[Dnsmasq-discuss] Feature request = block-conf

Simon Kelley simon at thekelleys.org.uk
Fri Mar 4 21:22:56 UTC 2022 


On 04/03/2022 20:12, Ercolino de Spiacico wrote:
>  >How does dnsmasq behave if there is a configuration error in the 
> config >file elsewhere?  If the syntax is broken then it fails hard. 
> Don't see >why this wouldn't be true of a suplemental config script 
> being referred >to in the main one.And as to --fail-safe:  I don't see 
> how this is >reasonable, as it will lead to undesirable operation and 
> possibly even >broken clients if the mistake includes part of the dhcp 
>  >configuration.Its annoying, but probably better for services not to 
>  >start if they can't interpret/understand their starting stat
> 
> I appreciate the reason why this was originally designed to be the 
> default behavior however please allow me: this conf-script might be is 
> another beast.
> 
> I'm on a router developing this, the dnsmasq config is read at boot from 
> the content of a nvram variable. By the time dnsmasq starts I must 
> already have this conf-script target created, the USB mounting comes way 
> after everything else and the script booting process is screwed; NTP 
> doesn't sync, clients don't get an IP... you name it. Also if the device 
> has no USB this needs to be referenced and created in /tmp (RAM) at 
> boot, this is via the init script that again is coming in a bit too late 
> in the SoE. Until this file is created dnsmasq fails. Moreover there's 
> an additional risk here, part of the config content is coming from 
> Internet so outside the administrative domain. A typo by the list 
> maintainer might cause havoc, most importantly, this is not necessary 
> when the device is initially set up, it can come after months and affect 
> a large number of devices at one.
> 
> I really don't want to sound insistent but let me put it this way, long 
> time ago I brought up this very topic in the context of TFTP. If the 
> destination folder of TFTP didn't exist it used to fail dnsmasq (big 
> time on a router). Then fortunately the tftp-no-fail directive was 
> introduced.
> 
> This conf-script is pretty much the same case but in a different 
> context. If this extra info here above is still not enough I'll drop the 
> ball, but I'm just making a final effort because I see value in it, 
> that's all.

If the conf-script fails in a non-fatal manner, it has the option to 
return a zero exit code.

It must be the case that a conf-script should be able to cause an abort 
on start up, but it has contrl over that.

Another option would be to use the --test flag in the startup script.

if dnsmasq --test --conf-script=..... fails, then start up dnsmasq 
without the --conf-script option, maybe?



Simon.

> Regards
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>

More information about the Dnsmasq-discuss mailing list