I looked at the code, in function apply_rules() [1] of the 
dyndns-host-open-helper.

Yes, as you describe, if any of the DNS lookups fail (via the iptables call) 
the DYNDNS_CHAIN falls-back to any valid pre-existing rules.

DNS is known for issues, so much so T-shirts were designed [2], we felt 
intermittent loss of DNS should not effect the dyndns-host-open plugin 
functionality.

I'm not sure if we want to change the logic to support the special case where 
DNS is working but one (of several defined) hostnames is failing.  In Michael's 
example, his new configuration error may not have been caught as soon as it was 
if the failing hostname was ignored.

Lonnie

[1] 
https://github.com/astlinux-project/astlinux/blob/84746e877f445144b6e2de02281813d55c0bd1de/package/arnofw/aif/share/arno-iptables-firewall/plugins/dyndns-host-open-helper#L94

[2] https://www.jeffgeerling.com/blog/2022/it-was-dns-t-shirt-on-redshirtjeffcom



> On Dec 11, 2023, at 12:18 AM, Michael Knill 
> <michael.kn...@ipcsolutions.com.au> wrote:
> 
> Ah I have found the problem.
> We deleted one of the dyndns-host-open domains from our DNS but not from 
> Astlinux which meant that ALL domains in dyndns-host-open.conf failed for 
> that box?
> I must admit that this is not particularly optimal. Is this standard 
> behaviour?
>  
> Regards
> Michael Knill
>  
>  
> From: Michael Keuter <li...@mksolutions.info>
> Date: Thursday, 7 December 2023 at 7:37 pm
> To: AstLinux Users Mailing List <astlinux-users@lists.sourceforge.net>
> Subject: Re: [Astlinux-users] dyndns-host-open plugin update time
> 
> The default time is 900 seconds. You can edit it in the config file.
> Make sure it is enabled (at the top).
> 
> Sent from a mobile device.
>  
> Michael Keuter
> 
> 
> Am 07.12.2023 um 06:25 schrieb Michael Knill 
> <michael.kn...@ipcsolutions.com.au>:
> 
>  
> Hi Group
>  
> Just wondering how long it takes the dyndns-host-open plugin to update. I 
> have been waiting for well over a day now and some sites can see the two 
> servers with nslookup but have not updated iptables.
>  
> Any ideas?
>  
> Regards
>  
> Michael Knill
> Managing Director
>  
> D: +61 2 6189 1360
> P: +61 2 6140 4656
> E: michael.kn...@ipcsolutions.com.au
> W: ipcsolutions.com.au
>  
>  
> <image001.png>
> Smarter Business Communications
>  
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.



_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to