IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
serve stale feature to keep the DNS resource records beyond TTL to return them as stale records in case of upstream server is not reachable or returns negative response.
SD_RESOLVED_NO_STALE flag has been added to disable serving stale records via dbus.
added serve stale test cases to TEST-75-RESOLVED
Fixes: #21815
Without enabling itx, there's no symlink to the org.freedesktop.resolve1
dbus service, so there exists a tiny window in which the sequence of
`systemctl start` and `systemctl service-log-level` commands might fail:
[ 1127.615151] H systemd[1]: Started Network Name Resolution.
[ 1127.617768] H testsuite-75.sh[34]: + systemctl service-log-level systemd-resolved.service debug
[ 1127.621251] H dbus-daemon[54]: [system] Activating via systemd: service name='org.freedesktop.resolve1' unit='dbus-org.freedesktop.resolve1.service' requested by ':1.24' (uid=0 pid=119 comm="systemctl service-log-level systemd-resolved>
[ 1127.621336] H systemd[1]: dbus-org.freedesktop.resolve1.service: Failed to load configuration: No such file or directory
[ 1127.621364] H systemd[1]: dbus-org.freedesktop.resolve1.service: Trying to enqueue job dbus-org.freedesktop.resolve1.service/start/replace
[ 1127.621395] H systemd[1]: D-Bus activation failed for dbus-org.freedesktop.resolve1.service: Unit dbus-org.freedesktop.resolve1.service not found.
[ 1127.621965] H dbus-daemon[54]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.resolve1.service': Unit dbus-org.freedesktop.resolve1.service not found.
[ 1127.622046] H systemd[1]: systemd-resolved.service: D-Bus name org.freedesktop.resolve1 now owned by :1.25
[ 1127.622130] H systemctl[119]: Failed to set log level of org.freedesktop.resolve1 to debug: Unit dbus-org.freedesktop.resolve1.service not found.
Spotted in a couple of recent Ubuntu CI runs.
This reverts commit 5dd34c2604.
`resolvectl monitor` sends notify event, and systemd-run wait for the
service being in active state. Hence, the loop is not necessary.
Let's remove some sleep loops, and instead:
1. Use Type=notify to wait until "resolvectl monitor" successfully
installed its monitor, so that we know that queries enqueued later
will definitely be seen.
2. Use "grep -m1" to watch "journalctl -f" output to wait precisely for
the RR data we want to see, and immediately exit.
This shortens code quite a bit, and should make it more robust.
Let's parse the resolved JSON notifications via `jq` and check them in a
bit more "controlled" manner - e.g. until now the `grep` was checking just
a one gigantic JSON string, as all received notifications via the
varlink socket are terminated by a NUL character, not a newline.
Also, as the notification delivery is asynchronous, retry the check
a couple of times if it fails (spotted in C8S jobs):
```
[ 2891.935879] testsuite-75.sh[36]: + : '--- nss-resolve/nss-myhostname tests'
[ 2891.935988] testsuite-75.sh[36]: + run getent -s resolve hosts ns1.unsigned.test
[ 2891.936542] testsuite-75.sh[177]: + getent -s resolve hosts ns1.unsigned.test
[ 2891.937499] testsuite-75.sh[178]: + tee /tmp/tmp.pqjNvbQ2eS
[ 2891.939977] testsuite-75.sh[178]: 10.0.0.1 ns1.unsigned.test
[ 2891.940258] testsuite-75.sh[36]: + grep -qE '^10\.0\.0\.1\s+ns1\.unsigned\.test' /tmp/tmp.pqjNvbQ2eS
[ 2891.942235] testsuite-75.sh[189]: + grep -qF '[10,0,0,1]'
[ 2891.942577] testsuite-75.sh[188]: + grep -aF ns1.unsigned.test /tmp/notifications.txt
[ 2891.943978] systemd[1]: testsuite-75.service: Child 36 belongs to testsuite-75.service.
[ 2891.944112] systemd[1]: testsuite-75.service: Main process exited, code=exited, status=1/FAILURE
[ 2891.944215] systemd[1]: testsuite-75.service: Failed with result 'exit-code'.
```
* The new varlink interface exposes a method to subscribe to DNS
resolutions on the system. The socket permissions are open for owner and
group only.
* Notifications are sent to subscriber(s), if any, after successful
resolution of A and AAAA records.
This feature could be used by applications for auditing/logging services
downstream of the resolver. It could also be used to asynchronously
update the firewall. For example, a system that has a tightly configured
firewall could open up connections selectively to known good hosts based
on a known allow-list of hostnames. Of course, updating the firewall
asynchronously will require other design considerations (such as
queueing packets in the user space while a verdict is made).
See also:
https://lists.freedesktop.org/archives/systemd-devel/2022-August/048202.htmlhttps://lists.freedesktop.org/archives/systemd-devel/2022-February/047441.html
delv on Ubuntu defaults to /etc/bind/bind.keys instead of /etc/bind.keys
when reading trust anchors, so let's create a symlink to make the test
work there as well.
Resolves: #24453
