Ubuntu
djbdns package

update.d/dnscache creates resolver loop

Bug #1305156 reported by Nikita Borisov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
djbdns (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

I have a forwardonly dnscache (from dbndns) set up on my system, with a forwarding address set up to our campus resolver.

My system has a static IP configuration and in my /etc/network/interfaces, I specify "dns-nameservers 192.17.80.184" (local IP address) to have the DNS queries go through the DNS cache. When ifup runs, however, the dnscache script updates /etc/dnscache/root/servers/@ to point to 192.17.80.184, i.e., the address of the DNS cache itself. After this, any queries to the dnscache get stuck in an infinite loop as it forwards them to itself.

I could change /etc/network/interfaces to specify the campus resolver in there, but this would cause the update.d/libc script to point /etc/resolv.conf to the campus resolver, and not my local dnscache, which defeats the point of the dnscache.

System info:
Description: Ubuntu Trusty Tahr (development branch)
Release: 14.04

resolvconf:
  Installed: 1.69ubuntu1
  Candidate: 1.69ubuntu1
  Version table:
 *** 1.69ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

dbndns:
  Installed: 1:1.05-8ubuntu1
  Candidate: 1:1.05-8ubuntu1
  Version table:
 *** 1:1.05-8ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/universe amd64 Packages
        100 /var/lib/dpkg/status

See original description
Revision history for this message
Thomas Hood (jdthood) wrote :

Dnscache should listen on 127.0.0.1
and the dnscache initscript should register this address with resolvconf
and dnscache's resolvconf update script should ignore this address when compiling the list of addresses to which dnscache should forward.

So far as I know this is already the case. Please correct me if I'm wrong.

Your problem is caused by the presence of the "dns-nameservers 192.17.80.184" line in /etc/network/interfaces. It is not needed and should not be there.

Changed in resolvconf (Ubuntu):
status: New → Incomplete
Revision history for this message
Thomas Hood (jdthood) wrote :

Probably not a bug, but if there turns out to be a bug then it is in the djbdns package.

affects: resolvconf (Ubuntu) → djbdns (Ubuntu)
Revision history for this message
Nikita Borisov (9-launchpad-n) wrote :

Thanks for the quick reply! dbndnscache doesn't come with an init script AFAICT. I also did not see any code in the update.d/dnscache to ignore existing dnscache addresses, but I may have missed it

So if I understand correctly, the right thing to do would be to add the dnscache address to /etc/resolvconf/resolv.conf.d/base and *not* include the dnscache address under dns-nameservers in /etc/network/interfaces.

I switched the package to dbndns since that's the one I'm actually using.

Thomas Hood (jdthood)
description: updated
Revision history for this message
Thomas Hood (jdthood) wrote :

OK, in first instance I thought you were talking about djbdns whereas I should have noticed that you gave package details for dbndns. Sorry about the mistake.

AIUI dbndns is a fork of djbdns, so I will assume that it is similar to djbdns in the respects relevant here. Under that assumption I revise my earlier prescription to read as follows.

The dnscache daemon should listen at IP address 127.0.0.1 in order to provide DNS name service to the local machine
and the dnscache daemon or the script that starts it should register this address with resolvconf by means of something equivalent to `echo "nameserver 127.0.0.1" | resolvconf -a lo.dnscache` after it starts
and should de-register this address before the daemon stops by means of something equivalent to `resolvconf -d lo.dnscache`
and dnscache's resolvconf update script /etc/resolvconf/update.d/dnscache should ignore this address when compiling the list of addresses to which dnscache should forward.

My second error was to think that the djbdns package already supported resolvconf but now I realize that resolvconf support has never been added to djbdns. So the prescription I just gave is a description of what still needs to be done to make djbdns or dbndns work with resolvconf. The resolvconf package includes /etc/resolvconf/update.d/dnscache but (1) this script is not well maintained and (2) it should really be in one of the djbdns/dbndns packages, possibly dnscache-run.

Please see my comment[0] in Debian bug report 582755 for background.

[0]https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582755#46

Conclusion: Djbdns and dbndns integration with resolvconf is incomplete. The correct solution is to complete the integration. Would you like to help with this?

Changed in djbdns (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Thomas Hood (jdthood) wrote :

> So if I understand correctly, the right thing to do would be
> to add the dnscache address to /etc/resolvconf/resolv.conf.d/base
> and *not* include the dnscache address under dns-nameservers in
> /etc/network/interfaces.

That will work, but only because there's a bug in /etc/resolvconf/update.d/dnscache such that it (wrongly) overlooks the contents of /etc/resolvconf/resolv.conf.d/base. So it's not actually the right thing. See my previous comment.

Normally for a local caching forwarding nameserver,

1. Something has to cause "nameserver 127.0.0.1" to be in /etc/resolv.conf so long as the nameserver is running, and
2. something has to cause the nameserver's list of forwarding addresses not to include that address, otherwise there will be a loop.

See the dnsmasq package for the best example of how to achieve these things.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.