5 コミット d06427d469 ... 9ecce5911b

作者 SHA1 メッセージ 日付
  Matthias Schiffer 9ecce5911b docs: releases/v2017.1.6: add latest fixes 6 年 前
  Matthias Schiffer 8f6208e90a gluon-core: add missing site check for next_node.name 6 年 前
  Matthias Schiffer e536ba2f9b docs: dns-forwarder: next_node.name is a single string in v2017.1.x 6 年 前
  Matthias Schiffer 00df8b76e5 gluon-core: ensure kernel.core_pattern is set 6 年 前
  Matthias Schiffer d02735041e gluon-core: remove DNS cache feature 6 年 前

+ 0 - 41
docs/features/dns-cache.rst

@@ -1,41 +0,0 @@
-DNS caching
-===========
-
-User experience may be greatly improved when dns is accelerated. Also, it
-seems like a good idea to keep the number of packages being exchanged
-between node and gateway as small as possible. In order to do this, a
-DNS cache may be used on a node. The dnsmasq instance listening on port
-53 on the node will be reconfigured to answer requests, use a list of
-upstream servers and a specific cache size if the options listed below are
-added to site.conf. Upstream servers are the DNS servers which are normally
-used by the nodes to resolve hostnames (e.g. gateways/supernodes).
-
-There are the following settings:
-    servers
-    cacheentries
-
-If both options are set the node will cache as much DNS records as set with
-'cacheentries' in RAM. The 'servers' list will be used to resolve the received
-DNS queries if the request cannot be answered from cache.
-If these settings do not exist, the cache is not intialized and RAM usage will not increase.
-
-When next_node.name is set, an A record and an AAAA record for the
-next-node IP address are placed in the dnsmasq configuration. This means that the content
-of next_node.name may be resolved even without upstream connectivity.
-
-::
-
-  dns = {
-    cacheentries = 5000,
-    servers = { '2001:db8::1', },
-  },
-
-  next_node = {
-    name = 'nextnode',
-    ip6 = '2001:db8:8::1',
-    ip4 = '198.51.100.1',
-  }
-
-
-The cache will be initialized during startup.
-Each cache entry will occupy about 90 bytes of RAM.

+ 26 - 0
docs/features/dns-forwarder.rst

@@ -0,0 +1,26 @@
+DNS forwarder
+=============
+
+A Gluon node can be configured to act as a DNS forwarder. Requests for the
+next-node hostname can be answered locally, without querying the upstream
+resolver.
+
+**Note:** While this reduces answer time and allows to use the next-node
+hostname without upstream connectivity, this feature should not be used for
+next-node hostnames that are FQDN when the zone uses DNSSEC.
+
+One or more upstream resolvers can be configured in the *dns.servers* setting.
+When *next_node.name* is set, A and/or AAAA records for the next-node IP
+addresses are placed in the dnsmasq configuration.
+
+::
+
+  dns = {
+    servers = { '2001:db8::1', },
+  },
+
+  next_node = {
+    name = 'nextnode',
+    ip6 = '2001:db8:8::1',
+    ip4 = '198.51.100.1',
+  }

+ 1 - 1
docs/index.rst

@@ -23,7 +23,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
    features/wlan-configuration
    features/private-wlan
    features/wired-mesh
-   features/dns-cache
+   features/dns-forwarder
    features/monitoring
    features/authorized-keys
    features/roles

+ 21 - 0
docs/releases/v2017.1.6.rst

@@ -4,6 +4,27 @@ Gluon 2017.1.6 (in development)
 Bugfixes
 ~~~~~~~~
 
+* Remove broken DNS cache feature
+  (`#1362 <https://github.com/freifunk-gluon/gluon/issues/1362>`_)
+
+  It was found that dnsmasq does not handle all answer records
+  equally. In particular, its cached answers are missing DNSKEY and DS
+  records, breaking DNSSEC validation on clients.
+
+  Nodes can still resolve the next-node hostname locally and will continue to
+  work as DNS forwarders. The DNS cache feature may return if dnsmasq is fixed
+  or if we switch to a different resolver.
+
+* Ensure that corefiles are stored in /tmp rather than cluttering the root
+  filesystem
+  (`00df8b76e54c <https://github.com/freifunk-gluon/gluon/commit/00df8b76e54c9bb89299df4b2ec49e972046d6b6>`_)
+
+  Nodes upgrades from Gluon v2016.2.x or earlier did not set kernel.core_pattern
+  correctly, leading to corefiles being stored in the current directory (usually
+  / for system services) in the case of crashes.
+
+  This is a regression introduced in Gluon v2017.1.
+
 * Only request a single IPv6 address instead of a prefix on the WAN interface
   (`5db54ba78c3 <https://github.com/freifunk-gluon/gluon/commit/5db54ba78c3e245f06e4a407371608f6cb247b49>`_)
 

+ 0 - 2
docs/releases/v2017.1.rst

@@ -88,8 +88,6 @@ New features
 * Add support for making nodes a DNS cache for clients
   (`#1000 <https://github.com/freifunk-gluon/gluon/issues/1000>`_)
 
-  See also: :doc:`../features/dns-cache`
-
 * Add L2TP via tunneldigger as an alternative VPN system
   (`#978 <https://github.com/freifunk-gluon/gluon/issues/978>`_)
 

+ 1 - 1
package/gluon-core/check_site.lua

@@ -40,11 +40,11 @@ end
 
 need_boolean('poe_passthrough', false)
 if need_table('dns', nil, false) then
-	need_number('dns.cacheentries', false)
 	need_string_array_match('dns.servers', '^[%x:]+$', false)
 end
 
 if need_table('next_node', nil, false) then
+	need_string('next_node.name', false)
 	need_string_match('next_node.ip6', '^[%x:]+$', false)
 	need_string_match('next_node.ip4', '^%d+.%d+.%d+.%d+$', false)
 end

+ 5 - 0
package/gluon-core/luasrc/lib/gluon/upgrade/130-core-pattern

@@ -0,0 +1,5 @@
+#!/usr/bin/lua
+
+local sysctl = require 'gluon.sysctl'
+
+sysctl.set('kernel.core_pattern', '/tmp/%e.%t.%p.%s.core')

+ 1 - 5
package/gluon-core/luasrc/lib/gluon/upgrade/820-dns-config

@@ -13,11 +13,7 @@ else
 	uci:delete('dhcp', dnsmasq, 'server')
 end
 
-if site.dns and site.dns.cacheentries then
-	uci:set('dhcp', dnsmasq, 'cachesize', site.dns.cacheentries)
-else
-	uci:delete('dhcp', dnsmasq, 'cachesize')
-end
+uci:delete('dhcp', dnsmasq, 'cachesize')
 
 if site.next_node and site.next_node.name and site.next_node.ip4 then
 	uci:section('dhcp','domain','nextnode4',{