local_unbound, resolvconf, vpn

Dag-Erling Smørgrav des at des.no
Mon Nov 20 14:43:20 UTC 2017 

Andriy Gapon <avg at FreeBSD.org> writes:
> Dag-Erling Smørgrav <des at des.no> writes:
> > Andriy Gapon <avg at FreeBSD.org> writes:
> > > What and when is going to overwrite my modifications?
> > service local_unbound setup
> So, this is not going to happen automatically (after the initial setup) ?
> I have to manually run that command?

Currently, yes, but we will sometimes recommend that users run it after
an upgrade or patch, and I may at some point change the rc script to run
setup every time you start or restart the service.

> > > I think that a nicer solution is to just set name_servers=127.0.0.1:
> > No, if we let resolvconf overwrite resolv.conf then we lose "options
> > edns0".
> There seems to be a small misunderstanding. The point I was trying to
> make is that resolvconf would NOT overwrite resolv.conf if it's
> configured the way I suggested.

It will.

> > What it boils down to is that resolvconf is a piece of shit and the
> > only way to get it to do what we want would be to write a special
> > backend for the local_unbound case (see /libexec/resolvconf).
> Well, I do not see why...  We already configure resolvconf to not
> touch resolv.conf.  And resolvconf already has a backend for unbound,
> it is able to manage the local_unbound configuration quite reasonably
> (from my experience).

Yes, we use that to maintain forward.conf.

But please believe me when I say that I have spent a *lot* of time with
resolvconf and its various backends and I am neither joking nor
exaggerating when I call it a piece of shit.

> Alexander Zagrebin already explained what's going on here.
> local_unbound setup produces this configuration:
>     chroot: /var/unbound
>     directory: /var/unbound
>
> And with it unbound apparently tries to chdir to "" after chrooting to
> /var/unbound.  That is, it removes $chroot from $directory and chdir-s
> to the result.  Changing directory to /var/unbound/ makes the
> complaint go away.

I understand, and it's been fixed upstream:

Index: util/configparser.y
===================================================================
--- util/configparser.y	(revision 3975)
+++ util/configparser.y	(revision 3976)
@@ -585,9 +585,11 @@
 				strncmp(d, cfg_parser->chroot, strlen(
 				cfg_parser->chroot)) == 0)
 				d += strlen(cfg_parser->chroot);
-			if(chdir(d))
+			if(d[0]) {
+			    if(chdir(d))
 				log_err("cannot chdir to directory: %s (%s)",
 					d, strerror(errno));
+			}
 		}
 	}
 	;

but I am unable to reproduce the issue on 11.1.

DES
-- 
Dag-Erling Smørgrav - des at des.no

More information about the freebsd-net mailing list