[Pkg-dns-devel] Bug#892858: dnssec-trigger: only first defined search domain added to resolv.conf, domain ignored entirely
Paul Bransford
draeath at gmail.com
Tue Mar 13 21:07:47 UTC 2018
Package: dnssec-trigger
Version: 0.13-6
Severity: important
Two (related) problems I have identified with dnssec-triggerd:
1. only the first defined search domain is added to resolv.conf
2. the domain itself is absent from the resolv.conf entirely
Below information and output has some text redacted/replaced to avoid
exposing internal network configuration details via a public bug report,
and clarity.
-- Related configuration changes from package defaults
/etc/dnssec.conf
set_search_domains=yes
/etc/dnssec-trigger/dnssec-trigger.conf
domain: "zone0.example.com"
search: "zone1.example.com zone2.example.com zone3.example.com"
/etc/NetworkManager/NetworkManager.conf
[main]
dns=unbound
/etc/unbound/unbound.conf.d/99-custom.conf
# various server and forward-zone settings
# I do *not* have (or want) global forwarders
-- Generated resolv.conf
# Generated by dnssec-trigger-script
nameserver 127.0.0.1
search zone1.example.com
-- Desired resolv.conf
nameserver 127.0.0.1
domain zone0.example.com
search zone1.example.com zone2.example.com zone3.example.com
-- journalctl output for dnssec-triggerd
systemd[1]: Starting Reconfigure local DNSSEC resolver on connectivity changes...
dnssec-trigger-script[5784]: Backing up /etc/resolv.conf as /run/dnssec-trigger/resolv.conf.backup...
dnssec-trigger-script[5784]: Cannot back up '/etc/resolv.conf' as '/run/dnssec-trigger/resolv.conf.backup': No such file or directory
dnssec-triggerd[5789]: [5789] info: dnssec-trigger 0.13 start
dnssec-triggerd[5789]: Search domains: zone1.example.com
dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable
dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable
dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable
dnssec-trigger-script[5790]: Global forwarders: REDACTED REDACTED
dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable
dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable
dnssec-triggerd[5789]: [5789] error: http_probe_create_get: Network is unreachable
dnssec-triggerd[5789]: ok
dnssec-triggerd[5789]: Search domains: zone1.example.com
dnssec-trigger-script[5790]: Connection provided zone 'zone1.example.com' (validated): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone 'c.f.ip6.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone 'd.f.ip6.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '168.192.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '16.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '17.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '18.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '19.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '20.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '21.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '22.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '23.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '24.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '25.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '26.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '27.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '28.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '29.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '30.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '31.172.in-addr.arpa' (insecure): REDACTED, REDACTED
dnssec-trigger-script[5790]: Connection provided zone '10.in-addr.arpa' (insecure): REDACTED, REDACTED
systemd[1]: Started Reconfigure local DNSSEC resolver on connectivity changes.
-- follows is reportbug included information --
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dnssec-trigger depends on:
ii gir1.2-networkmanager-1.0 1.6.2-3
ii init-system-helpers 1.48
ii libc6 2.24-11+deb9u1
ii libgdk-pixbuf2.0-0 2.36.5-2+deb9u2
ii libglib2.0-0 2.50.3-2
ii libgtk2.0-0 2.24.31-2
ii libldns2 1.7.0-1
ii libssl1.1 1.1.0f-3+deb9u1
ii python 2.7.13-2
ii python-gi 3.22.0-2
ii python-lockfile 1:0.12.2-2
ii unbound 1.6.0-3+deb9u1
dnssec-trigger recommends no packages.
dnssec-trigger suggests no packages.
-- Configuration Files:
/etc/dnssec-trigger/dnssec-trigger.conf changed [not included]
/etc/dnssec.conf changed [not included]
-- no debconf information
More information about the pkg-dns-devel
mailing list