2012-12-18 10:13:16 |
Thomas Hood |
bug |
|
|
added bug |
2012-12-18 10:13:38 |
Thomas Hood |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483098 |
|
2012-12-18 10:13:38 |
Thomas Hood |
bug task added |
|
bind |
|
2012-12-18 10:33:45 |
Bug Watch Updater |
bind: status |
Unknown |
New |
|
2012-12-19 09:01:46 |
Yolanda Robla |
bind9 (Ubuntu): status |
New |
Opinion |
|
2012-12-19 09:01:55 |
Yolanda Robla |
bind9 (Ubuntu): importance |
Undecided |
Wishlist |
|
2012-12-19 09:02:02 |
Yolanda Robla |
bind9 (Ubuntu): status |
Opinion |
Confirmed |
|
2012-12-31 17:32:49 |
Bob Proulx |
bug |
|
|
added subscriber Bob Proulx |
2012-12-31 17:35:29 |
Thomas Hood |
bug task deleted |
bind |
|
|
2012-12-31 17:36:20 |
Thomas Hood |
bug task added |
|
bind9 (Debian) |
|
2012-12-31 17:38:02 |
Thomas Hood |
bug |
|
|
added subscriber Jakub Wilk |
2012-12-31 17:38:24 |
Thomas Hood |
bug |
|
|
added subscriber Julien Cristau |
2012-12-31 17:43:53 |
Jakub Wilk |
removed subscriber Jakub Wilk |
|
|
|
2012-12-31 18:07:52 |
Thomas Hood |
bug |
|
|
added subscriber Jakub Wilk |
2013-01-01 00:24:36 |
Thomas Hood |
description |
This is a wish. It is requested that the bind9 package include a resolvconf hook script /etc/resolvconf/update.d/bind9 which writes a forwarders{} statement to /var/run/named/forwarders based on the nameserver information in resolvconf's database. Then in order to use named in whole or in part as a forwarding nameserver the administrator can simply modify named.conf so that the latter includes /var/run/named/forwarders at the right place in the file. If this inclusion could be controlled by a setting in, e.g., /etc/default/bind9, then that would be even nicer.
The file /etc/resolvconf/update.d/bind included in resolvconf versions 1.52 and earlier illustrates how such a hook script should be written. The latter file was written for BIND 8 and worked well; but due to limitations in BIND 8 it had to generate a whole "options" statement instead of just the "forwarders" part, which was less nice.
I am prepared to write the needed script for BIND 9 and attach it here.
--- BACKGROUND INFORMATION ---
As of Ubuntu 12.04, nameserver information is handled by resolvconf in both the Server and Desktop editions of Ubuntu. Resolvconf maintains a database of nameserver information, filed by interface name and configuration agent. This is the information that is needed if named is to be used in whole or in part as a forwarding nameserver.
BIND 9.7.x manual section 1.4.5.1: "__Forwarding__. Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can forward some or all of the queries that it cannot satisfy from its cache to another caching name server, commonly referred to as a forwarder. There may be one or more forwarders, and they are queried in turn until the list is exhausted or an answer is found. Forwarders are typically used when you do not wish all the servers at a given site to interact directly with the rest of the Internet servers. A typical scenario would involve a number of internal DNS servers and an Internet firewall. Servers unable to pass packets through the firewall would forward to the server that can do it, and that server would query the Internet DNS servers on the internal server’s behalf."
Currently it's possible to configure named to use a static list of forwarders, but to make use of a dynamic list a resolvconf hook script is needed. |
It is requested that the bind9 package be enhanced such that named uses forwarder addresses obtained from resolvconf's database.
Such a feature would normally be implemented by means of a resolvconf update hook script, in this case /etc/resolvconf/update.d/bind9. (It must *not* be called /etc/resolvconf/update.d/bind since that was the name of a script written for BIND 8 and included in earlier versions of resolvconf.) Resolvconf update hook scripts get run every time the database changes.
There are various ways to implement this proposal.
1. Write out a forwarders{} statement
The script writes out a forwarders{} statement in the format of named.conf(5) to /var/run/named/named.conf.forwarders and then does "/etc/init.d/bind9 reload" to cause named to re-read its configuration files.
To activate this, the admin has to edit /etc/bind/named.conf.options such that it includes /var/run/named/named.conf.forwarders at the right place.
The script /etc/resolvconf/update.d/bind that was included in resolvconf versions 1.52 and earlier illustrates how such a hook script should be written. The latter script was written for BIND 8 and worked well, but due to limitations in BIND 8 it had to generate a whole options{} statement instead of just the forwarders{} part.
2. Write a list of forwarder addresses and enhance named to read this
The script writes out a simple list of IP addresses to /var/run/named/forwarders and then triggers named to re-read its forwarders list from this file. When run with a new option, "--forwarders-list=/var/run/named/forwarders", named uses the list in /var/run/named/forwarders as its list of forwarder addresses instead of whatever list was specified in the configuration file.
This approach requires that the option in question be added to named but it has a number of advantages over the first approach. (1) It allows the script to be much simpler. (2) It avoids run-time generation of configuration files. (3) It avoids triggering the re-reading of configuration files. (4) It allows the use of the resolvconf-based forwarders list to be enabled and disabled via a variable in /etc/default/bind9. (5) Some machines are still using an old script written for bind8 which works as in #1 except that it writes out a whole options{} statement instead of just a forwarders{} statement; the present approach upgrades such machines cleanly.
--- BACKGROUND INFORMATION ---
As of Ubuntu 12.04, nameserver information is handled by resolvconf in both the Server and Desktop editions of Ubuntu. Resolvconf maintains a database of nameserver information, filed by interface name and configuration agent. This is the information that is needed if named is to be used in whole or in part as a forwarding nameserver.
BIND 9.7.x manual section 1.4.5.1: "__Forwarding__. Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can forward some or all of the queries that it cannot satisfy from its cache to another caching name server, commonly referred to as a forwarder. There may be one or more forwarders, and they are queried in turn until the list is exhausted or an answer is found. Forwarders are typically used when you do not wish all the servers at a given site to interact directly with the rest of the Internet servers. A typical scenario would involve a number of internal DNS servers and an Internet firewall. Servers unable to pass packets through the firewall would forward to the server that can do it, and that server would query the Internet DNS servers on the internal server’s behalf." |
|
2013-01-01 00:43:41 |
Jakub Wilk |
removed subscriber Jakub Wilk |
|
|
|
2013-01-01 00:53:15 |
Thomas Hood |
description |
It is requested that the bind9 package be enhanced such that named uses forwarder addresses obtained from resolvconf's database.
Such a feature would normally be implemented by means of a resolvconf update hook script, in this case /etc/resolvconf/update.d/bind9. (It must *not* be called /etc/resolvconf/update.d/bind since that was the name of a script written for BIND 8 and included in earlier versions of resolvconf.) Resolvconf update hook scripts get run every time the database changes.
There are various ways to implement this proposal.
1. Write out a forwarders{} statement
The script writes out a forwarders{} statement in the format of named.conf(5) to /var/run/named/named.conf.forwarders and then does "/etc/init.d/bind9 reload" to cause named to re-read its configuration files.
To activate this, the admin has to edit /etc/bind/named.conf.options such that it includes /var/run/named/named.conf.forwarders at the right place.
The script /etc/resolvconf/update.d/bind that was included in resolvconf versions 1.52 and earlier illustrates how such a hook script should be written. The latter script was written for BIND 8 and worked well, but due to limitations in BIND 8 it had to generate a whole options{} statement instead of just the forwarders{} part.
2. Write a list of forwarder addresses and enhance named to read this
The script writes out a simple list of IP addresses to /var/run/named/forwarders and then triggers named to re-read its forwarders list from this file. When run with a new option, "--forwarders-list=/var/run/named/forwarders", named uses the list in /var/run/named/forwarders as its list of forwarder addresses instead of whatever list was specified in the configuration file.
This approach requires that the option in question be added to named but it has a number of advantages over the first approach. (1) It allows the script to be much simpler. (2) It avoids run-time generation of configuration files. (3) It avoids triggering the re-reading of configuration files. (4) It allows the use of the resolvconf-based forwarders list to be enabled and disabled via a variable in /etc/default/bind9. (5) Some machines are still using an old script written for bind8 which works as in #1 except that it writes out a whole options{} statement instead of just a forwarders{} statement; the present approach upgrades such machines cleanly.
--- BACKGROUND INFORMATION ---
As of Ubuntu 12.04, nameserver information is handled by resolvconf in both the Server and Desktop editions of Ubuntu. Resolvconf maintains a database of nameserver information, filed by interface name and configuration agent. This is the information that is needed if named is to be used in whole or in part as a forwarding nameserver.
BIND 9.7.x manual section 1.4.5.1: "__Forwarding__. Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can forward some or all of the queries that it cannot satisfy from its cache to another caching name server, commonly referred to as a forwarder. There may be one or more forwarders, and they are queried in turn until the list is exhausted or an answer is found. Forwarders are typically used when you do not wish all the servers at a given site to interact directly with the rest of the Internet servers. A typical scenario would involve a number of internal DNS servers and an Internet firewall. Servers unable to pass packets through the firewall would forward to the server that can do it, and that server would query the Internet DNS servers on the internal server’s behalf." |
It is requested that the bind9 package be enhanced such that named uses forwarder addresses obtained from resolvconf's database.
Such a feature would normally be implemented by means of a resolvconf update hook script, in this case /etc/resolvconf/update.d/bind9. (It must *not* be called /etc/resolvconf/update.d/bind since that was the name of a script written for BIND 8 and included in earlier versions of resolvconf.) Resolvconf update hook scripts get run every time the database changes.
There are various ways to implement this proposal.
1. Write out a forwarders{} statement
The script writes out a forwarders{} statement in the format of named.conf(5) to /var/run/named/named.conf.forwarders and then does "/etc/init.d/bind9 reload" to cause named to re-read its configuration files.
To activate this, the admin has to edit /etc/bind/named.conf.options such that it includes /var/run/named/named.conf.forwarders at the right place.
The script /etc/resolvconf/update.d/bind that was included in resolvconf versions 1.52 and earlier illustrates how such a hook script should be written. The latter script was written for BIND 8 and worked well, but due to limitations in BIND 8 it had to generate a whole options{} statement instead of just the forwarders{} part.
2. Write a list of forwarder addresses and enhance named to read this
The script writes out a simple list of IP addresses to /var/run/named/forwarders and then does "/etc/init.d/bind9 reload" to cause named to re-read its configuration files. When run with a new command-line option, "--forwarders-list=/var/run/named/forwarders", named uses the list in /var/run/named/forwarders as its list of forwarder addresses instead of whatever was specified in options{}.
This approach requires that the command-line option in question be added to named but it has a number of advantages over the first approach. (1) It allows the script to be much simpler. (2) It allows the use of the resolvconf-based forwarders list to be enabled and disabled via a variable in, e.g., /etc/default/bind9. (3) Some machines are still using an old script written for bind8 which works as in #1 except that it writes out a whole options{} statement instead of just a forwarders{} statement; the present approach upgrades such machines cleanly.
3. Enhance rndc to send, and named to receive, forwarder addresses
This has the advantages of approach #2 and also eliminates the need to write out a file. The disadvantage is that it would be a significant amount of extra work to extend the syntax of rndc.
--- BACKGROUND INFORMATION ---
As of Ubuntu 12.04, nameserver information is handled by resolvconf in both the Server and Desktop editions of Ubuntu. Resolvconf maintains a database of nameserver information, filed by interface name and configuration agent. This is the information that is needed if named is to be used in whole or in part as a forwarding nameserver.
BIND 9.7.x manual section 1.4.5.1: "__Forwarding__. Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can forward some or all of the queries that it cannot satisfy from its cache to another caching name server, commonly referred to as a forwarder. There may be one or more forwarders, and they are queried in turn until the list is exhausted or an answer is found. Forwarders are typically used when you do not wish all the servers at a given site to interact directly with the rest of the Internet servers. A typical scenario would involve a number of internal DNS servers and an Internet firewall. Servers unable to pass packets through the firewall would forward to the server that can do it, and that server would query the Internet DNS servers on the internal server’s behalf." |
|
2013-01-01 00:53:53 |
Thomas Hood |
summary |
Please add resolvconf hook script to generate dynamic forwarders list |
Please enhance bind9 to use forwarder addresses from resolvconf |
|
2013-01-01 13:33:28 |
Bug Watch Updater |
bind9 (Debian): status |
Unknown |
New |
|
2013-01-02 11:42:55 |
Thomas Hood |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687507 |
|
2013-01-02 11:42:55 |
Thomas Hood |
bug task added |
|
resolvconf (Debian) |
|
2013-01-02 12:33:20 |
Bug Watch Updater |
resolvconf (Debian): status |
Unknown |
Fix Released |
|
2013-05-14 09:17:28 |
Thomas Hood |
bug task deleted |
resolvconf (Debian) |
|
|
2014-01-04 14:12:13 |
Alexey Vazhnov |
bug |
|
|
added subscriber Vazhnov Alexey |
2015-09-06 22:42:40 |
Jason B. Alonso |
bug |
|
|
added subscriber Jason B. Alonso |
2017-10-23 08:13:25 |
Bug Watch Updater |
bind9 (Debian): status |
New |
Fix Released |
|
2017-11-21 20:41:53 |
David Lee Lambert |
bug |
|
|
added subscriber David Lee Lambert |