[Pkg-dns-devel] Bug#826241: Bug#826241: Bug#826241: Bug#826241: Bug#826241: Bug#826241: unbound: Provide $named facility under systemd
Robert Edmonds
edmonds at debian.org
Sat Jul 16 18:44:27 UTC 2016
Michael Biebl wrote:
> Am 09.07.2016 um 23:36 schrieb Robert Edmonds:
> > But it looks like “systemctl restart unbound“ takes 90 seconds to
> > complete, though it eventually exits with return code 0. When “systemctl
> > restart unbound“ is running, I see the following initially printed to
> > the journal:
>
> ..
>
> > I'm not quite sure what the issue is. Any ideas? This is on an
> > up-to-date stretch VM, with these unbound packages installed:
> >
> > https://people.debian.org/~edmonds/build/unbound/1.5.9-2/
> >
> > along with resolvconf and postfix from testing.
>
>
> I did test those packages on a clean, up-to-date stretch system, where I ran
> apt install unbound resolvconf postfix
> reboot
> <login>
> systemctl restart unbound
>
> That worked just fine without delay.
Hi, Michael:
It appears postfix introduced native systemd unit files in version
3.1.0-3.1, which migrated to testing a day before your email, and a few
days after mine. So you must have been testing postfix with the new unit
files, and I was testing postfix with the old sysvinit scripts. So we
were both testing on up-to-date stretch systems :-)
> So I'm unable to reproduce the problem and from my POV the packages
> would be good to go.
OK, I'll try it again.
I installed a fresh stretch VM from scratch. I have these packages
installed:
* unreleased unbound (from p.d.o/~edmonds/build/unbound/1.5.9-2/)
* postfix 3.1.0-3.1
* resolvconf 1.79
I do see “systemctl restart unbound” returning instantly now, and
unbound-resolvconf.service is running and causing /etc/resolv.conf to be
updated.
However, it looks like the copy of resolv.conf inside postfix's chroot
*is not being updated*, which appears to be the whole point of postfix's
resolvconf hook. If that doesn't happen, then postfix won't have working
name resolution(!).
Here is with a freshly booted system:
root at unbound:~# stat '--format=%n: %y' /etc/resolvconf/run/resolv.conf /var/spool/postfix/etc/resolv.conf
/etc/resolvconf/run/resolv.conf: 2016-07-16 17:35:53.372000000 +0000
/var/spool/postfix/etc/resolv.conf: 2016-07-16 17:35:52.984000000 +0000
root at unbound:~# head -999 /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
==> /etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
==> /var/spool/postfix/etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
root at unbound:~#
It looks like postfix is starting early enough that it copies
resolv.conf into its chroot before resolv.conf has usable content, and
then when resolvconf does get updated, the postfix resolvconf hook
either isn't being invoked, or is being invoked but is not successfully
performing the copy.
Manually restarting unbound also doesn't cause postfix's copy of
resolv.conf to be updated:
root at unbound:~# systemctl restart unbound
root at unbound:~# stat '--format=%n: %y' /etc/resolvconf/run/resolv.conf /var/spool/postfix/etc/resolv.conf
/etc/resolvconf/run/resolv.conf: 2016-07-16 17:38:51.287627372 +0000
/var/spool/postfix/etc/resolv.conf: 2016-07-16 17:35:52.984000000 +0000
root at unbound:~# head -999 /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
==> /etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
==> /var/spool/postfix/etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
root at unbound:~#
When I run the postfix resolvconf hook by hand, it does cause the
postfix chroot's resolv.conf to be updated:
root at unbound:~# head -999 /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
==> /etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
==> /var/spool/postfix/etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
root at unbound:~# sh -x /etc/resolvconf/update-libc.d/postfix
+ service postfix status
+ /usr/sbin/postconf -h queue_directory
+ QUEUEDIR=/var/spool/postfix
+ [ -n /var/spool/postfix ]
+ cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
+ service postfix reload
+ exit 0
root at unbound:~# head -999 /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
==> /etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
==> /var/spool/postfix/etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
root at unbound:~#
However, I don't see any entries in the journal about postfix being
reloaded when unbound or unbound-resolvconf are restarted.
I went looking in postfix's bugs for issues related to systemd and found
#831026 (“Please propagate reload request to all instances”) which
sounds like it might be related. But after applying the patch in that
bug, it didn't make a difference:
root at unbound:~# systemctl cat postfix at -.service
# /lib/systemd/system/postfix at .service
[Unit]
Description=Postfix Mail Transport Agent (instance %i)
Documentation=man:postfix(1)
PartOf=postfix.service
►►► ReloadPropagatedFrom=postfix.service
[Service]
Type=forking
GuessMainPID=no
ExecStartPre=/usr/lib/postfix/configure-instance.sh %i
ExecStart=/usr/sbin/postmulti -i %i -p start
ExecStop=/usr/sbin/postmulti -i %i -p stop
ExecReload=/usr/sbin/postmulti -i %i -p reload
[Install]
WantedBy=multi-user.target
root at unbound:~# stat '--format=%n: %y' /etc/resolvconf/run/resolv.conf /var/spool/postfix/etc/resolv.conf
/etc/resolvconf/run/resolv.conf: 2016-07-16 17:48:27.576000000 +0000
/var/spool/postfix/etc/resolv.conf: 2016-07-16 17:48:27.052000000 +0000
root at unbound:~# head -999 /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
==> /etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
==> /var/spool/postfix/etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
root at unbound:~# systemctl restart unbound
root at unbound:~# systemctl status unbound
● unbound.service - Unbound DNS server
Loaded: loaded (/lib/systemd/system/unbound.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/unbound.service.d
└─50-insserv.conf-$named.conf, 50-unbound-$named.conf
Active: active (running) since Sat 2016-07-16 17:50:23 UTC; 48s ago
Process: 1918 ExecStartPre=/usr/lib/unbound/package-helper root_trust_anchor_update (code=exited, status=0/SUCCESS)
Process: 1914 ExecStartPre=/usr/lib/unbound/package-helper chroot_setup (code=exited, status=0/SUCCESS)
Main PID: 1924 (unbound)
CGroup: /system.slice/unbound.service
└─1924 /usr/sbin/unbound -d
Jul 16 17:50:23 unbound systemd[1]: Stopped Unbound DNS server.
Jul 16 17:50:23 unbound systemd[1]: Starting Unbound DNS server...
Jul 16 17:50:23 unbound package-helper[1918]: /var/lib/unbound/root.key has content
Jul 16 17:50:23 unbound package-helper[1918]: success: the anchor is ok
Jul 16 17:50:23 unbound systemd[1]: Started Unbound DNS server.
Jul 16 17:50:23 unbound unbound[1924]: [1924:0] notice: init module 0: validator
Jul 16 17:50:23 unbound unbound[1924]: [1924:0] notice: init module 1: iterator
Jul 16 17:50:23 unbound unbound[1924]: [1924:0] info: start of service (unbound 1.5.9).
root at unbound:~# stat '--format=%n: %y' /etc/resolvconf/run/resolv.conf /var/spool/postfix/etc/resolv.conf
/etc/resolvconf/run/resolv.conf: 2016-07-16 17:50:23.880574422 +0000
/var/spool/postfix/etc/resolv.conf: 2016-07-16 17:48:27.052000000 +0000
root at unbound:~# head -999 /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
==> /etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
==> /var/spool/postfix/etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
root at unbound:~#
So, now I did a huge hack. In /sbin/resolvconf I replaced “run-parts”
with “run-parts --verbose”; in /etc/resolvconf/update.d/libc I added -x
to the shebang line and replaced “run-parts” with “run-parts --verbose”;
in /etc/resolvconf/update-libc.d/postfix I changed “-e” to “-ex” on the
shebang line. Now, after a fresh boot I see the following journal output
for unbound-resolvconf.service:
root at unbound:~# systemctl status -n 1000 -l unbound-resolvconf.service --no-pager
● unbound-resolvconf.service - Unbound DNS server via resolvconf
Loaded: loaded (/lib/systemd/system/unbound-resolvconf.service; enabled; vendor preset: enabled)
Active: active (exited) since Sat 2016-07-16 18:14:07 UTC; 3min 23s ago
Main PID: 1693 (code=exited, status=0/SUCCESS)
Jul 16 18:14:07 unbound systemd[1]: Started Unbound DNS server via resolvconf.
Jul 16 18:14:07 unbound package-helper[1693]: run-parts: executing /etc/resolvconf/update.d/libc -a lo.unbound
Jul 16 18:14:07 unbound package-helper[1693]: + set -e
Jul 16 18:14:07 unbound package-helper[1693]: + PATH=/sbin:/bin
Jul 16 18:14:07 unbound package-helper[1693]: + [ -x /lib/resolvconf/list-records ]
Jul 16 18:14:07 unbound package-helper[1693]: + [ -r /etc/default/resolvconf ]
Jul 16 18:14:07 unbound package-helper[1693]: + ETC=/etc
Jul 16 18:14:07 unbound package-helper[1693]: + ETCRESOLVCONF=/etc/resolvconf
Jul 16 18:14:07 unbound package-helper[1693]: + RESOLVCONFDIR=/etc/resolvconf/resolv.conf.d
Jul 16 18:14:07 unbound package-helper[1693]: + BASEFILE=/etc/resolvconf/resolv.conf.d/base
Jul 16 18:14:07 unbound package-helper[1693]: + HEADFILE=/etc/resolvconf/resolv.conf.d/head
Jul 16 18:14:07 unbound package-helper[1693]: + TAILFILE=/etc/resolvconf/resolv.conf.d/tail
Jul 16 18:14:07 unbound package-helper[1693]: + DYNAMICRSLVCNFFILE=/etc/resolvconf/run/resolv.conf
Jul 16 18:14:07 unbound package-helper[1693]: + TMPFILE=/etc/resolvconf/run/resolv.conf_new.1719
Jul 16 18:14:07 unbound package-helper[1693]: + [ -z ]
Jul 16 18:14:07 unbound package-helper[1693]: + [ ]
Jul 16 18:14:07 unbound package-helper[1693]: + REPORT_ABSENT_SYMLINK=y
Jul 16 18:14:07 unbound package-helper[1693]: + [ -z ]
Jul 16 18:14:07 unbound package-helper[1693]: + [ ]
Jul 16 18:14:07 unbound package-helper[1693]: + TRUNCATE_NAMESERVER_LIST_AFTER_LOOPBACK_ADDRESS=y
Jul 16 18:14:07 unbound package-helper[1693]: + resolv_conf_is_symlinked_to_dynamic_file
Jul 16 18:14:07 unbound package-helper[1693]: + [ -L /etc/resolv.conf ]
Jul 16 18:14:07 unbound package-helper[1693]: + readlink /etc/resolv.conf
Jul 16 18:14:07 unbound package-helper[1693]: + [ /etc/resolvconf/run/resolv.conf = /etc/resolvconf/run/resolv.conf ]
Jul 16 18:14:07 unbound package-helper[1693]: + /lib/resolvconf/list-records
Jul 16 18:14:07 unbound package-helper[1693]: + RSLVCNFFILES=lo.unbound
Jul 16 18:14:07 unbound package-helper[1693]: enp0s3.dhclient
Jul 16 18:14:07 unbound package-helper[1693]: + [ -f /etc/resolvconf/resolv.conf.d/base ]
Jul 16 18:14:07 unbound package-helper[1693]: + RSLVCNFFILES=lo.unbound
Jul 16 18:14:07 unbound package-helper[1693]: enp0s3.dhclient
Jul 16 18:14:07 unbound package-helper[1693]: /etc/resolvconf/resolv.conf.d/base
Jul 16 18:14:07 unbound package-helper[1693]: + NMSRVRS=
Jul 16 18:14:07 unbound package-helper[1693]: + [ lo.unbound
Jul 16 18:14:07 unbound package-helper[1693]: enp0s3.dhclient
Jul 16 18:14:07 unbound package-helper[1693]: /etc/resolvconf/resolv.conf.d/base ]
Jul 16 18:14:07 unbound package-helper[1693]: + sed -n s/^[[:space:]]*nameserver[[:space:]]\+//p lo.unbound enp0s3.dhclient /etc/resolvconf/resolv.conf.d/base
Jul 16 18:14:07 unbound package-helper[1693]: + uniquify_nameserver_list 127.0.0.1 75.75.75.75 75.75.76.76
Jul 16 18:14:07 unbound package-helper[1693]: + NMSRVRS=
Jul 16 18:14:07 unbound package-helper[1693]: + N=0
Jul 16 18:14:07 unbound package-helper[1693]: + [ 127.0.0.1 ]
Jul 16 18:14:07 unbound package-helper[1693]: + NMSRVRS=127.0.0.1
Jul 16 18:14:07 unbound package-helper[1693]: + return 0
Jul 16 18:14:07 unbound package-helper[1693]: + SRCHS=
Jul 16 18:14:07 unbound package-helper[1693]: + [ lo.unbound
Jul 16 18:14:07 unbound package-helper[1693]: enp0s3.dhclient
Jul 16 18:14:07 unbound package-helper[1693]: /etc/resolvconf/resolv.conf.d/base ]
Jul 16 18:14:07 unbound package-helper[1693]: + sed -n s/^[[:space:]]*\(\(search\)\|\(domain\)\)[[:space:]]\+//p lo.unbound enp0s3.dhclient /etc/resolvconf/resolv.conf.d/base
Jul 16 18:14:07 unbound package-helper[1693]: + uniquify hsd1.ga.comcast.net
Jul 16 18:14:07 unbound package-helper[1693]: + RSLT=
Jul 16 18:14:07 unbound package-helper[1693]: + local D
Jul 16 18:14:07 unbound package-helper[1693]: + [ hsd1.ga.comcast.net ]
Jul 16 18:14:07 unbound package-helper[1693]: + D=hsd1.ga.comcast.net
Jul 16 18:14:07 unbound package-helper[1693]: + RSLT=hsd1.ga.comcast.net
Jul 16 18:14:07 unbound package-helper[1693]: + shift
Jul 16 18:14:07 unbound package-helper[1693]: + [ ]
Jul 16 18:14:07 unbound package-helper[1693]: + SRCHS=hsd1.ga.comcast.net
Jul 16 18:14:07 unbound package-helper[1693]: + trap clean_up EXIT
Jul 16 18:14:07 unbound package-helper[1693]: + clean_up
Jul 16 18:14:07 unbound package-helper[1693]: + rm -f /etc/resolvconf/run/resolv.conf_new.1719
Jul 16 18:14:07 unbound package-helper[1693]: + :
Jul 16 18:14:07 unbound package-helper[1693]: + [ -f /etc/resolvconf/resolv.conf.d/head ]
Jul 16 18:14:07 unbound package-helper[1693]: + cat /etc/resolvconf/resolv.conf.d/head
Jul 16 18:14:07 unbound package-helper[1693]: + echo nameserver 127.0.0.1
Jul 16 18:14:07 unbound package-helper[1693]: + [ hsd1.ga.comcast.net ]
Jul 16 18:14:07 unbound package-helper[1693]: + echo search hsd1.ga.comcast.net
Jul 16 18:14:07 unbound package-helper[1693]: + [ lo.unbound
Jul 16 18:14:07 unbound package-helper[1693]: enp0s3.dhclient
Jul 16 18:14:07 unbound package-helper[1693]: /etc/resolvconf/resolv.conf.d/base ]
Jul 16 18:14:07 unbound package-helper[1693]: + sed -e /^[[:space:]]*$/d -e /^[[:space:]]*#/d -e /^[[:space:]]*\(\(nameserver\)\|\(search\)\|\(domain\)\)[[:space:]]/d lo.unbound enp0s3.dhclient /etc/resolvconf/resolv.conf.d/base
Jul 16 18:14:07 unbound package-helper[1693]: + [ -f /etc/resolvconf/resolv.conf.d/tail ]
Jul 16 18:14:07 unbound package-helper[1693]: + cat /etc/resolvconf/resolv.conf.d/tail
Jul 16 18:14:07 unbound package-helper[1693]: + [ -f /etc/resolvconf/run/resolv.conf ]
Jul 16 18:14:07 unbound package-helper[1693]: + cat /etc/resolvconf/run/resolv.conf_new.1719
Jul 16 18:14:07 unbound package-helper[1693]: + cat /etc/resolvconf/run/resolv.conf
Jul 16 18:14:07 unbound package-helper[1693]: + [ # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
Jul 16 18:14:07 unbound package-helper[1693]: # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
Jul 16 18:14:07 unbound package-helper[1693]: nameserver 127.0.0.1
Jul 16 18:14:07 unbound package-helper[1693]: search hsd1.ga.comcast.net = # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
Jul 16 18:14:07 unbound package-helper[1693]: # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
Jul 16 18:14:07 unbound package-helper[1693]: nameserver 75.75.75.75
Jul 16 18:14:07 unbound package-helper[1693]: nameserver 75.75.76.76
Jul 16 18:14:07 unbound package-helper[1693]: search hsd1.ga.comcast.net ]
Jul 16 18:14:07 unbound package-helper[1693]: + mv -f /etc/resolvconf/run/resolv.conf_new.1719 /etc/resolvconf/run/resolv.conf
Jul 16 18:14:07 unbound package-helper[1693]: + resolv_conf_is_symlinked_to_dynamic_file
Jul 16 18:14:07 unbound package-helper[1693]: + [ -L /etc/resolv.conf ]
Jul 16 18:14:07 unbound package-helper[1693]: + readlink /etc/resolv.conf
Jul 16 18:14:07 unbound package-helper[1693]: + [ /etc/resolvconf/run/resolv.conf = /etc/resolvconf/run/resolv.conf ]
Jul 16 18:14:07 unbound package-helper[1693]: + [ -d /etc/resolvconf/update-libc.d ]
Jul 16 18:14:07 unbound package-helper[1693]: + exec run-parts --verbose /etc/resolvconf/update-libc.d
Jul 16 18:14:07 unbound package-helper[1693]: run-parts: executing /etc/resolvconf/update-libc.d/postfix
Jul 16 18:14:07 unbound package-helper[1693]: + service postfix status
Jul 16 18:14:07 unbound package-helper[1693]: + exit 0
root at unbound:~#
The last few lines are the key part, I think:
Jul 16 18:14:07 unbound package-helper[1693]: run-parts: executing /etc/resolvconf/update-libc.d/postfix
Jul 16 18:14:07 unbound package-helper[1693]: + service postfix status
Jul 16 18:14:07 unbound package-helper[1693]: + exit 0
The 'service postfix status' fails, and the hook script takes the first
'|| exit 0' short circuit out of the script. Why does it fail though?
I removed the '>/dev/null 2>&1' redirections from the postfix hook
script. Now I get:
Jul 16 18:22:17 unbound package-helper[2408]: run-parts: executing /etc/resolvconf/update-libc.d/postfix
Jul 16 18:22:17 unbound package-helper[2408]: + service postfix status
Jul 16 18:22:17 unbound package-helper[2408]: /etc/resolvconf/update-libc.d/postfix: 5: /etc/resolvconf/update-libc.d/postfix: service: not found
Jul 16 18:22:17 unbound package-helper[2430]: + exit 0
That's weird, 'service' is in /usr/sbin… So I edited the hook script to
print $PATH:
Jul 16 18:22:37 unbound package-helper[2484]: run-parts: executing /etc/resolvconf/update-libc.d/postfix
Jul 16 18:22:37 unbound package-helper[2484]: + echo /sbin:/bin
Jul 16 18:22:37 unbound package-helper[2484]: /sbin:/bin
Jul 16 18:22:37 unbound package-helper[2484]: + service postfix status
Jul 16 18:22:37 unbound package-helper[2484]: /etc/resolvconf/update-libc.d/postfix: 7: /etc/resolvconf/update-libc.d/postfix: service: not found
Jul 16 18:22:37 unbound package-helper[2484]: + exit 0
So, 'service' is in /usr/sbin, but /usr/sbin is not in $PATH, and
'service' is not invoked with an absolute path. Then I edited the hook
script to fix $PATH:
Jul 16 18:32:01 unbound package-helper[1721]: run-parts: executing /etc/resolvconf/update-libc.d/postfix
Jul 16 18:32:01 unbound package-helper[1721]: + export PATH=/usr/sbin:/usr/bin:/sbin:/bin
Jul 16 18:32:01 unbound package-helper[1721]: + /usr/sbin/service postfix status
Jul 16 18:32:01 unbound package-helper[1721]: + /usr/sbin/postconf -h queue_directory
Jul 16 18:32:01 unbound package-helper[1721]: + QUEUEDIR=/var/spool/postfix
Jul 16 18:32:01 unbound package-helper[1721]: + [ -n /var/spool/postfix ]
Jul 16 18:32:01 unbound package-helper[1721]: + cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
Jul 16 18:32:01 unbound package-helper[1721]: + /usr/sbin/service postfix reload
Jul 16 18:32:01 unbound package-helper[1721]: + exit 0
That seems to work. Now on boot, and whenever unbound is restarted, the
postfix chroot is picking up the changes to resolv.conf:
root at unbound:~# head -999 /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
==> /etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
==> /var/spool/postfix/etc/resolv.conf <==
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search hsd1.ga.comcast.net
root at unbound:~#
So it looks like at some point postfix's resolvconf hook has become
buggy (or has always been buggy?), and no longer works when restarted by
the unbound-resolvconf.service unit file. (Maybe $PATH was different in
the postfix resolvconf hook when unbound used a sysvinit script to
invoke resolvconf.)
Anyway, this needs to be fixed before I can upload an unbound package
with native service units. I can't upload an unbound that breaks
postfix. Does the fix need to go in the unbound or resolvconf or postfix
package?
--
Robert Edmonds
edmonds at debian.org
More information about the pkg-dns-devel
mailing list