** Description changed:
It is requested that the bind9 package be enhanced such that named uses
forwarder addresses obtained from resolvconf's database.
Such a feature would normally be implemented by means of a resolvconf
update hook script, in this case /etc/resolvconf/update.d/bind9. (It
must *not* be called /etc/resolvconf/update.d/bind since that was the
name of a script written for BIND 8 and included in earlier versions of
resolvconf.) Resolvconf update hook scripts get run every time the
database changes.
There are various ways to implement this proposal.
1. Write out a forwarders{} statement
The script writes out a forwarders{} statement in the format of
named.conf(5) to /var/run/named/named.conf.forwarders and then does
"/etc/init.d/bind9 reload" to cause named to re-read its configuration
files.
To activate this, the admin has to edit /etc/bind/named.conf.options
such that it includes /var/run/named/named.conf.forwarders at the right
place.
The script /etc/resolvconf/update.d/bind that was included in resolvconf
versions 1.52 and earlier illustrates how such a hook script should be
written. The latter script was written for BIND 8 and worked well, but
due to limitations in BIND 8 it had to generate a whole options{}
statement instead of just the forwarders{} part.
2. Write a list of forwarder addresses and enhance named to read this
The script writes out a simple list of IP addresses to
- /var/run/named/forwarders and then triggers named to re-read its
- forwarders list from this file. When run with a new option,
- "--forwarders-list=/var/run/named/forwarders", named uses the list in
- /var/run/named/forwarders as its list of forwarder addresses instead of
- whatever list was specified in the configuration file.
+ /var/run/named/forwarders and then does "/etc/init.d/bind9 reload" to
+ cause named to re-read its configuration files. When run with a new
+ command-line option, "--forwarders-list=/var/run/named/forwarders",
+ named uses the list in /var/run/named/forwarders as its list of
+ forwarder addresses instead of whatever was specified in options{}.
- This approach requires that the option in question be added to named but
- it has a number of advantages over the first approach. (1) It allows the
- script to be much simpler. (2) It avoids run-time generation of
- configuration files. (3) It avoids triggering the re-reading of
- configuration files. (4) It allows the use of the resolvconf-based
- forwarders list to be enabled and disabled via a variable in
- /etc/default/bind9. (5) Some machines are still using an old script
- written for bind8 which works as in #1 except that it writes out a whole
- options{} statement instead of just a forwarders{} statement; the
- present approach upgrades such machines cleanly.
+ This approach requires that the command-line option in question be added
+ to named but it has a number of advantages over the first approach. (1)
+ It allows the script to be much simpler. (2) It allows the use of the
+ resolvconf-based forwarders list to be enabled and disabled via a
+ variable in, e.g., /etc/default/bind9. (3) Some machines are still using
+ an old script written for bind8 which works as in #1 except that it
+ writes out a whole options{} statement instead of just a forwarders{}
+ statement; the present approach upgrades such machines cleanly.
+
+ 3. Enhance rndc to send, and named to receive, forwarder addresses
+
+ This has the advantages of approach #2 and also eliminates the need to
+ write out a file. The disadvantage is that it would be a significant
+ amount of extra work to extend the syntax of rndc.
--- BACKGROUND INFORMATION ---
As of Ubuntu 12.04, nameserver information is handled by resolvconf in
both the Server and Desktop editions of Ubuntu. Resolvconf maintains a
database of nameserver information, filed by interface name and
configuration agent. This is the information that is needed if named is
to be used in whole or in part as a forwarding nameserver.
BIND 9.7.x manual section 1.4.5.1: "__Forwarding__. Even a caching name
server does not necessarily perform the complete recursive lookup
itself. Instead, it can forward some or all of the queries that it
cannot satisfy from its cache to another caching name server, commonly
referred to as a forwarder. There may be one or more forwarders, and
they are queried in turn until the list is exhausted or an answer is
found. Forwarders are typically used when you do not wish all the
servers at a given site to interact directly with the rest of the
Internet servers. A typical scenario would involve a number of internal
DNS servers and an Internet firewall. Servers unable to pass packets
through the firewall would forward to the server that can do it, and
that server would query the Internet DNS servers on the internal
server’s behalf."
** Summary changed:
- Please add resolvconf hook script to generate dynamic forwarders list
+ Please enhance bind9 to use forwarder addresses from resolvconf
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in Ubuntu.
https://bugs.launchpad.net/bugs/1091602
Title:
Please enhance bind9 to use forwarder addresses from resolvconf
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1091602/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
