[Pkg-dns-devel] Bug#856964: Option search in dnssec-trigger.conf is ignored
Gerben Meijer
gerben at daybyday.nl
Fri Sep 15 14:05:31 UTC 2017
Unfortunately it seems that setting set_search_domains=yes in
dnssec.conf is not enough.
The code in dnssec-trigger-script does not look at the contents of
"search:" in /etc/dnssec-trigger/dnssec-trigger.conf even with that set.
Instead, it seems to query NetworkManager for search domains but even
that fails on current Debian releases, since the configured search
domains there do not even show up in the debug log:
Sep 15 14:47:19 believe dnssec-triggerd[29297]: Search domains:
The reason for that is that the script looks at networkmanagers
connection calls:
self.zones += connection.get_ip4_config().get_domains()
But instead, or additionally, it should call get_searches(); as far as I
understand it, zones is what is passed through in a DHCP request as the
local domain for a DHCP client but additional DNS search domains
configured for a NM connection only show up in get_searches().
So this is broken in multiple ways, and I imagine it's not just on Debian.
--
Met vriendelijke groet,
Gerben Meijer
Day by Day
More information about the pkg-dns-devel
mailing list