--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: pdnsd: make proxy_only default
- From: David Schweikert <dws@ee.ethz.ch>
- Date: Sun, 06 Feb 2005 21:08:56 +0100
- Message-id: <20050206200856.AED9296BFC@neptun.localhost>
Package: pdnsd
Version: 1.1.11par-1
Severity: wishlist
I propose to change the server section in the default config as follows:
server {
label="resolvconf";
proxy_only=on;
lean_query=on;
}
This makes pdnsd useable for me (I had timeouts of 5 seconds otherwise).
See this mail exchange with the upstream author for why this is a good idea (at
least for me, but I guess it would be also good for most people).
----------------------------------------------------------------------------
David Schweikert wrote:
>Thanks a lot for your work on pdnsd. I am reponsible for the preparation
>of an image with linux (debian) that is installed on laptops for
>students here at the ETH Zurich (a university). About 2000 laptops have
>that image installed... Until now I did put pdnsd on the image because
>it is really ideal for laptops. However, I had now to remove it because
>of a problem. What happens is this:
>
>- I do a 'ssh blabla.ethz.ch' and the resolver library first tries to
> find an AAAA record for blabla.ethz.ch.
>
>- pdnsd forwards the query to the provider's DNS, which doesn't find any
> entry and replies with an empty answer containing only the SOA record.
>
>- since there is no NS record, pdnsd decides to use the given master
> server of the SOA record.
>
>- pdnsd tries to contact the master server, which is however behind a
> firewall that just drops packets. after 5 seconds it gives up and
> gives back that 'AAAA blabla.ethz.ch' was not found
>
>- the resolver library tries again with the A record and succeeds
>
>-> result: 5 seconds delay every time you ssh to a host (it is also
> enough to do a 'getent hosts blabla')
>
>Such problems are really annoying for users and I am happy to have found
>what the problem was :-)
>
>Note that having the master server behind a firewall is not a totally
>unreasonable thing to do... the network administrators here want to
>protect it from behing flooded with queries. The SOA record just says
>from where the data comes from, but doesn't say that you can actually
>directly use that server.
>
>Would it be possible to make that behaviour of using the SOA master
>server optional? A run-time option would be great, so that I could use
>the official debian package.
I believe there is already a configuration option that does what you
want: proxy_only.
Please try adding the line proxy_only=on; to the server sections of your
pdnsd configuration file and let me know if this works for you. If you
still have problems please let me know exactly which version of pdnsd
you are using because in some of the older versions this option was
incorrectly implemented.
Paul Rombouts
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-isgee-neptun-1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages pdnsd depends on:
ii adduser 3.59 Add and remove users and groups
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
-- no debconf information
--- End Message ---