Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
El Tue, Sep 25, 2007 at 12:58:19AM +0200, Pierre Habouzit va escriure: On Mon, Sep 24, 2007 at 10:08:17PM +, Sergio Talens-Oliag wrote: reopen 443871 thanks I did not closed the bug, I marked it wontfix. Yes, I noticed that when the control interface told me it was open, my fault. It's not a matter of not good enough it's just brittle. My job is to provide a good sane default for 99% of the use of the software. I can't provide a perfect sane default for any use, so just make up your stuff if you need to. I do, but I was trying to reduce the work needed. You don't need to touch the init.d script, only the one in /etc/resolvconf/update.d/pdnsd, so please, give me a break. For your own system, you can hardcode the thing in there if you want, the merge will be trivial. (especially since it's a one liner diff). I don't need to touch the init.d script? Are you sure? I can add my pdnsd server to resolvconf using /etc/network/interfaces or the /etc/resolconf/base file, but that still leaves a wrong nameserver in the generated /etc/resolv.conf, as your init.d script always adds a ``nameserver 127.0.0.1`` to resolvconf and in my case this server is invalid. Now the question is, would you accept a patch to support the use of a variable in /etc/default/pdnsd to change the resolvconf server ip for manual setups? I don't like the fact that you have to duplicate configuration in many places. That should just be automatic. and editing /etc/default/pdnsd _and_ /etc/pdnsd.conf is not a good solution. People will never ever guess they need to do things like that. And they will know that they have to touch the init.d and resolvconf scripts? Anyway, I also prefer the automatic way, that's why my first patch tried to do it by itself, replicating the same value is quite awful. OTOH, why isn't 'any' or 0.0.0.0 suitable for you ? This way, using 127.0.0.1 still works... I don't like to have services listening on addresses I don't want them to listen; I know that I can fix the access problem using firewall rules, but that complicates things for no advantage... in fact I prefer to modify all the /etc files of pdnsd and handle them manually than add more rules to a firewall. And if you want my opinion, the best fix is to patch pdnsd to be able to listen on multiple addresses... it's probably not _that_ hard. That would be a good option and has additional uses, do you know why upstream has not done it already? I have not looked at the pdnsd code, but if you believe that it would be accepted upstream I _could try_ to add the multiple addresses support. -- Sergio Talens-Oliag [EMAIL PROTECTED] http://people.debian.org/~sto/ Key fingerprint = 29DF 544F 1BD9 548C 8F15 86EF 6770 052B B8C1 FA69 signature.asc Description: Digital signature
Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
El Tue, Sep 25, 2007 at 01:24:26AM +0200, Pierre Habouzit va escriure: tag 443871 - wontfix thanks El Mon, Sep 24, 2007 at 08:54:38PM +0200, Pierre Habouzit va escriure: On Mon, Sep 24, 2007 at 06:08:35PM +, Sergio Talens-Oliag wrote: I want to use resolconf with pdnsd and be able to bind to an interface different than the loopback one, but the current scripts hardcode the 127.0.0.1 address. Attached you will find a patch that tries to read the server_ip value from the pdnsd.conf file and uses it when available; if it can't find the value falls back to use the loopback address. This is way too brittle, for me to accept this patch (as there could be multiple server_ip lines, quoted ones, whatever). What you need to plug pdnsd into resolvconf is located under /etc, hence won't be modified through upgrades (conffiles). You can do whatever you want with those. Though I've found a non brittle way: pdnsd-ctl status|sed -ne '/^Global:$/,/^Server.*:$/s/.*Server ip.*: \(.*\)$/\1/p' This will never generate silent failures, and we can use that even with setups using interface = eth0 in pdnsd.conf. Next upload will contain a kludge based on that I guess. Great, that's what I wanted, thanks in advance! -- Sergio Talens-Oliag [EMAIL PROTECTED] http://people.debian.org/~sto/ Key fingerprint = 29DF 544F 1BD9 548C 8F15 86EF 6770 052B B8C1 FA69 signature.asc Description: Digital signature
Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
Package: pdnsd Version: 1.2.6-par-1 Severity: normal Tags: patch I want to use resolconf with pdnsd and be able to bind to an interface different than the loopback one, but the current scripts hardcode the 127.0.0.1 address. Attached you will find a patch that tries to read the server_ip value from the pdnsd.conf file and uses it when available; if it can't find the value falls back to use the loopback address. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.22-1-vserver-amd64 (SMP w/2 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages pdnsd depends on: ii adduser 3.105 add and remove users and groups ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy ii libc6 2.6.1-5GNU C Library: Shared libraries Versions of packages pdnsd recommends: ii resolvconf1.37 nameserver information handler -- debconf information excluded -- Sergio Talens-Oliag [EMAIL PROTECTED] http://people.debian.org/~sto/ Key fingerprint = 29DF 544F 1BD9 548C 8F15 86EF 6770 052B B8C1 FA69 diff -ruN pdnsd-1.2.6-par.orig/debian/changelog pdnsd-1.2.6-par/debian/changelog --- pdnsd-1.2.6-par.orig/debian/changelog 2007-09-24 19:48:15.0 +0200 +++ pdnsd-1.2.6-par/debian/changelog 2007-09-24 19:53:13.0 +0200 @@ -1,3 +1,11 @@ +pdnsd (1.2.6-par-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Modified init.d and resolvconf scripts to support the use of pdnsd + +resolvconf when pdnsd is listening on an IP other than 127.0.0.1 + + -- Sergio Talens-Oliag [EMAIL PROTECTED] Mon, 24 Sep 2007 19:51:10 +0200 + pdnsd (1.2.6-par-1) unstable; urgency=low * New upstream release. diff -ruN pdnsd-1.2.6-par.orig/debian/init.d pdnsd-1.2.6-par/debian/init.d --- pdnsd-1.2.6-par.orig/debian/init.d 2007-09-24 19:48:15.0 +0200 +++ pdnsd-1.2.6-par/debian/init.d 2007-09-24 19:50:34.0 +0200 @@ -13,6 +13,7 @@ NAME=pdnsd DESC=proxy DNS server +CONFIG_FILE=/etc/pdnsd.conf DAEMON=/usr/sbin/pdnsd PIDFILE=/var/run/pdnsd.pid CACHE=/var/cache/pdnsd/pdnsd.cache @@ -25,7 +26,8 @@ if test -n $AUTO_MODE test -f /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf then -START_OPTIONS=${START_OPTIONS} -c /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf +CONFIG_FILE=/usr/share/pdnsd/pdnsd-$AUTO_MODE.conf +START_OPTIONS=${START_OPTIONS} -c ${CONFIG_FILE} fi . /lib/lsb/init-functions @@ -63,7 +65,15 @@ pdnsd-ctl status /dev/null 21 || return $? if [ -x /sbin/resolvconf ] ; then -echo nameserver 127.0.0.1 | /sbin/resolvconf -a lo.$NAME +if [ -f ${CONFIG_FILE} ]; then +NAMESERVER=$( sed -n -e '/server_ip/ { s/^.*server_ip.*=[^0-9]*\([0-9.]*\).*$/\1/; p; }' ${CONFIG_FILE}) +if [ -z $NAMESERVER ]; then +NAMESERVER=127.0.0.1; +fi + else +NAMESERVER=127.0.0.1; +fi +echo nameserver $NAMESERVER | /sbin/resolvconf -a lo.$NAME fi } diff -ruN pdnsd-1.2.6-par.orig/debian/resolvconf pdnsd-1.2.6-par/debian/resolvconf --- pdnsd-1.2.6-par.orig/debian/resolvconf 2007-09-24 19:48:15.0 +0200 +++ pdnsd-1.2.6-par/debian/resolvconf 2007-09-24 19:50:45.0 +0200 @@ -22,6 +22,24 @@ [ -x /lib/resolvconf/list-records ] || exit 1 [ -e /var/cache/pdnsd/pdnsd.status ] || exit 0 +CONFIG_FILE=/etc/pdnsd.conf +if test -r /etc/default/pdnsd; then +. /etc/default/pdnsd +fi +if test -n $AUTO_MODE test -f /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf +then +CONFIG_FILE=/usr/share/pdnsd/pdnsd-$AUTO_MODE.conf +fi + +if test -r ${CONFIG_FILE}; then +NAMESERVER=$( sed -n -e '/server_ip/ { s/^.*server_ip.*=[^0-9]*\([0-9.]*\).*$/\1/; p; }' ${CONFIG_FILE}) +if [ -z $NAMESERVER ]; then +NAMESERVER=127.0.0.1; +fi +else +NAMESERVER=127.0.0.1; +fi + PATH=/bin:/sbin uniquify() @@ -39,7 +57,7 @@ uniquify `cat $(/lib/resolvconf/list-records) /dev/null\ | sed -n -e 's/^[[:space:]]*nameserver[[:space:]]\+//p' \ -| grep -v '^127.0.0.1$'` +| grep -v ^$NAMESERVER$` if [ -n $RSLT ] ; then OUTPUT=$(/usr/sbin/pdnsd-ctl server resolvconf up $RSLT || :)
Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
tag 443871 + wontfix thanks On Mon, Sep 24, 2007 at 06:08:35PM +, Sergio Talens-Oliag wrote: I want to use resolconf with pdnsd and be able to bind to an interface different than the loopback one, but the current scripts hardcode the 127.0.0.1 address. Attached you will find a patch that tries to read the server_ip value from the pdnsd.conf file and uses it when available; if it can't find the value falls back to use the loopback address. This is way too brittle, for me to accept this patch (as there could be multiple server_ip lines, quoted ones, whatever). What you need to plug pdnsd into resolvconf is located under /etc, hence won't be modified through upgrades (conffiles). You can do whatever you want with those. I provide two reasonable usual setups, if yours differs, use manual setup, and do your config. I offer _rock solid_ configuration schemes, sorry, but your patch isn't. -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org pgpYByNwff8Ix.pgp Description: PGP signature
Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
reopen 443871 thanks El Mon, Sep 24, 2007 at 08:54:38PM +0200, Pierre Habouzit va escriure: On Mon, Sep 24, 2007 at 06:08:35PM +, Sergio Talens-Oliag wrote: I want to use resolconf with pdnsd and be able to bind to an interface different than the loopback one, but the current scripts hardcode the 127.0.0.1 address. Attached you will find a patch that tries to read the server_ip value from the pdnsd.conf file and uses it when available; if it can't find the value falls back to use the loopback address. This is way too brittle, for me to accept this patch (as there could be multiple server_ip lines, quoted ones, whatever). What you need to plug pdnsd into resolvconf is located under /etc, hence won't be modified through upgrades (conffiles). You can do whatever you want with those. I accept that my patch is not good enough for your taste, and maybe a better one or a different solution is a better option, but I disagree about your argument about conffiles. Instead of simplifying the maintenance of the package you want me to modify two configuration files (if I do a manual configuration that is normal) but I also need to change and review on each upgrade two scripts that I would normally asume that I don't need to touch (in Debian the use of /etc/default/PACKAGE_NAME usually means that I don't need to touch the scripts distributed under /etc). I provide two reasonable usual setups, if yours differs, use manual setup, and do your config. I offer _rock solid_ configuration schemes, sorry, but your patch isn't. My patch is not _rock solid_, but I'm using a manual setup and when I do a really simple change on the main configuration file the system breaks and I need to change two additional scripts because you have hardcoded a value... I would not call that _rock solid_, would you? Now the question is, would you accept a patch to support the use of a variable in /etc/default/pdnsd to change the resolvconf server ip for manual setups? I've attached such a patch to this message, it is trivial and does not break your current system, I would appreciate if you accept it or provide an alternative that removes the need to change the scripts and review them on each upgrade. Thanks in advance, Sergio. -- Sergio Talens-Oliag [EMAIL PROTECTED] http://people.debian.org/~sto/ Key fingerprint = 29DF 544F 1BD9 548C 8F15 86EF 6770 052B B8C1 FA69 signature.asc Description: Digital signature
Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
I've attached such a patch to this message, it is trivial and does not break your current system, I would appreciate if you accept it or provide an alternative that removes the need to change the scripts and review them on each upgrade. Sorry, I forgot the patch. -- Sergio Talens-Oliag [EMAIL PROTECTED] http://people.debian.org/~sto/ Key fingerprint = 29DF 544F 1BD9 548C 8F15 86EF 6770 052B B8C1 FA69 diff -ruN pdnsd-1.2.6-par.orig/debian/changelog pdnsd-1.2.6-par/debian/changelog --- pdnsd-1.2.6-par.orig/debian/changelog 2007-09-24 19:48:15.0 +0200 +++ pdnsd-1.2.6-par/debian/changelog 2007-09-24 19:53:13.0 +0200 @@ -1,3 +1,11 @@ +pdnsd (1.2.6-par-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Modified init.d and resolvconf scripts to support the use of pdnsd + +resolvconf when pdnsd is listening on an IP other than 127.0.0.1 + + -- Sergio Talens-Oliag [EMAIL PROTECTED] Mon, 24 Sep 2007 19:51:10 +0200 + pdnsd (1.2.6-par-1) unstable; urgency=low * New upstream release. diff -ruN pdnsd-1.2.6-par.orig/debian/default pdnsd-1.2.6-par/debian/default --- pdnsd-1.2.6-par.orig/debian/default 2007-09-24 19:48:15.0 +0200 +++ pdnsd-1.2.6-par/debian/default 2007-09-24 23:57:10.0 +0200 @@ -4,3 +4,7 @@ AUTO_MODE= # optional CLI options to pass to pdnsd(8) START_OPTIONS= +# adjust the pdnsd server ip for resolvconf, the value defaults to 127.0.0.1 +# and only needs to be changed when resolvconf is installed and the +# 'pdnsd.conf' contains a server_ip different than '127.0.0.1' or 'any'. +PDNSD_SERVER_IP= diff -ruN pdnsd-1.2.6-par.orig/debian/init.d pdnsd-1.2.6-par/debian/init.d --- pdnsd-1.2.6-par.orig/debian/init.d 2007-09-24 19:48:15.0 +0200 +++ pdnsd-1.2.6-par/debian/init.d 2007-09-24 23:50:27.0 +0200 @@ -63,7 +63,10 @@ pdnsd-ctl status /dev/null 21 || return $? if [ -x /sbin/resolvconf ] ; then -echo nameserver 127.0.0.1 | /sbin/resolvconf -a lo.$NAME +if [ -z ${PDNSD_SERVER_IP} ]; then +PDNSD_SERVER_IP=127.0.0.1; +fi +echo nameserver ${PDNSD_SERVER_IP} | /sbin/resolvconf -a lo.$NAME fi } diff -ruN pdnsd-1.2.6-par.orig/debian/resolvconf pdnsd-1.2.6-par/debian/resolvconf --- pdnsd-1.2.6-par.orig/debian/resolvconf 2007-09-24 19:48:15.0 +0200 +++ pdnsd-1.2.6-par/debian/resolvconf 2007-09-24 23:51:31.0 +0200 @@ -22,6 +22,13 @@ [ -x /lib/resolvconf/list-records ] || exit 1 [ -e /var/cache/pdnsd/pdnsd.status ] || exit 0 +if test -r /etc/default/pdnsd; then +. /etc/default/pdnsd +fi +if [ -z $PDNSD_SERVER_IP ]; then +PDNSD_SERVER_IP=127.0.0.1; +fi + PATH=/bin:/sbin uniquify() @@ -39,7 +46,7 @@ uniquify `cat $(/lib/resolvconf/list-records) /dev/null\ | sed -n -e 's/^[[:space:]]*nameserver[[:space:]]\+//p' \ -| grep -v '^127.0.0.1$'` +| grep -v ^$PDNSD_SERVER_IP$` if [ -n $RSLT ] ; then OUTPUT=$(/usr/sbin/pdnsd-ctl server resolvconf up $RSLT || :) signature.asc Description: Digital signature
Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
On Mon, Sep 24, 2007 at 10:08:17PM +, Sergio Talens-Oliag wrote: reopen 443871 thanks I did not closed the bug, I marked it wontfix. El Mon, Sep 24, 2007 at 08:54:38PM +0200, Pierre Habouzit va escriure: On Mon, Sep 24, 2007 at 06:08:35PM +, Sergio Talens-Oliag wrote: I accept that my patch is not good enough for your taste, and maybe a better one or a different solution is a better option, but I disagree about your argument about conffiles. It's not a matter of not good enough it's just brittle. My job is to provide a good sane default for 99% of the use of the software. I can't provide a perfect sane default for any use, so just make up your stuff if you need to. Instead of simplifying the maintenance of the package you want me to modify two configuration files (if I do a manual configuration that is normal) but I also need to change and review on each upgrade two scripts that I would normally asume that I don't need to touch (in Debian the use of /etc/default/PACKAGE_NAME usually means that I don't need to touch the scripts distributed under /etc). You don't need to touch the init.d script, only the one in /etc/resolvconf/update.d/pdnsd, so please, give me a break. For your own system, you can hardcode the thing in there if you want, the merge will be trivial. (especially since it's a one liner diff). I provide two reasonable usual setups, if yours differs, use manual setup, and do your config. I offer _rock solid_ configuration schemes, sorry, but your patch isn't. My patch is not _rock solid_, but I'm using a manual setup and when I do a really simple change on the main configuration file the system breaks and I need to change two additional scripts because you have hardcoded a value... I would not call that _rock solid_, would you? Now the question is, would you accept a patch to support the use of a variable in /etc/default/pdnsd to change the resolvconf server ip for manual setups? I don't like the fact that you have to duplicate configuration in many places. That should just be automatic. and editing /etc/default/pdnsd _and_ /etc/pdnsd.conf is not a good solution. People will never ever guess they need to do things like that. OTOH, why isn't 'any' or 0.0.0.0 suitable for you ? This way, using 127.0.0.1 still works... And if you want my opinion, the best fix is to patch pdnsd to be able to listen on multiple addresses... it's probably not _that_ hard. -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org pgpyC4UeGpRkf.pgp Description: PGP signature
Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
On Mon, Sep 24, 2007 at 10:58:19PM +, Pierre Habouzit wrote: On Mon, Sep 24, 2007 at 10:08:17PM +, Sergio Talens-Oliag wrote: El Mon, Sep 24, 2007 at 08:54:38PM +0200, Pierre Habouzit va escriure: On Mon, Sep 24, 2007 at 06:08:35PM +, Sergio Talens-Oliag wrote: I accept that my patch is not good enough for your taste, and maybe a better one or a different solution is a better option, but I disagree about your argument about conffiles. It's not a matter of not good enough it's just brittle. My job is to provide a good sane default for 99% of the use of the software. I can't provide a perfect sane default for any use, so just make up your stuff if you need to. I may not be very clear, but here is what I think: * either you provide a rock solid way to know which interface the user listen to, and sed is not good enough ; * or you roll your own configuration. Any in between state is somehow more than unsatisfying, and is a situation that will likely generate bad configurations. I reckon the current situation isn't great for what you try to achieve, but you don't make it better. Make it better means, prevent users to shoot themselves in the foot while configuring. Using resolvconf _and_ listening to anything else than any or the loopback is just unlikely enough that I don't want to provide a quite broken support for this. -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org pgpV0zANmwv7K.pgp Description: PGP signature
Bug#443871: pdnsd: Don't hardcode 127.0.0.1 as nameserver when using resolvconf
tag 443871 - wontfix thanks El Mon, Sep 24, 2007 at 08:54:38PM +0200, Pierre Habouzit va escriure: On Mon, Sep 24, 2007 at 06:08:35PM +, Sergio Talens-Oliag wrote: I want to use resolconf with pdnsd and be able to bind to an interface different than the loopback one, but the current scripts hardcode the 127.0.0.1 address. Attached you will find a patch that tries to read the server_ip value from the pdnsd.conf file and uses it when available; if it can't find the value falls back to use the loopback address. This is way too brittle, for me to accept this patch (as there could be multiple server_ip lines, quoted ones, whatever). What you need to plug pdnsd into resolvconf is located under /etc, hence won't be modified through upgrades (conffiles). You can do whatever you want with those. Though I've found a non brittle way: pdnsd-ctl status|sed -ne '/^Global:$/,/^Server.*:$/s/.*Server ip.*: \(.*\)$/\1/p' This will never generate silent failures, and we can use that even with setups using interface = eth0 in pdnsd.conf. Next upload will contain a kludge based on that I guess. -- ·O· Pierre Habouzit ··O[EMAIL PROTECTED] OOOhttp://www.madism.org pgpqWPv34mYGC.pgp Description: PGP signature