gpg: failed to create temporary file '/var/lib/lurker/.#lk0x56e1d100.hantslug.org.uk.29109': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Fri Feb 8 13:56:06 2008 GMT
gpg: using DSA key 20ACB3BE515C238D
gpg: Can't check signature: No public key
On Wed, Feb 06, 2008 at 09:29:41PM +0000, Adrian Bridgett wrote:
> On Wed, Feb 6, 2008 at 14:40:33 +0000 (+0000), Andy Smith wrote:
> > On Wed, Feb 06, 2008 at 02:28:41PM +0000, Hugo Mills wrote:
> > > Thus, the main question is: Can I tell my laptop to use one DNS
> > > server for a specific subdomain, but use the DNS server provided by
> > > DHCP for all other domains?
> >
> > I believe you can *almost* do this by use of forward zones, but for
> > anything but the forward zones the queries would then go out to the
> > DNS roots as usual.
>
> Or setup forwarders for those:
[snip]
> This all involves running a DNS server on your laptop, and configuring
> DHCP client to populate the named.conf file appropriately.
[snip]
> Personally I just have my VPN tell the VPN client the DNS details,
> this then uses resolvconf to setup /etc/resolv.conf:
>
> http://www.smop.co.uk/mediawiki/index.php/OpenVPN
>
> With the VPN as the preferred resolvconf device, this means that my
> /etc/resolv.conf is either:
>
> non-VPN:
> nameserver 1.2.3.4
> search example.org
>
> VPN:
> nameserver 192.168.100.3
> nameserver 1.2.3.4
> search smop.co.uk example.org
Unless I'm much mistaken, this will redirect all DNS queries
through the VPN while it's up (which is pretty much always), and was
the configuration I was trying to avoid.
The comment about running my own DNS server locally was the vital
bit, though. For various other reasons, I run a thing called dnsmasq
on this laptop, which acts as a highly configurable DNS proxy (and,
optionally, DHCP server). By default, dnsmasq will use the
configuration found in /etc/resolv.conf to find its DNS
servers. However, it is possible to tell it (a) to look in a different
place for the "default" servers, and (b) to look up specific domains
via entirely different servers. This deals with the "different servers
for different domains" issue.
The second issue, that of picking up DNS servers from DHCP, is
solved by a combination of dnsmasq and dhclient. Firstly, dnsmasq can
be configured to look for its default upstream DNS servers in a
different file from /etc/resolv.conf. Secondly, dhclient can be
configured to override the values put in /etc/resolv.conf. Thirdly,
dhclient can be made to write arbitrary stuff to arbitrary
configuration files, using hook scripts.
Thus, my final configuration looks something like this:
# /etc/dnsmasq.conf
# Look in /etc/resolvers to find the upstream DNS servers
resolv-file=/etc/resolvers
# Redirect queries for carfax.org.uk to the private nameserver
server=/carfax.org.uk/10.2.0.18
server=/darksatanic.net/10.2.0.18
# Don't bother listening on wired or wireless interfaces.
except-interface=wired
except-interface=wireless
# /etc/dhcp3/dhclient.conf
# Add localhost to the DNS servers
prepend domain-name-servers 127.0.0.1;
# Change the search path
append domain-search "ecs.soton.ac.uk. carfax.org.uk.";
# Request... stuff
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
netbios-name-servers, netbios-scope, interface-mtu;
# /etc/dhcp3/dhclient-enter-hooks.d/local-dns-settings
RESOLVER=/etc/resolvers
dns_server_restart() {
invoke-rc.d dnsmasq restart
}
dns_servers_setup_remove() {
if [ ! -e $RESOLVER ]; then
return
fi
rm -f $RESOLVER
dns_server_restart
}
dns_servers_setup_add() {
if [ -e $RESOLVER ] && [ "$new_domain_name_servers" = "$old_domain_name_servers" ]; then
return
fi
if [ -z "$new_domain_name_servers" ]; then
dns_servers_setup_remove
return
fi
tmp=$(mktemp "$RESOLVER.XXXXXX") || return
chmod --reference=/etc/resolv.conf $tmp
chown --reference=/etc/resolv.conf $tmp
echo "# This file was automatically generated based on information from the DHCP server" >$tmp
for server in $new_domain_name_servers; do
if [ "${server}" != "127.0.0.1" ]; then
echo "nameserver $server" >>$tmp
else
SERVERLIST="${SERVERLIST} ${server}"
fi
done
new_domain_name_servers="${SERVERLIST}"
mv $tmp $RESOLVER
dns_server_restart
}
case $reason in
BOUND|RENEW|REBIND|REBOOT)
dns_servers_setup_add
;;
EXPIRE|FAIL|RELEASE|STOP)
dns_servers_setup_remove
;;
esac
My only problem at the moment is that for some reason "ifup" thinks
that the interface isn't up after running. I can't tell why, but it
all seems to work other than that.
hrm@willow:~$ cat /etc/resolv.conf
domain omii.ac.uk
search omii.ac.uk ecs.soton.ac.uk. carfax.org.uk
nameserver 127.0.0.1
hrm@willow:~$ cat /etc/resolvers
# This file was automatically generated based on information from the DHCP server
nameserver 152.78.68.1
nameserver 152.78.70.1
hrm@willow:~$
Hugo.
--
=== Hugo Mills: hugo@... carfax.org.uk | darksatanic.net | lug.org.uk ===
PGP key: 515C238D from wwwkeys.eu.pgp.net or http://www.carfax.org.uk
--- We believe in free will because we have no choice. ---
