Handy script for generating /etc/resolv.conf - SpamAssassin

This is a discussion on Handy script for generating /etc/resolv.conf - SpamAssassin ; Here's something I threw together to make sure the /etc/resolv.conf points to a working nameserver. I run this once a minute. It checks to see what name servers are up and creates /etc/resolv.conf. As you all know SA and mail ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 26

Thread: Handy script for generating /etc/resolv.conf

  1. Handy script for generating /etc/resolv.conf

    Here's something I threw together to make sure the /etc/resolv.conf
    points to a working nameserver. I run this once a minute. It checks to
    see what name servers are up and creates /etc/resolv.conf. As you all
    know SA and mail servers need the first nameserver to always be working.

    #!/bin/bash

    # This program is run once a minute and automatically generates the
    /etc/resolv.conf file

    DEFAULTSERVERS="65.49.42.30 65.49.42.31 65.49.42.33 69.50.231.141"

    # If default isn't optimum then read /etc/sysconfig/local-servers for list

    [ -f /etc/sysconfig/local-nameservers ] && .
    /etc/sysconfig/local-nameservers

    echo "# Automatically generated by $0" > /etc/resolv.tmp
    echo >> /etc/resolv.tmp
    echo "domain ctyme.com" >> /etc/resolv.tmp
    echo >> /etc/resolv.tmp

    for ns in $LOCALNAMESERVERS $DEFAULTSERVERS; do
    /usr/bin/nc -w 3 -z $ns 53 | cut -d \ -f 3 | sed -e
    's/^.*$/nameserver \0/' >> /etc/resolv.tmp
    done

    # resolv.conf only allows 3 nameservers so truncate list to 7 lines

    head -n 7 /etc/resolv.tmp > /etc/resolv.conf
    rm /etc/resolv.tmp


  2. Re: Handy script for generating /etc/resolv.conf



    Marc Perkel wrote:
    > Here's something I threw together to make sure the /etc/resolv.conf
    > points to a working nameserver. I run this once a minute. It checks to
    > see what name servers are up and creates /etc/resolv.conf. As you all
    > know SA and mail servers need the first nameserver to always be working.
    >
    > #!/bin/bash
    >
    > # This program is run once a minute and automatically generates the
    > /etc/resolv.conf file
    >
    > DEFAULTSERVERS="65.49.42.30 65.49.42.31 65.49.42.33 69.50.231.141"
    >
    > # If default isn't optimum then read /etc/sysconfig/local-servers for
    > list
    >
    > [ -f /etc/sysconfig/local-nameservers ] && .
    > /etc/sysconfig/local-nameservers
    >
    > echo "# Automatically generated by $0" > /etc/resolv.tmp
    > echo >> /etc/resolv.tmp
    > echo "domain ctyme.com" >> /etc/resolv.tmp
    > echo >> /etc/resolv.tmp
    >
    > for ns in $LOCALNAMESERVERS $DEFAULTSERVERS; do
    > /usr/bin/nc -w 3 -z $ns 53 | cut -d \ -f 3 | sed -e
    > 's/^.*$/nameserver \0/' >> /etc/resolv.tmp
    > done
    >
    > # resolv.conf only allows 3 nameservers so truncate list to 7 lines
    >
    > head -n 7 /etc/resolv.tmp > /etc/resolv.conf
    > rm /etc/resolv.tmp
    >


    OH - and the /etc/sysconfig/local-nameservers file looks like this:

    LOCALNAMESERVERS="127.0.0.1 67.201.12.11"


  3. Re: Handy script for generating /etc/resolv.conf

    On Thu, 28 Aug 2008, Marc Perkel wrote:

    > echo > > /etc/resolv.tmp


    That space between the >s is going to cause problems.

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    Look at the people at the top of both efforts. Linus Torvalds is a
    university graduate with a CS degree. Bill Gates is a university
    dropout who bragged about dumpster-diving and using other peoples'
    garbage code as the basis for his code. Maybe that has something to
    do with the difference in quality/security between Linux and
    Windows. -- anytwofiveelevenis on Y! SCOX
    -----------------------------------------------------------------------
    Today: Exercise Your Rights day


  4. Re: Handy script for generating /etc/resolv.conf

    On 28.08.08 08:41, Marc Perkel wrote:
    > Here's something I threw together to make sure the /etc/resolv.conf
    > points to a working nameserver.


    do you have problems with nameservers? Do you run own one?

    I guess that setting timeout, rotate and attempts options in resolv.conf
    could help you more than such script

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    Microsoft dick is soft to do no harm


  5. Re: Handy script for generating /etc/resolv.conf

    On Thu, 28 Aug 2008, John Hardin wrote:

    > On Thu, 28 Aug 2008, Marc Perkel wrote:
    >
    >> echo > > /etc/resolv.tmp

    >
    > That space between the >s is going to cause problems.


    ....WTF? Never mind, PINE betrayed me by reformatting those lines for some
    reason.

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    Look at the people at the top of both efforts. Linus Torvalds is a
    university graduate with a CS degree. Bill Gates is a university
    dropout who bragged about dumpster-diving and using other peoples'
    garbage code as the basis for his code. Maybe that has something to
    do with the difference in quality/security between Linux and
    Windows. -- anytwofiveelevenis on Y! SCOX
    -----------------------------------------------------------------------
    Today: Exercise Your Rights day


  6. Re: Handy script for generating /etc/resolv.conf

    * Matus UHLAR - fantomas :

    > I guess that setting timeout, rotate and attempts options in resolv.conf
    > could help you more than such script


    Nice tip, but there's no option that will "back off" from a dead DNS.
    Of course timeout/attempts and rotate will help a bit.

    --
    Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
    Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
    Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
    IT-Zentrum Standort CBF I'm looking for a job!


  7. RE: Handy script for generating /etc/resolv.conf

    Marc

    So what happens if you run a local nameserver in caching mode? You may findthis reduces the DNS related query time (and for that matter overall SA processing) dramitcally).

    --
    Martin Hepworth
    Snr Systems Administrator
    Solid State Logic
    Tel: +44 (0)1865 842300

    > -----Original Message-----
    > From: Marc Perkel [mailto:marc@perkel.com]
    > Sent: 28 August 2008 16:41
    > To: users@spamassassin.apache.org
    > Subject: Handy script for generating /etc/resolv.conf
    >
    > Here's something I threw together to make sure the
    > /etc/resolv.conf points to a working nameserver. I run this
    > once a minute. It checks to see what name servers are up and
    > creates /etc/resolv.conf. As you all know SA and mail servers
    > need the first nameserver to always be working.
    >
    > #!/bin/bash
    >
    > # This program is run once a minute and automatically
    > generates the /etc/resolv.conf file
    >
    > DEFAULTSERVERS="65.49.42.30 65.49.42.31 65.49.42.33 69.50.231.141"
    >
    > # If default isn't optimum then read
    > /etc/sysconfig/local-servers for list
    >
    > [ -f /etc/sysconfig/local-nameservers ] && .
    > /etc/sysconfig/local-nameservers
    >
    > echo "# Automatically generated by $0" > /etc/resolv.tmp echo
    > >> /etc/resolv.tmp echo "domain ctyme.com" >> /etc/resolv.tmp

    > echo >> /etc/resolv.tmp
    >
    > for ns in $LOCALNAMESERVERS $DEFAULTSERVERS; do
    > /usr/bin/nc -w 3 -z $ns 53 | cut -d \ -f 3 | sed -e
    > 's/^.*$/nameserver \0/' >> /etc/resolv.tmp done
    >
    > # resolv.conf only allows 3 nameservers so truncate list to 7 lines
    >
    > head -n 7 /etc/resolv.tmp > /etc/resolv.conf rm /etc/resolv.tmp
    >





    ************************************************** ********************
    Confidentiality : This e-mail and any attachments are intended for the
    addressee only and may be confidential. If they come to you in error
    you must take no action based on them, nor must you copy or show them
    to anyone. Please advise the sender by replying to this e-mail
    immediately and then delete the original from your computer.
    Opinion : Any opinions expressed in this e-mail are entirely those of
    the author and unless specifically stated to the contrary, are not
    necessarily those of the author's employer.
    Security Warning : Internet e-mail is not necessarily a secure
    communications medium and can be subject to data corruption. We advise
    that you consider this fact when e-mailing us.
    Viruses : We have taken steps to ensure that this e-mail and any
    attachments are free from known viruses but in keeping with good
    computing practice, you should ensure that they are virus free.

    Red Lion 49 Ltd T/A Solid State Logic
    Registered as a limited company in England and Wales
    (Company No:5362730)
    Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU,
    United Kingdom
    ************************************************** ********************


  8. Re: Handy script for generating /etc/resolv.conf



    Matus UHLAR - fantomas wrote:
    > On 28.08.08 08:41, Marc Perkel wrote:
    >
    >> Here's something I threw together to make sure the /etc/resolv.conf
    >> points to a working nameserver.
    >>

    >
    > do you have problems with nameservers? Do you run own one?
    >
    > I guess that setting timeout, rotate and attempts options in resolv.conf
    > could help you more than such script
    >
    >


    The problem is that there's so many DNS calls that if the first
    nameserver in the list isn't working then it's just too slow and email
    backs up, fills memory, things time out, and it isn't pretty. My name
    servers are generally reliable but if I need to reboot a server or
    something crashes I need everything to switch over automatically. So I
    run 3 caching name servers in my main cluster because I'm a redundancy
    freak and triple redundancy works. I'm not that into rotating because
    the caching works best for speed if they are al hitting one nameserver
    first. The others just sit there unless they are needed.

    I'm using OpenVZ for everything now so running some extra caching name
    servers is easy to do.




  9. Re: Handy script for generating /etc/resolv.conf

    > * Matus UHLAR - fantomas :
    >
    > > I guess that setting timeout, rotate and attempts options in resolv.conf
    > > could help you more than such script


    On 28.08.08 18:05, Ralf Hildebrandt wrote:
    > Nice tip, but there's no option that will "back off" from a dead DNS.
    > Of course timeout/attempts and rotate will help a bit.


    I think that proper timeout and setting those two should cause maximum
    "timeout" timeout per one dead server, e.g. 1-2 seconds, which should be OK.

    I have also asked if there are problems with nameservers and my main point
    wa if something couldn't be there. We have 4 DNS servers behind L3 switch
    that monitors DNS servers...

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    "To Boot or not to Boot, that's the question." [WD1270 Caviar]


  10. Re: Handy script for generating /etc/resolv.conf



    Ralf Hildebrandt wrote:
    > * Matus UHLAR - fantomas :
    >
    >
    >> I guess that setting timeout, rotate and attempts options in resolv.conf
    >> could help you more than such script
    >>

    >
    > Nice tip, but there's no option that will "back off" from a dead DNS.
    > Of course timeout/attempts and rotate will help a bit.
    >
    >


    You missed it - there is:

    nc -w 0 -z $ns 53 | cut -d \ -f 3 | sed -e 's/^.*$/nameserver \0/' >>
    /etc/resolv.conf

    This only creates a line IF the nameserver is working. The idea is that
    it automatically culls out the dead servers.



  11. Re: Handy script for generating /etc/resolv.conf


    Matus UHLAR - fantomas wrote:
    > We have 4 DNS servers behind L3 switch
    > that monitors DNS servers...
    >
    >

    This script is a poor man's L3 switch.


  12. Re: Handy script for generating /etc/resolv.conf

    * Marc Perkel :
    >
    >
    > Ralf Hildebrandt wrote:
    >> * Matus UHLAR - fantomas :
    >>
    >>
    >>> I guess that setting timeout, rotate and attempts options in resolv.conf
    >>> could help you more than such script
    >>>

    >>
    >> Nice tip, but there's no option that will "back off" from a dead DNS.
    >> Of course timeout/attempts and rotate will help a bit.
    >>
    >>

    >
    > You missed it - there is:
    >
    > nc -w 0 -z $ns 53 | cut -d \ -f 3 | sed -e 's/^.*$/nameserver \0/' >>
    > /etc/resolv.conf


    I wasn't talking about your script.

    > This only creates a line IF the nameserver is working. The idea is that
    > it automatically culls out the dead servers.


    Of course.
    --
    Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt@charite.de
    Charite - Universitätsmedizin Berlin Tel. +49 (0)30-450 570-155
    Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962
    IT-Zentrum Standort CBF I'm looking for a job!


  13. Re: Handy script for generating /etc/resolv.conf

    > >On 28.08.08 08:41, Marc Perkel wrote:
    > >
    > >>Here's something I threw together to make sure the /etc/resolv.conf
    > >>points to a working nameserver.


    > Matus UHLAR - fantomas wrote:
    > >do you have problems with nameservers? Do you run own one?
    > >
    > >I guess that setting timeout, rotate and attempts options in resolv.conf
    > >could help you more than such script


    On 28.08.08 09:09, Marc Perkel wrote:
    > The problem is that there's so many DNS calls that if the first
    > nameserver in the list isn't working then it's just too slow and email
    > backs up, fills memory, things time out, and it isn't pretty.


    if 1s timeout in resolv.conf (and thus 1s timeout for each dead DNS server)
    causes this problem, it's time to upgrade your machine...

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...


  14. Re: Handy script for generating /etc/resolv.conf

    On Thu, 2008-08-28 at 08:41 -0700, Marc Perkel wrote:
    > Here's something I threw together to make sure the /etc/resolv.conf
    > points to a working nameserver. I run this once a minute. It checks to
    > see what name servers are up and creates /etc/resolv.conf. As you all
    > know SA and mail servers need the first nameserver to always be working.
    >

    Cool.

    I get the same effect by running a private DNS service on my SA host.
    Its prime use is to centralise host naming for my LAN and to act as a
    local DNS cache. It forwards name requests it can't satisfy to
    (currently) three external DNS servers, so I think it achieves the same
    DNS resilience as your script as well as speeding up access to
    frequently accessed blacklisting sites.

    Martin


  15. Re: Handy script for generating /etc/resolv.conf

    On 28 Aug 2008, Marc Perkel told this:

    > Here's something I threw together to make sure the /etc/resolv.conf
    > points to a working nameserver. I run this once a minute.


    How do you arrange that all the existing programs that have already
    sucked in resolv.conf note the change? They're generally not going to
    unless you restart them: nothing polls resolv.conf looking for changes
    to it as far as I know, that would be far too inefficient.

    > It checks to
    > see what name servers are up and creates /etc/resolv.conf. As you all
    > know SA and mail servers need the first nameserver to always be
    > working.


    But these are both root-owned daemons and you're not restarting any
    of them.


  16. Re: Handy script for generating /etc/resolv.conf

    On 31 Aug 2008, Giampaolo Tomassoni stated:

    >> How do you arrange that all the existing programs that have already
    >> sucked in resolv.conf note the change? They're generally not going to
    >> unless you restart them: nothing polls resolv.conf looking for changes
    >> to it as far as I know, that would be far too inefficient.

    >
    > Depending on the specific implementation of the resolver library, the
    > application may check for changes in the resolv.conf file. Maybe they don't
    > check at every and each resolv request, however: they may instead check for
    > changes every, say, 10 secs or maybe every 1.000 requests. This way, looking
    > for changes in the /etc/resolv.conf file is not that much inefficient...


    Have you ever seen an implementation that does that? I haven't. glibc
    doesn't do it, unless I misread the code severely. Solaris doesn't do
    it. Does anything?

    --
    `Not even vi uses vi key bindings for its command line.' --- PdS


  17. RE: Handy script for generating /etc/resolv.conf

    > -----Original Message-----
    > From: Nix [mailto:nix@esperi.org.uk]
    > Sent: Sunday, August 31, 2008 6:18 PM
    > To: Giampaolo Tomassoni
    > Cc: 'Marc Perkel'; users@spamassassin.apache.org
    > Subject: Re: Handy script for generating /etc/resolv.conf
    >
    > On 31 Aug 2008, Giampaolo Tomassoni stated:
    >
    > >> How do you arrange that all the existing programs that have already
    > >> sucked in resolv.conf note the change? They're generally not going

    > to
    > >> unless you restart them: nothing polls resolv.conf looking for

    > changes
    > >> to it as far as I know, that would be far too inefficient.

    > >
    > > Depending on the specific implementation of the resolver library, the
    > > application may check for changes in the resolv.conf file. Maybe they

    > don't
    > > check at every and each resolv request, however: they may instead

    > check for
    > > changes every, say, 10 secs or maybe every 1.000 requests. This way,

    > looking
    > > for changes in the /etc/resolv.conf file is not that much

    > inefficient...
    >
    > Have you ever seen an implementation that does that? I haven't. glibc
    > doesn't do it, unless I misread the code severely. Solaris doesn't do
    > it. Does anything?


    Uff!

    Stock glibc v.2.6.1, source file resolv/res_libc.c, line#167:

    if (stat (_PATH_RESCONF, &statbuf) == 0 && last_mtime !=
    statbuf.st_mtime) {

    _PATH_RESCONF is /etc/resolv.conf; last_mtime is the last modify time (the
    previous modify time) of the /etc/resolv.conf file.

    I don't know which glibc version you have, but trust me this code had been
    there by long time.

    I you have a "twisted" version of glibc, please share: it is free software
    and you have to publish any change to it...

    Giampaolo


    >
    > --
    > `Not even vi uses vi key bindings for its command line.' --- PdS



  18. Re: Handy script for generating /etc/resolv.conf

    Giampaolo Tomassoni wrote:
    >> -----Original Message-----
    >> From: Nix [mailto:nix@esperi.org.uk]
    >> Sent: Sunday, August 31, 2008 5:12 PM
    >> To: Marc Perkel
    >> Cc: users@spamassassin.apache.org
    >> Subject: Re: Handy script for generating /etc/resolv.conf
    >>
    >> On 28 Aug 2008, Marc Perkel told this:
    >>
    >>> Here's something I threw together to make sure the /etc/resolv.conf
    >>> points to a working nameserver. I run this once a minute.

    >> How do you arrange that all the existing programs that have already
    >> sucked in resolv.conf note the change? They're generally not going to
    >> unless you restart them: nothing polls resolv.conf looking for changes
    >> to it as far as I know, that would be far too inefficient.

    >
    > Depending on the specific implementation of the resolver library, the
    > application may check for changes in the resolv.conf file. Maybe they don't
    > check at every and each resolv request, however: they may instead check for
    > changes every, say, 10 secs or maybe every 1.000 requests. This way, looking
    > for changes in the /etc/resolv.conf file is not that much inefficient...
    >


    as you say, this is generally inefficient. most resolver implementations
    don't do that. and even then, not all applications will obey that (the
    mozilla family is known to play bad games here).

    It is better to run a dns server on the machine and do all your stuff
    there. you can restart it, reload the zone, ... without caring for
    resolver or application specific behaviour. This also "conforms" to
    modularity as was seen in plan9: let servers do the job.

    and by the way, the proposed script is not portable nor robust:
    - it requires /bin/bash
    - it requires that netcat is installed as /usr/bin/nc

    It does no sanity check before overriting /etc/resolv.conf. not even
    check that it can run /usr/bin/nc. not even check that resolv.tmp is
    "coherent" (race condition).



    > Giampaolo
    >
    >>> It checks to
    >>> see what name servers are up and creates /etc/resolv.conf. As you all
    >>> know SA and mail servers need the first nameserver to always be
    >>> working.

    >> But these are both root-owned daemons and you're not restarting any
    >> of them.


    there are many long running programs such as X, firefox, thunderbird,
    .... that will not "re-initialize" the resolver, unless you have a
    resolver that forces reinit at each query or that watches resolv.conf
    change, but as said above, this is inefficient. I don't want my system
    to stat /etc/resolv.conf every minute, do you?


  19. Re: Handy script for generating /etc/resolv.conf

    On 31 Aug 2008, Giampaolo Tomassoni outgrape:

    > Uff!
    >
    > Stock glibc v.2.6.1, source file resolv/res_libc.c, line#167:
    >
    > if (stat (_PATH_RESCONF, &statbuf) == 0 && last_mtime !=
    > statbuf.st_mtime) {
    >
    > _PATH_RESCONF is /etc/resolv.conf; last_mtime is the last modify time (the
    > previous modify time) of the /etc/resolv.conf file.


    Er, um, resolv/res_libc.c in glibc 2.6.1 (and the very latest 2.8: the
    file is unchanged) is only 152 lines long. There is no reference to
    st_mtime anywhere under resolv/.

    Are you sure that's stock?

    > I don't know which glibc version you have, but trust me this code had been
    > there by long time.


    Not in my universe

    > I you have a "twisted" version of glibc, please share: it is free software
    > and you have to publish any change to it...


    May I second that motion? Are you *sure* yours doesn't have any distro patches
    applied? (Mine is straight from upstream CVS.)

    This is something I can understand a distro vendor patching, and also
    something I can see Ulrich rejecting, because banging stat()s on that
    file with every name lookup seems expensive. (Doing it every minute or
    so would be acceptable to me, but IIRC Ulrich turned that down as
    well...)

    --
    `Not even vi uses vi key bindings for its command line.' --- PdS


  20. Re: Handy script for generating /etc/resolv.conf

    Well, the code works for me. If someone has a better solution I'll
    switch to yours. I just created it because I needed it and thought I'd
    share it with others who might need it. But if any of you want to
    improve it or replace it with something better I'm always looking for
    new tricks.


+ Reply to Thread
Page 1 of 2 1 2 LastLast