y (revision 3975)
+++ util/configparser.y (revision 3976)
@@ -585,9 +585,11 @@
strncmp(d, cfg_parser->chroot, strlen(
cfg_parser->chroot)) == 0)
d += strlen(cfg_parser->chroot);
- if(chdir(d))
+ if(d[0]) {
+ if(chdir(d))
log_err("cannot chdir to directory: %s (%s)",
d, strerror(errno));
+ }
}
}
;
but I am unable to reproduce the issue on 11.1.
DES
--
Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86y3n16mez.fsf>