#792430 openresolv: Fail if a zone is declared on multiple interfaces.

#792430#5
Date:
2015-07-14 18:18:07 UTC
From:
To:
When a zone is declared on multiple interfaces (not necessarely same
content, but the same name), the configuration generated doesn't work,
two entries are provided and this log indicates the failure at bind restart:
config: error: /var/lib/bind/resolvconf-zones.conf:23: zone
'example.org': already exists previous definition:
/var/lib/bind/resolvconf-zones.conf:16

I think it's the same problem for other resolvers.

Maybe use the first declaration, in interfaces order and drop others ?
It's not perfect, but technically, the problem have no solution (if
zones are the same, it works perfectly, else, some zone are not reachable).

This problem also affects the version /3.5.2-1/.

Best regards,

Thibaut Chèze

#792430#10
Date:
2015-09-17 14:23:19 UTC
From:
To:
Hi

I cannot replicate this.
Attached is output from a system with two interfaces each of which has
DNS servers from DHCP, IPv6RA and DHCPv6.

As you can see, the final result is generated perfectly.

uberlaptop2$ resolvconf -l
# resolv.conf from wm0.dhcp
# Generated by dhcpcd from wm0.dhcp
domain marples.name
search marples.name
nameserver 10.73.2.1

# resolv.conf from wm0.dhcp6
# Generated by dhcpcd from wm0.dhcp6
search marples.name
nameserver 2a01:348:31:2::1

# resolv.conf from wm0.ra
# Generated by dhcpcd from wm0.ra
search marples.name
nameserver 2a01:348:31:2::1

# resolv.conf from iwn0.dhcp6
# Generated by dhcpcd from iwn0.dhcp6
search marples.name
nameserver 2a01:348:31:2::1

# resolv.conf from iwn0.ra
# Generated by dhcpcd from iwn0.ra
search marples.name
nameserver 2a01:348:31:2::1

uberlaptop2$ resolvconf -v
DOMAIN='marples.name'
SEARCH='marples.name'
NAMESERVERS='10.73.2.1 2a01:348:31:2::1'
LOCALNAMESERVERS='127.0.0.1'
DOMAINS='marples.name:10.73.2.1,2a01:348:31:2::1'

uberlaptop2$ cat /etc/resolvconf.conf
name_servers=127.0.0.1
unbound_conf=/usr/pkg/etc/unbound/resolvconf.conf

named_options=/tmp/named-resolvconf-options.conf
named_zones=/tmp/named-resolvconf-zones.conf

uberlaptop2$ cat /tmp/named*
# Generated by resolvconf
forward first;
forwarders {
        10.73.2.1;
        2a01:348:31:2::1;
};
# Generated by resolvconf
zone "marples.name" {
        type forward;
        forward first;
        forwarders {
                10.73.2.1;
                2a01:348:31:2::1;
        };
};

uberlaptop2$

Can you post similar output from your system please?
Mail me directly if you don't want it to appear on this public tracker.

Roy

#792430#15
Date:
2015-11-26 17:27:14 UTC
From:
To:
Hi,

The same here.

Thibaut please read below.
 I cannot replicate this.
 Attached is output from a system with two interfaces each of which has
 DNS servers from DHCP, IPv6RA and DHCPv6.

 As you can see, the final result is generated perfectly.

 uberlaptop2$ resolvconf -l
 # resolv.conf from wm0.dhcp
 # Generated by dhcpcd from wm0.dhcp
 domain marples.name
 search marples.name
 nameserver 10.73.2.1

 # resolv.conf from wm0.dhcp6
 # Generated by dhcpcd from wm0.dhcp6
 search marples.name
 nameserver 2a01:348:31:2::1

 # resolv.conf from wm0.ra
 # Generated by dhcpcd from wm0.ra
 search marples.name
 nameserver 2a01:348:31:2::1

 # resolv.conf from iwn0.dhcp6
 # Generated by dhcpcd from iwn0.dhcp6
 search marples.name
 nameserver 2a01:348:31:2::1

 # resolv.conf from iwn0.ra
 # Generated by dhcpcd from iwn0.ra
 search marples.name
 nameserver 2a01:348:31:2::1

 uberlaptop2$ resolvconf -v
 DOMAIN='marples.name'
 SEARCH='marples.name'
 NAMESERVERS='10.73.2.1 2a01:348:31:2::1'
 LOCALNAMESERVERS='127.0.0.1'
 DOMAINS='marples.name:10.73.2.1,2a01:348:31:2::1'

 uberlaptop2$ cat /etc/resolvconf.conf
 name_servers=127.0.0.1
 unbound_conf=/usr/pkg/etc/unbound/resolvconf.conf

named_options=/tmp/named-resolvconf-options.conf
named_zones=/tmp/named-resolvconf-zones.conf

uberlaptop2$ cat /tmp/named*
# Generated by resolvconf
forward first;
forwarders {
        10.73.2.1;
        2a01:348:31:2::1;
};
# Generated by resolvconf
zone "marples.name" {
        type forward;
        forward first;
        forwarders {
                10.73.2.1;
                2a01:348:31:2::1;
        };
};

uberlaptop2$

Can you post similar output from your system please?
Mail me directly if you don't want it to appear on this public tracker.

Roy


Forwared by

#792430#20
Date:
2015-12-02 00:04:02 UTC
From:
To:
Hi,

Sorry about the late response, notification seems to have failed too.

To produce outputs that you requested, I did some tests.

test$ resolvconf -l
# resolv.conf from tun10.openvpn
search test1.example.org example.org test2.example.org
nameserver 192.168.1.1

# resolv.conf from wlan0
# resolv.conf for wlan0
domain test2.example.org
search test2.example.org. example.org. test1.example.org
nameserver 192.168.0.1


test$ resolvconf -v
DOMAIN='test2.example.org'
SEARCH='test test1.example.org example.org test2.example.org
test2.example.org. example.org. test1.example.org.'
NAMESERVERS='192.168.0.1'
LOCALNAMESERVERS=''
DOMAINS='test1.example.org:192.168.1.1 example.org:192.168.1.1
test2.example.org:192.168.1.1 test2.example.org.:192.168.0.1
example.org.:192.168.0.1 test1.example.org.:192.168.0.1'


The bug seems linked with the dot at the end of domain names.
When all entries have the same syntax, it works !

Can you add the trailing dot when it's not present ? It will limit DNS
queries with suffixes in /search/ (without that, a combination of
suffixes is tried for each query).


Otherwise, I do not think this is the best solution to merge resolvers
addresses provided by the various network interfaces for a zone.
Indeed, if the zone is the same on all networks, there is no problem.
But if not, wouldn't it cause strange behaviors, like not predictable
mixed resolutions, induced by timeouts for example ?
In my opinion, we should only have access to one zone at a time, the one
provided by the highest priority interface for example. However, it
would be useful to keep the fusion for resolvers on the same interface,
provided by different sources like DHCP and DHCPv6... What do you think ?

Best regards,

Thibaut Chèze

#792430#27
Date:
2025-05-06 16:50:25 UTC
From:
To:
openresolv-3.7.3 striped any trailing dots from domain and search entries.
openresolv-3.16.1 will ensure they are all lower case as well because DNS domains are not case sensitive.
This avoids any possible duplication of entries.

Roy

#792430#32
Date:
2025-05-14 15:34:33 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
openresolv, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 792430@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fabio Augusto De Muzio Tobich <ftobich@debian.org> (supplier of updated openresolv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Wed, 14 May 2025 11:59:37 -0300
Source: openresolv
Architecture: source
Version: 3.16.4-1
Distribution: unstable
Urgency: medium
Maintainer: Fabio Augusto De Muzio Tobich <ftobich@debian.org>
Changed-By: Fabio Augusto De Muzio Tobich <ftobich@debian.org>
Closes: 792430 991758 1057387
Changes:
 openresolv (3.16.4-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #991758, #792430, #1057387)
   * debian/control: bumped Standards-Version to 4.7.2.
   * debian/copyright: updated some years.
   * debian/patches/:
       - 010_fix-manpage-syntax.patch: removed, applied upstream.
       - 010_posix-functions-fix.patch: added to fix a shell script fails in
         'resolvectl'.
   * debian/upstream/metadata: updated some fields.
Checksums-Sha1:
 8c511f4f65936dffae4afd463c3dd2e677d16cce 1873 openresolv_3.16.4-1.dsc
 4ffaac3ad613ead08e6601ebd2cd52b7d61c51b5 28683 openresolv_3.16.4.orig.tar.gz
 f26cc906fa2c7df393e8dc94675285341944ab85 6252 openresolv_3.16.4-1.debian.tar.xz
 dc7cae6569968ab4d19fef0e021933981c2c4c44 5530 openresolv_3.16.4-1_source.buildinfo
Checksums-Sha256:
 5bbc16378c9a51b1a2488b52869f31e90034a0a0608e6d4dcd5928e5fa757fd4 1873 openresolv_3.16.4-1.dsc
 db3c394d23b27a54d030277c9764b975aef4d6beefe17303a2c0f5cc4f5b9b83 28683 openresolv_3.16.4.orig.tar.gz
 c7d33721253ae5748bb272e5085c1e6457a93ffde7bf09570b700fb27ada342f 6252 openresolv_3.16.4-1.debian.tar.xz
 6375958d5ca4705ddd1dbde278b4433777277606babab59e9dfcc312af4ba042 5530 openresolv_3.16.4-1_source.buildinfo
Files:
 93f2c82a70ce5fcce3b46bc31832865c 1873 net optional openresolv_3.16.4-1.dsc
 5ee84600752f447dd61c05af2055bc99 28683 net optional openresolv_3.16.4.orig.tar.gz
 267b3d8744039ca9772466aeaaaad979 6252 net optional openresolv_3.16.4-1.debian.tar.xz
 452b1cb2fa67cdaa6d355e23daf5b209 5530 net optional openresolv_3.16.4-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElzBAZuWu+sImg9A9T7O00372Oy4FAmgksugACgkQT7O00372
Oy5ocg/+ILX9oL9Aju+dLrz5K61yvJYiR+FlH2rOR7ta0/gX2TgZnSbfJKG/96IY
Vrxs9EkZ1ezFZ5wsb7Eqrz/5yW/YkLed+2qXm15/DAGqyUsvqdgutNLjK79/0Em7
s7MhV2W5a9wbRnrvfcr8x+OM3ELB/g0iDZk8H2iV5hf/7zPy659DXXiwBFcqfdqk
7kWbYjSa4Xd5i1SO1hjGwC1Fj4EW9TtZmlDkXmsZ11gS8jK9wOs7IrlH46oVaudp
FxZeCBY1DXMF+UTs5Zs1kpWGwY5U7ehb/OPRVJhbmdrLek/WNCBrEB+bfsHL2GiS
335jEYgMmO8ZSS4VVcu6/0LPz/Js+Tbe3EkaKLjLCxvVebEahc6FMA+VEneuSMBk
3g7AVcndJj7Cx0EQ/7CEnXbz8PiC0jocz3TTgZZl+5nyJOP1UUR2/H12GK8FkPAs
7+rBaZUHNyW/9EAhtfeYo2XMpLlmXqHYztEk0NeSQ5JnoNZ1csYx+PNRSnTWwoYm
KpQwwGz/J16tihaRxJzofFm6SaLRnddYdPYJpM4BAbmRjmQaa1YNzmyhj8yWTLEo
JdkoJ1oWbSfU4qHFXYTBqvctojGedRqZeKvD0/M+8Dqrezpm0Dal71Q3qPPsnJqx
sj7hmX7qaW35H8cSuAkW8Ra3xwhsS/gknb/vHizaDcKgWpnoVlo=
=e8PT
-----END PGP SIGNATURE-----