Ubuntu
bind9 package

  1. Bug #1965521
  2. Comment #6

Comment 6 for bug 1965521

Revision history for this message
Nick Tait (nick.t) wrote :

Hi Paride.

The fundamental problem I see with your last statement is how do you know what "the right one(s)" are? That will depend on BIND configuration, such as whether named is launched with a '-4' or '-6' option, and possibly even the value of configuration options such as 'listen-on' and 'listen-on-v6'?

Perhaps if we start with the 'need' that BIND has, and then work backwards, we will converge on a solution?

Here is my thinking:
1. The "Unable to fetch DNSKEY set '.': failure" error results from BIND trying to query the root DNS servers when it starts up, but not having the requisite level of network connectivity to do so.
2. In order to access the root DNS servers, the host needs access to the Internet...
3. The best indicator that Internet connectivity is available is the presence of a default route.
4. The default route requirement could be met by IPv4 or IPv6, so this could be satisfied by either of the following:
    * The IPv4 'main' routing table contains an entry for "0.0.0.0/0"
    * The IPv6 'main' routing table contains an entry for "::/0"
5. Therefore I believe we need a command that can be added as an 'ExecStartPre' option in named.service, that will wait until either of the above conditions (described in 5 above) are met.
6. Some potential solutions could be:
    a) Invocation of "systemd-networkd-wait-online" with a combination of existing parameters that the program will interpret to mean "wait until either of the requirements described in 5 above are met".
    b) Invocation of "systemd-networkd-wait-online" with a new parameter that the program will interpret to mean "wait until either of the requirements described in 5 above are met".
    c) Use of a different (new?) tool whose specific purpose is to "wait until either of the requirements described in 5 above are met".
7. Whichever solution is chosen, the tool should be generic enough that it can be used for other services, and should provide the ability to select only IPv4 or only IPv6, or both. This should be controlled via a command-line parameter, which for consistency with other Linux programs should be:
    * "-4" = use only IPv4, even if the host machine is capable of IPv6.
    * "-6" = use only IPv6, even if the host machine is capable of IPv4.
    * Specifying neither option should mean both IPv4 and IPv6.
    * NB: "-4" and "-6" are mutually exclusive.

My suggestion in my earlier comment #4 is an example of solution (a), but it doesn't satisfy 7 above. So I concede there are other (better) options that probably need to be considered?

Keen to hear your thoughts?

Thanks,
Nick.