Egregoros

Signal feed

API Docs
Timeline

Post

Remote status

Context

5
Dan Langille

Dan Langille

@dvl@bsd.network remote
Open link

@dch @feld I'm using git-lite in my nsnotify instance.

There are no dependencies with nsnotifyd.

I'm using a custom script which updates a subversion repo: /usr/local/sbin/dns-notify

Looking here, we could add a nsnotifyd@git flavor to install git... (or git-lite?) and bind-tools

Perhaps nsnotifyd@git and nsnotifyd@git-lite

[20:24 nsnotify dvl /usr/local/bin] % grep svn nsnotify*

[20:24 nsnotify dvl /usr/local/bin] % grep git nsnotify*
nsnotify2git: git commit -q -m "$zone IN SOA $serial" $zone
nsnotify2git:logger -p daemon.notice -t nsnotify2git -s

[20:24 nsnotify dvl /usr/local/bin] % grep dig nsnotify*
nsnotify2git: dig +noall +answer +onesoa +multiline $master $zone axfr >$zone

feld

feld

@feld@friedcheese.us remote
Open link
@dvl @dch I used to have a custom script for committing to a Fossil repo

anyway, I've found a bug in nsnotifyd. Very annoying. Running in debug mode I see this happen when a NOTIFY comes through:

nsnotifyd 37606 - - feld.me IN SOA ? Host name lookup failure



Host name lookup failure? What the heck????

running under truss so I can see what it's doing:


2765: socket(PF_INET,SOCK_DGRAM|SOCK_CLOEXEC,0) = 5 (0x5)
2765: connect(5,{ AF_INET 127.0.0.1:53 },16) = 0 (0x0)
2765: sendto(5,"|\M-]\0\0\0\^A\0\0\0\0\0\^A\^Eet"...,38,0,NULL,0) = 38 (0x26)
2765: poll({ 5/POLLRDNORM },1,3000) = 1 (0x1)
2765: recvfrom(5,0x8210e31f0,512,0,0x8210e2720,0x8210e271c) ERR#61 'Connection refused'
2765: close(5) = 0 (0x0)


Why is it trying to connect to 127.0.0.1:53 ? There's nothing running there. (but the NOTIFY does come from 127.0.0.1 because I'm listening with nsnotifyd on 127.0.0.1)

my powerdns is not listening on 127.0.0.1 intentionally as there was a local_unbound on there

even if I pass -s to specify the server that should be used for SOA refresh checks, doesn't change behavior...

I must be the only person that has ever tried to use it in this specific type of configuration.
Replying to @feld@friedcheese.us

Replies

3
Replying to @dch@bsd.network
Replying to @dvl@bsd.network
feld

feld

@feld@friedcheese.us remote
Open link
@dvl @dch a missed NOTIFY could be bad depending on your use case for this, but if you also give it a list of domains instead of using wildcard mode it will automatically check to see if the serial in the SOA changed as a secondary mechanism
Replying to @feld@friedcheese.us
Dan Langille

Dan Langille

@dvl@bsd.network remote
Open link

@feld @dch

My config is below.

Looking at the repo, for langille.org, the first nsnotify commit was:

Modified Sat Aug 26 17:44:54 2017 UTC (8 years, 5 months ago) by dns-notify

It's something which just runs and runs. It's in the category of software I love: I forget I'm running it because I am rarely reminded that I am.

[17:23 nsnotify dvl ~] % grep nsnotify /etc/rc.conf
nsnotifyd_enable="YES"
nsnotifyd_flags="-l local6 -u nsnotifyd -P /var/run/nsnotifyd.pid -4 -a 10.55.0.20 -p 5353 -s 10.55.0.53 /usr/local/sbin/dns-notify example.net example.org example.com"

Where:

% host nsnotify
nsnotify.int.unixathome.org has address 10.55.0.20

% host 10.55.0.53
53.0.55.10.in-addr.arpa domain name pointer dns-hidden-master.int.unixathome.org.

[17:29 nsnotify dvl ~] % cat /usr/local/sbin/dns-notify
#!/bin/sh

MYNAME="dns-notify"

ZONE=$1
SERIAL=$2
MASTER=$3

SVN_SSH="/usr/bin/ssh -qi /usr/home/nsnotifyd/.ssh/id_ed25519"
export SVN_SSH

DIG="/usr/local/bin/dig"
LOGGER="/usr/bin/logger"
SVN="/usr/local/bin/svn"
ZONE_FILE_DIR="/usr/home/nsnotifyd/dns-zone-files"

${LOGGER} -t ${MYNAME} -p local6.info has been invoked with zone=\'$ZONE\', serial=\'$SERIAL\', and master=\'$MASTER\'.

cd ${ZONE_FILE_DIR}

${DIG} +noall +answer +onesoa +rrcomments @${MASTER} ${ZONE} axfr > ${ZONE}.db
${SVN} ci -m "serial ${SERIAL}" ${ZONE}.db

${LOGGER} -t ${MYNAME} -p local6.info $ZONE with serial ${SERIAL} has been saved.