HOAB

History of a bug

PEER_DNS=no on debian or how to prevent a specific DHCP interface to update the DNS

Rédigé par gorki Aucun commentaire

Problem :

On Debian, do not update resolv.conf (DNS) when we have multiple DHCP network interfaces.

Solution :

A first link : Never update resolv.conf with DHCP client

But we don't want to never update, but sometimes update...

On Redhat families it's simple (see the previous link) : PEERDNS=NO on the right interfaces

On Debian families.... let's use the hook as suggested :

Create hook to avoid /etc/resolv.conf file update

You need to create /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate file under Debian / Ubuntu Linux:
# vi /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate
Append following code:

#!/bin/sh
make_resolv_conf()
{ : }

OK, but the hook prevent ALL interfaces to update resolv.conf, the idea :

  1. in the hook test the interface name
  2. if one authorized, call the original make_resolv_conf
  3. otherwise to nothing

In bash it's not easy to have multiple function with the same name, but thanks stackoverlow !:

#!/bin/bash


# copies function named $1 to name $2
copy_function() {
    declare -F $1 > /dev/null || return 1
    eval "$(echo "${2}()"; declare -f ${1} | tail -n +2)"
}

# Import the original make_resolv_conf
# Normally useless, hooks are called after make_resolv_conf declaration
# . /sbin/dhclient-script

copy_function make_resolv_conf orignal_make_resolv_conf

make_resolv_conf() {
        if [ ${interface} = "auhtorizedInterface" ] ; then
                original_make_resolv_conf
        fi
}

Update :

The previous solution is not working...  declare is not known by sh/dash and the script is run by sh/dash. So the copy function is not possible.

Ideas :

  • copy make_resolv_conf in this file under original_make_resolv_conf : it works, but ugly due to security patch not handled
  • use 2 hooks : one enter : save resolv.conf, one on exit : restore resolv.conf if ${interface} is not authorized
  • try to extract make_resolv_conf from /sbin/dhclient-script : not so easy...

Best solution, the two hooks, it's a pity :) I like the copy_functions :) :

# vi /etc/dhcp3/dhclient-enter-hooks.d/selectdns-enter

#!/bin/sh

cp /etc/resolv.conf /tmp/resolv.conf.${interface}

# vi /etc/dhcp3/dhclient-exit-hooks.d/selectdns-exit

#/bin/sh

if [ ${interface} = "auhtorizedInterface" ] ; then
       echo "${interface} not authorized"
       cp /tmp/resolv.conf.${interface} /etc/resolv.conf
fi

 

DNS et propagation lente

Rédigé par gorki Aucun commentaire

Le problème :

Avec un serveur dédié chez OVH, il arrive que l'on veuille gérer son DNS directement.

Donc le DNS primaire est votre serveur, OVH propose des DNS secondaires qui se synchronise avec vous. En général ces DNS secondaires sont plus utilisés par le reste du WEB que le votre.

Le serveur secondaire de chez OVH ne propagait pas mes modifications

Solution :

Bête comme choux, mais encore faut-il ne pas l'oublier, les enregistrements DNS ont un timestamp.

Il faut l'incrémenter à chaque fois, c'est sur ce critère que le DNS secondaire se remet à jour.

(On aurait aussi pu utiliser des outils tout fait, qui, eux, n'oublie pas ça !)

Sinon, éditer : /etc/bind/pri/mondomaine.fr et incrémenter la date (2015010107)

mondomaine.fr.	IN	SOA	mondomaine.fr. postmaster.mondomaine.fr. (
			2015010107
			21600
			3600
			604800
			86400 )
                IN      NS      ns1234.ovh.net.
                IN      NS      sdns2.ovh.net.
                IN      MX      10 mail.mondomaine.fr.
                IN      A       1.1.1.1

Ensuite

/etc/init.d/name reload
# ou tout autre commande suivant la version de votre système

 

 

Fil RSS des articles de ce mot clé