[Dnsmasq-discuss] DBus API
Dan Williams
dcbw at redhat.com
Thu May 21 20:59:37 BST 2015
On Thu, 2015-05-21 at 14:28 -0500, richardvoigt at gmail.com wrote:
> >
> > For the short term, NM does have an /etc/NetworkManager/dnsmasq.d
> > directory where you can toss dnsmasq config files, which NM will pass to
> > dnsmasq when it spawns it. Unfortunately, because D-Bus gets used on
> > Ubuntu and dnsmasq isn't respawned on changes, that won't work for you.
> > Ideally, dnsmasq would get some kind of SIGHUP-like signal that *would*
> > re-read config files too, and then you could dump your info there and
> > SIGxxx it and everything would be fine.
> >
>
> Can't seem to find this in the documentation, but the reason that SIGHUP
> only rereads datafiles (hostsfile, /etc/ethers, etc) and not configuration
> has been explained before:
>
> Implementing configuration (opening port 53, among other things) requires
> root privilege. But signals are received after dnsmasq drops root.
> Allowing full reconfiguration while dnsmasq is running would open the door
> to privilege escalation, and therefore is excluded as an intentional design
> decision.
>
> Ideally, you would fix your wrapper's behavior that "dnsmasq isn't
> respawned on changes", because this behavior is wrong.
Respawning is sub-optimal because it can cause DNS dropouts during the
short window when dnsmasq isn't running, and existing requests can be
left hanging or simply fail. This was the specific reason why Ubuntu
moved to the D-Bus interface instead of respawning, to ensure that
dnsmasq always stayed running and there was no window of downtime.
I can see why rereading *all* configuration would require root
privileges, but certainly a simple refresh of the DNS information
doesn't since that would just update internal structures and not require
opening any additional ports, since they would already be open.
Dan
More information about the Dnsmasq-discuss
mailing list