Hi Daniel First of all, thanks a lot for the quick response.
Daniel Kahn Gillmor wrote the following on 05.02.2007 20:32: > At 2007-02-05 09:12, [EMAIL PROTECTED] said: > >>> The advantage of this setup over one with only one dnscache is that >>> you can make changes to the dnscache redirection configuration, >>> which requires a restart of dnscache to take effect, without losing >>> your cache of DNS data, because the dnscache instance with the large >>> cache needn't be restarted. > > interesting. i'd never thought of using dnscache cascaded like this. It's been talked about on the djbdns mailing list, however that was a while ago. > You're adding a layer of indirection (and caching most requests twice > on your machine), but i can see how there's an advantage in what you > describe, if you want to retain your dnscache between restarts. This is especially the case if the contents of the root/servers directory are rather fluctuative. In this specific case, some NAT idiocy (IMHO) forces us to short-circuit many DNS paths using entries in the root/servers directory. Any change to the latter previously lost us the entire cache. >>> The dnscache script in the resolvconf package breaks this setup by >>> overwriting the root/servers/@ file of the forward-only-dnscache >>> with its own address, leading to a forwarding loop. This effectively >>> breaks all DNS reolution on the system. > > yuck. That's no good at all. Yep, you've said it. > How is your dnscache instance's IP > address getting added to the nameserver list? The forward-only dnscache's IP address (1.2.3.4 in my example) is defined as the nameserver in /etc/resolv.conf. If I understood it right, the dnscache script in the resolvconf package looks for forward-only dnscaches and overwrites their root/servers/@ with the nameserver entries in /etc/resolv.conf. >>> If resolvconf is to continue to manage the root/servers/@ file of >>> all forward-only dnscache instances on a host, it would make sense >>> to modify only those which do not point to the host itself, i.e. to >>> an address within 127/8 or to one of the host's own IP addresses, >>> such as 1.2.3.4 in the example above. > > Can you try the following patch to /etc/resolvconf/update.d/dnscache > and see if it works for you? The logic is (or should be): > > if the IP address this dnscache instance binds to is listed in the > set of nameservers, do not repoint its "@" reference. > > Does that sound right to you? Yes, that's an alternative to the approach I outline. In fact, I came up with the same idea later yesterday and had thought about telling you about it. No need to do that anymore. :-) I'll try the patch on another machine that's not in production use yet but is otherwise almost identical. > Thanks for your report, Don't mention it. Thanks for your Quick help. Cheers, Tobias -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]