tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Adding openresolv to base

On Wed, Mar 25, 2009 at 11:25:14AM +0000, Roy Marples wrote:
> Michael van Elst wrote:
>> Then I maybe should repeat what was stripped:
>> For a qualified decision on how to handle multiple, possibly
>> conflicting, configurations, you can (and have to) supply some
>> intelligence in form of a shell script. And since this
>> mechanism isn't limited to resolv.conf entries, it can be
>> used to handle other configuration options.
> Do you know of any link auto-configuration mechanisms other than DHCP  
> that provide information beyond what goes into resolv.conf?

Most other protocols provide network information, like routes
or mobile-ip addresses or information about protocols other than IPv4.

Most such mechanisms allow additional scripting to configure
things beyond the protocol, e.g. web proxies, smtp gateways,
NTP servers...  Don't forget that your packet filters may require
reconfiguration too. All this is part of the auto-configuration.

N.B. currently I generate such configuration files from m4 templates,
e.g (from my current (*) 'pppd' link auto-configuraton mechanism):

/sbin/route add default $5
echo "define(UPLINKIP,\`"$4"')dnl" >/etc/ipuplink.m4
ns1=`pppoectl -n 1 "$1"`
ns2=`pppoectl -n 2 "$1"`
if test -r /etc/resolv.m4; then
        m4 -DNS1="$ns1" -DNS2="$ns2" /etc/resolv.m4 >/etc/resolv.conf
touch /etc/*.m4
/etc/rc.d/ipfilter reload
/etc/rc.d/ipnat reload
/etc/rc.d/ipsec reload
/etc/rc.d/altqd reload
( sleep 30; /etc/rc.d/vtund onerestart; /etc/rc.d/ntpd restart; /etc/rc.d/named 
restart ) &
/sbin/ifconfig gif0 up
/sbin/ifconfig gif1 up
/usr/sbin/ipfstat -aoi | /usr/bin/logger -t "IP-UP ACCOUNTING"

(*) I'm cheating, the machine currently has only fixed IPSEC configuration.

Lets say, I'd have another mechanism (like a VPN over a separate link)
that wants to change the configuration. I can surely use openresolv
to manage /etc/resolv.conf, but this would only be a small part
of the configuration and I would still need some intelligence
(aka scripting) to decide which entries should be used. Maybe
I want the nameservers on the other side of the VPN if it is used
exclusively but don't want to lose the internet nameservers when
the main link is up? What about a road-warrior configuration
where I rely on my 'home nameserver' to resolv everything, including
the VPN names but require the 'VPN nameservers' when I'm somewhere

There are surely cases where just modifying resolv.conf is fine,
but in my experience it always needs something more smart to
be useful and editing /etc/resolv.conf is only a small fraction
of the automatisation.

                                Michael van Elst
                                "A potential Snark may lurk in every tree."

Home | Main Index | Thread Index | Old Index