Russ Allbery wrote: > I think it is a bug in dnsmasq, although it may be a rather hard one to > fix. I looked at the init script and it just starts the daemon via the > normal way, so apparently the daemon startup completes before the service > is entirely ready (which is not atypical for daemons). I'm going to clone > this bug to dnsmasq (keeping the original to add the Should-Start > parameter for the OpenAFS init script) and let the dnsmasq maintainer take > a look and see if there's a way to address this there. >
It's not as simple as it seems (is it ever?). Dnsmasq _doesn't_ return before the service is ready: by the time the initial process exits, the long-lived server process has opened all the relevant sockets and pretty much the next thing it does is to enter the event loop. As Russ, says, achieving this is non-trivial. However, dnsmasq is a query forwarder, so it relies on having another upstream DNS server to send queries to. I can think is two reasons why this may not be the case immediately at startup. 1) /etc/resolv.conf If you have something like resolvconf installed, then the contents of /etc/resolv.conf may not be correct when dnsmasq first reads it. The mtime of this file is polled at minimum 1 second intervals, so the nameservers will eventually be picked up correctly, but it may take a little time. A DNS query which dnsmasq receives when it has no suitable upstream servers will be instantly answered with an error. 2) networking. Even if dnsmasq has one or more upstream nameservers configured, if attempts to send UDP packets to all of them result in "no route to host" errors then the original request will again get an error straight away. Unconfigured network interfaces or routing tables could easily cause this. The next stage is to add log-queries to /etc/dnsmasq.conf and then run a test start-up. Dnsmasq should log enough information to let us deduce exactly what is going on. Cheers, Simon. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
