[Dnsmasq-discuss] Serial loosed after restart

Simon Kelley simon at thekelleys.org.uk
Fri Oct 3 22:02:28 BST 2014 

On 30/09/14 10:52, Christian Ruppert wrote:
> Hi Simon,
> 
> the related code is indeed really simple. I have no idea how that could happen
> at all. However, I am no longer able to reproduce it :(
> It might be some corner case or so, idk. I also added some debug logging and
> watched it in gdb but no luck. I hope it's really gone now, whatever caused it...
> I'll keep an eye on it. Thanks!

Race between starting NTP and starting dnsmasq?


Cheers,

Simon.

> 
> On 09/26/2014 09:45 PM, Simon Kelley wrote:
>> On 26/09/14 09:34, Christian Ruppert wrote:
>>> Hi Simon,
>>>
>>> it's a VM with no real HW-Clock, that is correct. Using seconds since 1970 would
>>> be ok but the serial starts with "1" when dnsmasq has been (re-)started:
>>>
>>> # ps aux | grep dnsmasq
>>> dnsmasq  17460  0.0  0.0  30296   956 ?        S    Sep25   0:06
>>> /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq --local-service
>>>
>>> So it's running since yesterday (2014/09/25) and has currently a serial of:
>>> # dig -t SOA +short ipmi.rz.babiel.com @127.0.0.1 -p 5353
>>> . . 4947 1200 180 1209600 600
>>>
>>> Now if I restart dnsmasq:
>>> # /etc/init.d/dnsmasq restart
>>> [ ok ] Restarting DNS forwarder and DHCP server: dnsmasq.
>>> # dig -t SOA +short ipmi.rz.babiel.com @127.0.0.1 -p 5353
>>> . . 1 1200 180 1209600 600
>>>
>>> It starts from 1 again.
>>
>> This is a mystery. The code is quite simple, it's around line 212 in
>> src/dnsmasq.c
>>
>> now = dnsmasq_time();
>>
>> /* Create a serial at startup if not configured. */
>>   if (daemon->authinterface && daemon->soa_sn == 0)
>> #ifdef HAVE_BROKEN_RTC
>>     die(_("zone serial must be configured in --auth-soa"), NULL,
>> EC_BADCONF);
>> #else
>>   daemon->soa_sn = now;
>> #endif
>>
>> If you can see how that code can end up with daemon->soa_sn having value
>> 1 in your VM, that would solve the mystery.
>>
>>>
>>> Re "--auth-soa":
>>> I tried "auth-soa=20140926001" but:
>>> # dig -t SOA +short ipmi.rz.babiel.com @127.0.0.1 -p 5353
>>> . . 2961056818 1200 180 1209600 600
>>> So that's not the serial that I specified. Anyway, after some time it increased
>>> to 19, 20, ... and after a restart it was again at "2961056818". So using
>>> "auth-soa" won't help :(
>>
>> The serial gets incremented every time the DHCP lease database changes
>> (because the domain includes names derived from the leases, so changing
>> a lease can change the domain.) So that explains what you're seeing
>> there. I concede it does make my suggestion not viable.
>>
>> I guess that's why the seconds-since-epoch value is used.  It's a
>> reasonable assumption that over a reasonable period, DHCP leases won't
>> change more than once a second.
>>
>>
>> Cheers,
>>
>> Simon.
>>
>>
>>
>>>
>>> On 09/25/2014 11:04 PM, Simon Kelley wrote:
>>>> On 25/09/14 10:39, Christian Ruppert wrote:
>>>>> Hey Guys,
>>>>>
>>>>> I use the auth-zone, auth-sec, auth-peer features and I noticed that dnsmasq
>>>>> looses its actual SOA resp. serial during restarts and thus it started again
>>>>> from the beginning (1). All slaves were rejecting the changes because of that
>>>>> serial mismatch. E.g. the slaves all had "34286" and dnsmasq started from "1" again.
>>>>> It would be really good to save the serial in the lease file or somewhere else
>>>>> and re-use it afterwards to avoid such problems. Is that a bug or was it on purpose?
>>>>>
>>>>
>>>> It's supposed to work like this:
>>>>
>>>> The serial number starts as the time (seconds since 1970) when dnsmasq
>>>> is started. Therefore stopping and restarting dnsmasq should _increase_
>>>> the serial.
>>>>
>>>> My guess is that you're using a platform which doesn't have a hardware
>>>> real-time-clock, and so it's idea of the time gets reset whenever it's
>>>> rebooted. Even if it uses NTP to get a good value of the time, this will
>>>> happen after dnsmasq has started.
>>>>
>>>>
>>>> You can set the initial serial number when starting dnsmasq using the
>>>> command-line argument (or config option.)
>>>>
>>>> --auth-soa=<serial number>
>>>>
>>>> so you could implement something like the behaviour you want by keeping
>>>> the serial in a file, incrementing it each time dnsmasq starts, and
>>>> feeding it to dnsmasq via the command line. Shell scripting to do this
>>>> left as an excercise....
>>>>
>>>>
>>>> Cheers,
>>>>
>>>> Simon.
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Dnsmasq-discuss mailing list
>>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>>
>>>
>>
>>
>

More information about the Dnsmasq-discuss mailing list