Hi Paride.
The fundamental problem I see with your last statement is how do you
know what "the right one(s)" are? That will depend on BIND
configuration, such as whether named is launched with a '-4' or '-6'
option, and possibly even the value of configuration options such as
'listen-on' and 'listen-on-v6'?
Perhaps if we start with the 'need' that BIND has, and then work
backwards, we will converge on a solution?
Here is my thinking:
1. The "Unable to fetch DNSKEY set '.': failure" error results from BIND trying
to query the root DNS servers when it starts up, but not having the requisite
level of network connectivity to do so.
2. In order to access the root DNS servers, the host needs access to the
Internet...
3. The best indicator that Internet connectivity is available is the presence
of a default route.
4. The default route requirement could be met by IPv4 or IPv6, so this could be
satisfied by either of the following:
* The IPv4 'main' routing table contains an entry for "0.0.0.0/0"
* The IPv6 'main' routing table contains an entry for "::/0"
5. Therefore I believe we need a command that can be added as an 'ExecStartPre'
option in named.service, that will wait until either of the above conditions
(described in 5 above) are met.
6. Some potential solutions could be:
a) Invocation of "systemd-networkd-wait-online" with a combination of
existing parameters that the program will interpret to mean "wait until either
of the requirements described in 5 above are met".
b) Invocation of "systemd-networkd-wait-online" with a new parameter that
the program will interpret to mean "wait until either of the requirements
described in 5 above are met".
c) Use of a different (new?) tool whose specific purpose is to "wait until
either of the requirements described in 5 above are met".
7. Whichever solution is chosen, the tool should be generic enough that it can
be used for other services, and should provide the ability to select only IPv4
or only IPv6, or both. This should be controlled via a command-line parameter,
which for consistency with other Linux programs should be:
* "-4" = use only IPv4, even if the host machine is capable of IPv6.
* "-6" = use only IPv6, even if the host machine is capable of IPv4.
* Specifying neither option should mean both IPv4 and IPv6.
* NB: "-4" and "-6" are mutually exclusive.
My suggestion in my earlier comment #4 is an example of solution (a),
but it doesn't satisfy 7 above. So I concede there are other (better)
options that probably need to be considered?
Keen to hear your thoughts?
Thanks,
Nick.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1965521
Title:
named.service starts too early: Unable to fetch DNSKEY set '.':
failure
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1965521/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
