Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-06-18 Thread Vincent Lefevre 
Control: retitle -1 avahi-daemon: 10-second timeout in 
/usr/lib/avahi/avahi-daemon-check-dns.sh and other issues (buggy regexp...)

Any news?

BTW, it seems to be an issue similar to bug 559927

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559927

"/usr/lib/avahi/avahi-daemon-check-dns.sh significantly delays the
boot sequence", with also a 10-second timout on "host -t soa local."
with a local nameserver.

And https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629509
"avahi-daemon-check-dns.sh do not honour comments in /etc/resolv.conf"
covers my remarks and the changes I've suggested in this bug 929010.

Ditto for

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898038

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-17 Thread Vincent Lefevre 
On 2019-05-16 18:36:09 +0200, Michael Biebl wrote:
> Am 16.05.19 um 18:17 schrieb Vincent Lefevre:
> > On 2019-05-16 17:52:03 +0200, Michael Biebl wrote:
> >> I would suggest the following: If there is a local nameserver but no
> >> network connectivity, query the local nameserver only.
> > 
> > OK, I can do that. Indeed, the default behavior of "host" is to try
> > every server in /etc/resolv.conf until it succeeds. I suppose that
> > the solution would be to use this option:
> > 
> >   -s
> >   Do not send the query to the next nameserver if any server responds
> >   with a SERVFAIL response, which is the reverse of normal stub
> >   resolver behavior.
> 
> If the remote server would be ordered first in resolv.conf, I assume
> this would still block? I assume you are making the assumption here that
> the local server will always be listed first? Is that a safe assumption?

I'm not sure why anyone would not put the local nameserver first.
Anyway, an alternative solution is to provide the server to the
host command. Thus dns_reachable() would start with

dns_reachable() {
  # If there are no nameserver entries in resolv.conf there is no dns reachable
  grep -q "^[[:space:]]*nameserver" /etc/resolv.conf || return 1

  LOCALNS=$(sed -n 
's/^[[:space:]]*nameserver[[:space:]]\+\(127\..*\|::1\)[[:space:]]*$/\1/p' 
/etc/resolv.conf | head -n 1)

  # If there is no local nameserver and no we have no global ip addresses
  # then we can't reach any nameservers
  if [ -z "$LOCALNS" ]; then

Note: the first line currently is

  $(grep -q nameserver /etc/resolv.conf) || return 1;

First, $(...) is not necessary. And this command does not check
whether "nameserver" is in a comment (which can occur in practice).
I've fixed it above.

But... I think that the assumption that "there is no dns reachable" is
wrong. The resolv.conf(5) man page says: "If no nameserver entries are
present, the default is to use the name server on the local machine."
Thus I would assume that there *is* a reachable dns in this case.

The resolv.conf(5) man page also says: "If this file does not exist,
only the name server on the local machine will be queried".

In short, shouldn't this line be the following?

  grep -q "^[[:space:]]*nameserver" /etc/resolv.conf 2> /dev/null || return 0

With the above changes, the OUT line would change from

  OUT=`LC_ALL=C host -t soa local. 2>&1`

to

  OUT=`LC_ALL=C host -t soa local. $LOCALNS 2>&1`

But this has the effect to output some more lines about the server
if $LOCALNS is set. Thus

if echo "$OUT" | egrep -vq 'has no|not found'; then
  return 0
fi

should also change to

echo "$OUT" | egrep -q 'has no|not found' || return 0

> > I have another question: in
> > 
> >   if ! $(egrep -q "nameserver 127.0.0.1|::1" /etc/resolv.conf); then 
> > 
> > why testing 127.0.0.1 only, and not all local nameservers?
> > For instance, 127.0.1.1 is used by NetworkManager:
> > 
> > https://askubuntu.com/questions/627899/nameserver-127-0-1-1-in-resolv-conf-wont-go-away
> > 
> > Also, the regexp should be something like "^ *nameserver +(127.0.0.1|::1)"
> > or "^ *nameserver +(127\.|::1)", i.e.
> >   * one should make sure that it is a nameserver line (in particular,
> > not a comment);
> >   * several space characters should match;
> >   * one should make sure that ::1 is preceded by "nameserver"
> > (the parentheses are missing).
> 
> Good question. I don't know why the script only checks for 127.0.0.1 and
> not 127.0.1.1
> 
> Sjoerd, looking through the history of the package, it seems you are
> most likely to be able to answer that.

Above I've used "127\..*" in the regexp.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-16 Thread Michael Biebl 
Am 16.05.19 um 18:17 schrieb Vincent Lefevre:
> On 2019-05-16 17:52:03 +0200, Michael Biebl wrote:
>> I would suggest the following: If there is a local nameserver but no
>> network connectivity, query the local nameserver only.
> 
> OK, I can do that. Indeed, the default behavior of "host" is to try
> every server in /etc/resolv.conf until it succeeds. I suppose that
> the solution would be to use this option:
> 
>   -s
>   Do not send the query to the next nameserver if any server responds
>   with a SERVFAIL response, which is the reverse of normal stub
>   resolver behavior.

If the remote server would be ordered first in resolv.conf, I assume
this would still block? I assume you are making the assumption here that
the local server will always be listed first? Is that a safe assumption?

> I have another question: in
> 
>   if ! $(egrep -q "nameserver 127.0.0.1|::1" /etc/resolv.conf); then 
> 
> why testing 127.0.0.1 only, and not all local nameservers?
> For instance, 127.0.1.1 is used by NetworkManager:
> 
> https://askubuntu.com/questions/627899/nameserver-127-0-1-1-in-resolv-conf-wont-go-away
> 
> Also, the regexp should be something like "^ *nameserver +(127.0.0.1|::1)"
> or "^ *nameserver +(127\.|::1)", i.e.
>   * one should make sure that it is a nameserver line (in particular,
> not a comment);
>   * several space characters should match;
>   * one should make sure that ::1 is preceded by "nameserver"
> (the parentheses are missing).

Good question. I don't know why the script only checks for 127.0.0.1 and
not 127.0.1.1

Sjoerd, looking through the history of the package, it seems you are
most likely to be able to answer that.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-16 Thread Vincent Lefevre 
On 2019-05-16 17:52:03 +0200, Michael Biebl wrote:
> I would suggest the following: If there is a local nameserver but no
> network connectivity, query the local nameserver only.

OK, I can do that. Indeed, the default behavior of "host" is to try
every server in /etc/resolv.conf until it succeeds. I suppose that
the solution would be to use this option:

  -s
  Do not send the query to the next nameserver if any server responds
  with a SERVFAIL response, which is the reverse of normal stub
  resolver behavior.

I have another question: in

  if ! $(egrep -q "nameserver 127.0.0.1|::1" /etc/resolv.conf); then 

why testing 127.0.0.1 only, and not all local nameservers?
For instance, 127.0.1.1 is used by NetworkManager:

https://askubuntu.com/questions/627899/nameserver-127-0-1-1-in-resolv-conf-wont-go-away

Also, the regexp should be something like "^ *nameserver +(127.0.0.1|::1)"
or "^ *nameserver +(127\.|::1)", i.e.
  * one should make sure that it is a nameserver line (in particular,
not a comment);
  * several space characters should match;
  * one should make sure that ::1 is preceded by "nameserver"
(the parentheses are missing).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-16 Thread Michael Biebl 
Am 16.05.19 um 17:44 schrieb Vincent Lefevre:
> On 2019-05-16 16:54:26 +0200, Michael Biebl wrote:
>> I'm happy to review a tested patch, which considers your specific use case.
> 
> Would one of the following behaviors be OK?
> 
> 1. If there is no default route, then assume that we can't reach any
> nameservers (there's potentially a local nameserver, but I don't think
> it would be any use here).
> 
> 2. If (1) alone is not OK for some reason, do (1) only if there's
> at least a non-local nameserver in /etc/resolv.conf (this could be
> regarded as some compromise).
> 
> If one of them is OK, I can provide a patch.
> 

I would suggest the following: If there is a local nameserver but no
network connectivity, query the local nameserver only.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-16 Thread Vincent Lefevre 
On 2019-05-16 16:54:26 +0200, Michael Biebl wrote:
> I'm happy to review a tested patch, which considers your specific use case.

Would one of the following behaviors be OK?

1. If there is no default route, then assume that we can't reach any
nameservers (there's potentially a local nameserver, but I don't think
it would be any use here).

2. If (1) alone is not OK for some reason, do (1) only if there's
at least a non-local nameserver in /etc/resolv.conf (this could be
regarded as some compromise).

If one of them is OK, I can provide a patch.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-16 Thread Michael Biebl 
Am 16.05.19 um 16:37 schrieb Vincent Lefevre:
> On 2019-05-16 16:25:01 +0200, Michael Biebl wrote:
>> What happens, if you only list your local 127.0.0.1 in /etc/resolv.conf?
> 
> See my other mail, i.e. no problems. FYI, I use 192.168.1.1 just
> as a fallback.
> 
>> Well, the assumption that /usr/lib/avahi/avahi-daemon-check-dns.sh makes
>> is, that if a local resolver is configured in /etc/resolv.conf, then it
>> is safe to assume that host lookup can be done, even if there is not
>> default route (== network access).
> 
> This assumption is not correct. One can use a local resolver for
> plenty of reasons.

Sure. The problem is, that you list a fallback server which is not
reachable.

> If you assume that this is safe because the local resolver will
> not hang with a timeout (which is the case with unbound), then
> you should make sure that *only* the local resolver will be used.
> 

Well, if you list a non-reachable server in resolv.conf as fallback,
then the behaviour you see is expected.

I'm happy to review a tested patch, which considers your specific use case.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-16 Thread Vincent Lefevre 
On 2019-05-16 16:25:01 +0200, Michael Biebl wrote:
> What happens, if you only list your local 127.0.0.1 in /etc/resolv.conf?

See my other mail, i.e. no problems. FYI, I use 192.168.1.1 just
as a fallback.

> Well, the assumption that /usr/lib/avahi/avahi-daemon-check-dns.sh makes
> is, that if a local resolver is configured in /etc/resolv.conf, then it
> is safe to assume that host lookup can be done, even if there is not
> default route (== network access).

This assumption is not correct. One can use a local resolver for
plenty of reasons.

If you assume that this is safe because the local resolver will
not hang with a timeout (which is the case with unbound), then
you should make sure that *only* the local resolver will be used.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-16 Thread Michael Biebl 
Am 16.05.19 um 16:09 schrieb Vincent Lefevre:
> On 2019-05-16 15:59:09 +0200, Vincent Lefevre wrote:
>> On 2019-05-16 14:41:44 +0200, Michael Biebl wrote:
>>> Am 16.05.19 um 14:22 schrieb Vincent Lefevre:
 On 2019-05-16 14:15:37 +0200, Michael Biebl wrote:
> Looks like you have a local resolver configured in /etc/resolv.conf
> (which should be reachable via lo, even if eth0 is down).

 Yes, /etc/resolv.conf contains

 nameserver 127.0.0.1
 nameserver 192.168.1.1

 as I use "unbound".
>>>
>>> So host talks to unbound, which apparently takes those 12s to answer.
>>> Not sure what can be done about this in avahi-daemon. Ideas?
>>
>> Should this be regarded as a bug in unbound, then?
> 
> Actually, no, unbound is not the problem:
> 
> Whether I have
> 
> nameserver 127.0.0.1
> nameserver 192.168.1.1
> 
> or just
> 
> nameserver 192.168.1.1
> 
> in /etc/resolv.conf, "time host -t soa local." shows a 10-second
> timeout.

If you don't have network access, then this is expected, I'd say.

What happens, if you only list your local 127.0.0.1 in /etc/resolv.conf?

> Or would the old /etc/resolv.conf (with 127.0.0.1) be cached somewhere
> on the system?
> 

Well, the assumption that /usr/lib/avahi/avahi-daemon-check-dns.sh makes
is, that if a local resolver is configured in /etc/resolv.conf, then it
is safe to assume that host lookup can be done, even if there is not
default route (== network access).




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#929010: [Pkg-utopia-maintainers] Bug#929010: Bug#929010: avahi-daemon: /etc/network/if-post-down.d/avahi-daemon is slow on eth0

2019-05-16 Thread Michael Biebl 
Am 16.05.19 um 15:59 schrieb Vincent Lefevre:
> On 2019-05-16 14:41:44 +0200, Michael Biebl wrote:
>> Am 16.05.19 um 14:22 schrieb Vincent Lefevre:
>>> On 2019-05-16 14:15:37 +0200, Michael Biebl wrote:
 Looks like you have a local resolver configured in /etc/resolv.conf
 (which should be reachable via lo, even if eth0 is down).
>>>
>>> Yes, /etc/resolv.conf contains
>>>
>>> nameserver 127.0.0.1
>>> nameserver 192.168.1.1
>>>
>>> as I use "unbound".
>>
>> So host talks to unbound, which apparently takes those 12s to answer.
>> Not sure what can be done about this in avahi-daemon. Ideas?
> 
> Should this be regarded as a bug in unbound, then?
> 

No idea. I don't use nor know anything about unbound and if what you are
seeing is expected behaviour or not.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature