Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #851306

Bug#856964: Option search in dnssec-trigger.conf is ignored

From Tomas Hozza <thozza@redhat.com>
Newsgroups linux.debian.bugs.dist
Subject Bug#856964: Option search in dnssec-trigger.conf is ignored
Date 2017-09-18 12:40 +0200
Message-ID <ur1D4-59P-15@gated-at.bofh.it> (permalink)
References <upZDj-3Xx-13@gated-at.bofh.it> <ti4Cm-2Wx-7@gated-at.bofh.it> <upZDj-3Xx-13@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

On 15.09.2017 16:05, Gerben Meijer wrote:
> Unfortunately it seems that setting set_search_domains=yes in dnssec.conf is not enough.
> 
> The code in dnssec-trigger-script does not look at the contents of "search:" in /etc/dnssec-trigger/dnssec-trigger.conf even with that set. Instead, it seems to query NetworkManager for search domains but even that fails on current Debian releases, since the configured search domains there do not even show up in the debug log:
> 
> Sep 15 14:47:19 believe dnssec-triggerd[29297]: Search domains:
> 
> The reason for that is that the script looks at networkmanagers connection calls:
> 
> self.zones += connection.get_ip4_config().get_domains()
> 
> But instead, or additionally, it should call get_searches(); as far as I understand it, zones is what is passed through in a DHCP request as the local domain for a DHCP client but additional DNS search domains configured for a NM connection only show up in get_searches().
> 
> So this is broken in multiple ways, and I imagine it's not just on Debian.

Hello.

In the past, when Pavel Simerda (he no longer works for Red Hat) reworked the way dnssec-trigger sets up /etc/resolv.conf (by calling the dnssec-trigger-script script from the daemon), he unintentionally broke this functionality. It has been broken since then in upstream.

We track the issue in Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=1287607

In the long run, we would like to get rid of the python script and consolidate the logic only into the daemon. Part of that would be also to fix this one bug. However everyone in my team has been busy with other thing, so this is still on our TODO with no ETA.

Some work in progress is on GitHub (https://github.com/InfrastructureServices/dnssec-trigger/commits/master-fedora), but it still needs to be polished and sent to the upstream.

Regards,
Tomas
-- 
Tomas Hozza
Associate Manager, Software Engineering - EMEA ENG Mainstream RHEL

PGP: 1D9F3C2D
UTC+2 (CEST)
Red Hat Inc.                 http://cz.redhat.com

Back to linux.debian.bugs.dist | Previous | Next | Find similar

Thread

Bug#856964: Option search in dnssec-trigger.conf is ignored Tomas Hozza <thozza@redhat.com> - 2017-09-18 12:40 +0200

csiph-web