Mel Flynn wrote: > Hi Doug, > > On Tuesday 31 March 2009 08:17:35 Doug Barton wrote: > >>> In addition to enabling auto_forward you can also enable >>> auto_forward_only which changes from the default 'forward first' to >>> (you guessed it) 'forward only'. > >> And of course, the patch: >> http://dougbarton.us/Downloads/rcd-named.diff > > Snippet: > + if [ -z "$firstns" ]; then > + if [ ! "$nsip" = '127.0.0.1' ]; then > + echo 'nameserver 127.0.0.1' > + echo " ${nsip};" >> /var/run/auto_forward.conf > + fi > > I think the hardcoded 127.0.0.1 should be configurable especially considering > prepend-domain-nameservers option for dhclient.conf(5). I'm not sure you understand the goal. The idea here is to use the local resolver first, as a forwarder. If that usage would conflict with something that you prepend in dhclient.conf, don't enable both options. > Now you risk using > yourself as forwarder if you expose the resolver to the internal network Sorry, I'm not parsing this. The 127.0.0.1 address is not added to the forwarders list, if that's what you're concerned about. Come to think of it, the lines you pasted handle that address only if it's first. I just updated the patch to handle 127.0.0.1 coming later in the file, thanks! > (whether it be through dhclient or statically). > Also, maybe the combo of autoforward and dhclient should be guarded against, > since there's no telling which comes up first Ummmm.... that's completely false. rcorder determines that the network will be up first, so not only is there no harm in using both, it's how I've done all my testing. There is really no point in using this option if you are on a static network, you could just configure forwarders in named.conf yourself. > and both dhclient and > /etc/rc.d/named might be writing /etc/resolv.conf at the same time / after > eachother. Completely impossible, but I'm glad to see you're thinking about it at least. > Lastly, 127.0.0.1 and ::1 aren't equal, yet they are the same thing ;) I have no idea what you're trying to say here. However, we currently don't support (TMK anyway) IPv6-only configurations, although I'd like to see us do so sometime soon ... Doug -- This .signature sanitized for your protectionReceived on Tue Mar 31 2009 - 18:39:35 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:45 UTC