The dnssec-trigger daemon sets the immutability attribute on a file
/etc/resolv.conf which it writes out.
Evidently, dnssec-trigger is not resolvconf-compatible. The immediate,
straightforward solution is for the dnssec-trigger package to Conflict
with the resolvconf package. At least this should be done for jessie.
The next thing to do is to look at the possibility of making
dnssec-trigger resolvconf-compatible. To be resolvconf-compatible,
dnssec-trigger should not write to /etc/resolv.conf directly. Instead
dnssec-trigger, or more probably unbound itself, should do something
like the following after the local unbound process is started.
echo nameserver 127.0.0.1 | resolvconf -a lo.unbound
And the following before the process is stopped.
resolvconf -d lo.unbound
When 127.* is one of the nameserver addresses resolvconf by default
doesn't list any further addresses. So once the above has been done it
may not be necessary to change the resolvconf package. However, if
necessary it would also be possible to change the resolvconf package
so that, for example, it gives the lo.unbound record special
treatment.
--
Thomas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org