Ubuntu
bind9 package

Please enhance bind9 to use forwarder addresses from resolvconf

Bug #1091602 reported by Thomas Hood
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bind9 (Debian)
Fix Released
Unknown
bind9 (Ubuntu)
Confirmed
Wishlist
Unassigned

Bug Description

It is requested that the bind9 package be enhanced such that named uses forwarder addresses obtained from resolvconf's database.

Such a feature would normally be implemented by means of a resolvconf update hook script, in this case /etc/resolvconf/update.d/bind9. (It must *not* be called /etc/resolvconf/update.d/bind since that was the name of a script written for BIND 8 and included in earlier versions of resolvconf.) Resolvconf update hook scripts get run every time the database changes.

There are various ways to implement this proposal.

1. Write out a forwarders{} statement

The script writes out a forwarders{} statement in the format of named.conf(5) to /var/run/named/named.conf.forwarders and then does "/etc/init.d/bind9 reload" to cause named to re-read its configuration files.

To activate this, the admin has to edit /etc/bind/named.conf.options such that it includes /var/run/named/named.conf.forwarders at the right place.

The script /etc/resolvconf/update.d/bind that was included in resolvconf versions 1.52 and earlier illustrates how such a hook script should be written. The latter script was written for BIND 8 and worked well, but due to limitations in BIND 8 it had to generate a whole options{} statement instead of just the forwarders{} part.

2. Write a list of forwarder addresses and enhance named to read this

The script writes out a simple list of IP addresses to /var/run/named/forwarders and then does "/etc/init.d/bind9 reload" to cause named to re-read its configuration files. When run with a new command-line option, "--forwarders-list=/var/run/named/forwarders", named uses the list in /var/run/named/forwarders as its list of forwarder addresses instead of whatever was specified in options{}.

This approach requires that the command-line option in question be added to named but it has a number of advantages over the first approach. (1) It allows the script to be much simpler. (2) It allows the use of the resolvconf-based forwarders list to be enabled and disabled via a variable in, e.g., /etc/default/bind9. (3) Some machines are still using an old script written for bind8 which works as in #1 except that it writes out a whole options{} statement instead of just a forwarders{} statement; the present approach upgrades such machines cleanly.

3. Enhance rndc to send, and named to receive, forwarder addresses

This has the advantages of approach #2 and also eliminates the need to write out a file. The disadvantage is that it would be a significant amount of extra work to extend the syntax of rndc.

--- BACKGROUND INFORMATION ---

As of Ubuntu 12.04, nameserver information is handled by resolvconf in both the Server and Desktop editions of Ubuntu. Resolvconf maintains a database of nameserver information, filed by interface name and configuration agent. This is the information that is needed if named is to be used in whole or in part as a forwarding nameserver.

BIND 9.7.x manual section 1.4.5.1: "__Forwarding__. Even a caching name server does not necessarily perform the complete recursive lookup itself. Instead, it can forward some or all of the queries that it cannot satisfy from its cache to another caching name server, commonly referred to as a forwarder. There may be one or more forwarders, and they are queried in turn until the list is exhausted or an answer is found. Forwarders are typically used when you do not wish all the servers at a given site to interact directly with the rest of the Internet servers. A typical scenario would involve a number of internal DNS servers and an Internet firewall. Servers unable to pass packets through the firewall would forward to the server that can do it, and that server would query the Internet DNS servers on the internal server’s behalf."

See original description
Bug Watch Updater (bug-watch-updater)
Changed in bind:
status: Unknown → New
Yolanda Robla (yolanda.robla)
Changed in bind9 (Ubuntu):
status: New → Opinion
importance: Undecided → Wishlist
status: Opinion → Confirmed
Thomas Hood (jdthood)
no longer affects: bind
Thomas Hood (jdthood)
description: updated
Thomas Hood (jdthood)
description: updated
summary: - Please add resolvconf hook script to generate dynamic forwarders list
+ Please enhance bind9 to use forwarder addresses from resolvconf
Bug Watch Updater (bug-watch-updater)
Changed in bind9 (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in resolvconf (Debian):
status: Unknown → Fix Released
Revision history for this message
Thomas Hood (jdthood) wrote :

To anyone else who wants this feature: You are cordially invited to add your voice here. :-) Please explain how you intend to use the feature.

Revision history for this message
Ingo Strüwing (ingo-struewing) wrote :

In fact I would like to *continue* to use this feature. It seems have broken with the release upgrade to 13.04. I used to have a file [/var]/run/bind/named.options, created by resolvconf. I think it was done by /etc/resolvconf/update.d/bind.

It seems like this file had been removed from resolvconf in 1.53. The changelog fro this version contains:

  * Remove /etc/resolvconf/update.d/bind (Closes: #608933, #268073).
    Instead of this, the bind9 package should include a hook script
    /etc/resolvconf/update.d/bind9 as has been requested in #483098.

I really don't care, if this file is moved from resolvconf to bind9 or not, but some package shall provide it. Fortunately I have a backup. I copied the file and the service started to work again.

However, I really hate that this will break with every release upgrade. Sp lease get this included with some package again.

Here is my use case:

I have a local network with some machines, which I want to be able to connect to by name. Hence, I need a name relolution for local names. My solution is to set up a name server on my router, which is authoritative for local names and forwards everything else to my providers name servers. Using resolvconf and bind9, this works fine as long as I configure the provider's name servers in /etc/var/named.conf.options. But what, if the provider changes his nameservers? My service would start to fail and my service is interrupted until I figure out, that the reason is the changed IP addresses of the providers name servers. Resolvconf does have the current IP addresses of the providers name servers. So I want it to generate the forwarders clause for bind9.

Revision history for this message
Thomas Hood (jdthood) wrote :

The feature was dropped from the resolvconf package in Ubuntu 13.04. The bind9 maintainers have been invited to add a similar feature to support BIND 9. Your contribution may help to convince them to take action.

Until this feature actually appears in bind9 you will have to implement it locally if you want it. Make sure you rename the file to something like `/etc/resolvconf/update.d/mybind` so that it will not be removed by the resolvconf package on a subsequent upgrade.

no longer affects: resolvconf (Debian)
Revision history for this message
scott mowerson (smowerson) wrote :

Hi,

I would like to add my
voice to have /etc/resolvconf/update.d/bind9 to enhance BIND 9 in the
same way the old script enhanced BIND 8.

Bug Watch Updater (bug-watch-updater)
Changed in bind9 (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.