[Dnsmasq-discuss] Serial loosed after restart

Christian Ruppert c.ruppert at babiel.com
Mon Oct 6 10:34:25 BST 2014



On 10/03/2014 11:02 PM, Simon Kelley wrote:
> On 30/09/14 10:52, Christian Ruppert wrote:
>> Hi Simon,
>>
>> the related code is indeed really simple. I have no idea how that could happen
>> at all. However, I am no longer able to reproduce it :(
>> It might be some corner case or so, idk. I also added some debug logging and
>> watched it in gdb but no luck. I hope it's really gone now, whatever caused it...
>> I'll keep an eye on it. Thanks!
> 
> Race between starting NTP and starting dnsmasq?
> 

hrm, time() shouldn't return 0 or 1 then anyway.
I am currently no longer able to reproduce the issue. I restarted dnsmasq
several times etc. all fine for now. Even starting without NTP or so doesn't matter.

I also noticed that dnsmasq increases the serial even if nothing happened at all
(at least nothing DNS related). But this is probably another issue.

> 
> Cheers,
> 
> Simon.
> 
>>
>> On 09/26/2014 09:45 PM, Simon Kelley wrote:
>>> On 26/09/14 09:34, Christian Ruppert wrote:
>>>> Hi Simon,
>>>>
>>>> it's a VM with no real HW-Clock, that is correct. Using seconds since 1970 would
>>>> be ok but the serial starts with "1" when dnsmasq has been (re-)started:
>>>>
>>>> # ps aux | grep dnsmasq
>>>> dnsmasq  17460  0.0  0.0  30296   956 ?        S    Sep25   0:06
>>>> /usr/sbin/dnsmasq -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq --local-service
>>>>
>>>> So it's running since yesterday (2014/09/25) and has currently a serial of:
>>>> # dig -t SOA +short ipmi.rz.babiel.com @127.0.0.1 -p 5353
>>>> . . 4947 1200 180 1209600 600
>>>>
>>>> Now if I restart dnsmasq:
>>>> # /etc/init.d/dnsmasq restart
>>>> [ ok ] Restarting DNS forwarder and DHCP server: dnsmasq.
>>>> # dig -t SOA +short ipmi.rz.babiel.com @127.0.0.1 -p 5353
>>>> . . 1 1200 180 1209600 600
>>>>
>>>> It starts from 1 again.
>>>
>>> This is a mystery. The code is quite simple, it's around line 212 in
>>> src/dnsmasq.c
>>>
>>> now = dnsmasq_time();
>>>
>>> /* Create a serial at startup if not configured. */
>>>   if (daemon->authinterface && daemon->soa_sn == 0)
>>> #ifdef HAVE_BROKEN_RTC
>>>     die(_("zone serial must be configured in --auth-soa"), NULL,
>>> EC_BADCONF);
>>> #else
>>>   daemon->soa_sn = now;
>>> #endif
>>>
>>> If you can see how that code can end up with daemon->soa_sn having value
>>> 1 in your VM, that would solve the mystery.
>>>
>>>>
>>>> Re "--auth-soa":
>>>> I tried "auth-soa=20140926001" but:
>>>> # dig -t SOA +short ipmi.rz.babiel.com @127.0.0.1 -p 5353
>>>> . . 2961056818 1200 180 1209600 600
>>>> So that's not the serial that I specified. Anyway, after some time it increased
>>>> to 19, 20, ... and after a restart it was again at "2961056818". So using
>>>> "auth-soa" won't help :(
>>>
>>> The serial gets incremented every time the DHCP lease database changes
>>> (because the domain includes names derived from the leases, so changing
>>> a lease can change the domain.) So that explains what you're seeing
>>> there. I concede it does make my suggestion not viable.
>>>
>>> I guess that's why the seconds-since-epoch value is used.  It's a
>>> reasonable assumption that over a reasonable period, DHCP leases won't
>>> change more than once a second.
>>>
>>>
>>> Cheers,
>>>
>>> Simon.
>>>
>>>
>>>
>>>>
>>>> On 09/25/2014 11:04 PM, Simon Kelley wrote:
>>>>> On 25/09/14 10:39, Christian Ruppert wrote:
>>>>>> Hey Guys,
>>>>>>
>>>>>> I use the auth-zone, auth-sec, auth-peer features and I noticed that dnsmasq
>>>>>> looses its actual SOA resp. serial during restarts and thus it started again
>>>>>> from the beginning (1). All slaves were rejecting the changes because of that
>>>>>> serial mismatch. E.g. the slaves all had "34286" and dnsmasq started from "1" again.
>>>>>> It would be really good to save the serial in the lease file or somewhere else
>>>>>> and re-use it afterwards to avoid such problems. Is that a bug or was it on purpose?
>>>>>>
>>>>>
>>>>> It's supposed to work like this:
>>>>>
>>>>> The serial number starts as the time (seconds since 1970) when dnsmasq
>>>>> is started. Therefore stopping and restarting dnsmasq should _increase_
>>>>> the serial.
>>>>>
>>>>> My guess is that you're using a platform which doesn't have a hardware
>>>>> real-time-clock, and so it's idea of the time gets reset whenever it's
>>>>> rebooted. Even if it uses NTP to get a good value of the time, this will
>>>>> happen after dnsmasq has started.
>>>>>
>>>>>
>>>>> You can set the initial serial number when starting dnsmasq using the
>>>>> command-line argument (or config option.)
>>>>>
>>>>> --auth-soa=<serial number>
>>>>>
>>>>> so you could implement something like the behaviour you want by keeping
>>>>> the serial in a file, incrementing it each time dnsmasq starts, and
>>>>> feeding it to dnsmasq via the command line. Shell scripting to do this
>>>>> left as an excercise....
>>>>>
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Dnsmasq-discuss mailing list
>>>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>>>
>>>>
>>>
>>>
>>
> 
> 



More information about the Dnsmasq-discuss mailing list