G'day all,
Have an optimisation question wrt to DNS lookups that one of the list wizards
might be able to help
me with. Firstly I'd better give you a little background into my network
configuration though so
bear with me..
I have a home network (192.168.2.0/24). It has a number of boxes on it. I hate
remembering IP
addresses so I have a local DNS server at home that is authoritative for my
.home domain.
I also have a VPN network (10.8.0.0/24) connecting several boxes around the
globe to my home network
using OpenVPN. I hate remembering IP addresses for those too, so I have a
.vpn.home subdomain. All
is good when I'm at home.
I have a laptop. I like to take it outside for a walk.
My laptop has an OpenVPN client that makes sure within 5 seconds of being
connected to any network,
I'm also connected to home. My laptop has a dbus-hook that checks my ESSID and
other network
parameters and knows when I'm not at home.
When I'm not at home it establishes a route to my home network (192.168.2.0/24)
over my OpenVPN
tunnel (tun0/10.8.0.0/24).
All is good with this setup. No matter where I am, I can access my network
completely transparently
and securely. (yay).
Now. I use dhclient to get my dhcp leases (or my default Ubuntu setup does
anyway) and when dhclient
gets a new lease, the 1st thing it does is clobber my /etc/resolv.conv with
local details.
This is both good and bad. Good because I can access the world. Bad because I
can't resolve my .home
domain.
This can be solved by editing my /etc/resolv.conf to contain
search home
nameserver 192.168.2.1
as the 1st 2 lines and I've taught dhclient to do that for me as follows
[EMAIL PROTECTED]:~$ cat /etc/dhcp3/dhclient-enter-hooks.d/resolv
make_resolv_conf() {
if [ -n "$new_domain_name" -o -n "$new_domain_name_servers" ]; then
# Find out whether we are going to mount / rw
exec 9>&0 </etc/fstab
rootmode=rw
while read dev mnt type opts dump pass junk; do
[ "$mnt" != / ] && continue
case "$opts" in
ro|ro,*|*,ro|*,ro,*)
rootmode=ro
;;
esac
done
exec 0>&9 9>&-
# Wait for /etc/resolv.conf to become writable
if [ "$rootmode" = "rw" ]; then
while [ ! -w /etc ]; do
sleep 0.1
done
fi
local new_resolv_conf=/etc/resolv.conf.dhclient-new
rm -f $new_resolv_conf
echo search home >>$new_resolv_conf
echo nameserver 192.168.2.1 >>$new_resolv_conf
if [ -n "$new_domain_name_servers" ]; then
for nameserver in $new_domain_name_servers; do
echo nameserver $nameserver >>$new_resolv_conf
done
else # keep 'old' nameservers
sed -n /^\w*[Nn][Aa][Mm][Ee][Ss][Ee][Rr][Vv][Ee][Rr]/p
/etc/resolv.conf >>$new_resolv_conf
fi
chown --reference=/etc/resolv.conf $new_resolv_conf
chmod --reference=/etc/resolv.conf $new_resolv_conf
mv -f $new_resolv_conf /etc/resolv.conf
fi
}
(There is supposedly a better way to do this using the "prepend" phrase in
dhclient.conf but I'm
buggered if I could get it to work, and doing it this way means I'm not editing
*any* config files
and thus will easily survive any package upgrades with no warnings)
Now, all is pretty groovy with this setup..
I'm at someones office right now and my current /etc/resolv.conf is
[EMAIL PROTECTED]:~$ cat /etc/resolv.conf
search home
nameserver 192.168.2.1
nameserver 192.168.1.8
So when my vpn is up, all my dns lookups are forced over the vpn, and I can
resolve my network (and
the rest of the world). When my VPN is down that nameserver times out and it
all falls back to the
local nameserver.
Problem is really related to speed.
At the moment all my lookups go over the vpn. In Dubai that is ok as I'm never
more than about 80ms
from my server. But when I'm away it can be as much as 600ms.
When you list multiple nameservers in /etc/resolv.conf the resolver library
tries them in order.
If I reverse the above order, it tries the local nameserver which tells it that
.home is not
resolvable. The resolver then comes back to the application and pokes its
tongue out, singing "nyah
nyah nyah nyah" while blowing a rasberry. It will only fall through to the next
nameserver in case
of a timeout, rather than a negative response. (Which is a bit rude as far as
I'm concerned).
Now, having got all that out of the way, my question is ...... <drum roll
please>..
"Is there any way to get the resolver library to behave in a more socially
acceptable fashion and
ask the other nameservers if they have an answer after getting a negative reply
from the first in
the list".
See, this would allow all my resolvable queries to be fielded by the local
servers, and only ask my
server over the slow link in cases of something they can't reply to (like my
.home domain).
I actually documented this here in such length in the hope that someone else
might find it useful (
I know I would have saved ages had google returned more hits on this one ), but
the question stands.
Now, the setup works perfectly well as it is.. so well in fact that I just
never have to even think
about it.. I just turn it on and it *just works*, but because it all works so
seamlessly well, and I
run linux (and therefore like to fiddle constantly) I'm kinda getting itchy
fingers about having
something to tweak, fix or fiddle with.. thus my quest to improve that which is
already pretty good.
Failing that, I could just dd random data into random blocks on my filesystem
which would actually
give me something to fix, but you see my backup/restore system *just works*
too.. so I plug into the
network at home and boot into my restore CD, and it just rebuilds the system
off the server with no
intervention..
Perhaps I need to run Gentoo and do full system recompiles with tweaked out
CFLAGS to give me
something to do, or even re-grease my cpu's with arctiv silver 5 to sink that
extra 2 degrees of heat.
Brad (who has despaired at the lack of list activity of late and taken a deep
vow to change that)
--
"Human beings, who are almost unique in having the ability
to learn from the experience of others, are also remarkable
for their apparent disinclination to do so." -- Douglas Adams
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/dubailug/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
