diff options
author | Denys Vlasenko <vda.linux@googlemail.com> | 2018-03-30 20:49:16 +0200 |
---|---|---|
committer | Denys Vlasenko <vda.linux@googlemail.com> | 2018-03-30 20:49:16 +0200 |
commit | df65dc89b428c8f66ee2203f4a14eb2592d89ee0 (patch) | |
tree | 30fe6378dbeb4f594099b2fc26e3037729d4dfeb | |
parent | d9503224c8a93a30b0c8627084b2744d3ee6f403 (diff) |
examples/var_service: new example: dnsmasq service
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | examples/var_service/dnsmasq/README | 10 | ||||
-rw-r--r-- | examples/var_service/dnsmasq/dnsmasq.conf | 76 | ||||
-rwxr-xr-x | examples/var_service/dnsmasq/log/run | 21 | ||||
-rwxr-xr-x | examples/var_service/dnsmasq/p_log | 4 | ||||
-rwxr-xr-x | examples/var_service/dnsmasq/run | 12 | ||||
-rwxr-xr-x | examples/var_service/dnsmasq/w_log | 4 | ||||
-rw-r--r-- | examples/var_service/fw/etc/dnsmasq_servers.conf | 38 |
7 files changed, 165 insertions, 0 deletions
diff --git a/examples/var_service/dnsmasq/README b/examples/var_service/dnsmasq/README new file mode 100644 index 000000000..a20740d6e --- /dev/null +++ b/examples/var_service/dnsmasq/README @@ -0,0 +1,10 @@ +Local DNS cache service. + +This service is useful if you have more than 3 DNS servers, +or if you need a finer-grained control of which servers +can serve which domain. + +To make programs use local DNS server, make sure +/etc/resolv.conf says: + +nameserver 127.0.0.1 diff --git a/examples/var_service/dnsmasq/dnsmasq.conf b/examples/var_service/dnsmasq/dnsmasq.conf new file mode 100644 index 000000000..2cfb0fe81 --- /dev/null +++ b/examples/var_service/dnsmasq/dnsmasq.conf @@ -0,0 +1,76 @@ +keep-in-foreground + +# "-" is stderr: +log-facility=- + +# May also try log-queries=extra +log-queries + +# No param = pidfile disabled: +pid-file + +interface=lo +listen-address=127.0.0.1 +bind-interfaces + +cache-size=999 + +servers-file=/etc/dnsmasq_servers.conf + +# Don’t read /etc/resolv.conf and /etc/hosts: +no-resolv +#no-hosts + +# All reverse lookups for private IP ranges (ie 192.168.x.x, etc) +# which are not found in /etc/hosts or the DHCP leases file are +# answered with "no such domain" rather than being forwarded +# upstream. The set of prefixes affected is the list given in +# RFC6303. +#bogus-priv + +#−T, --local-ttl=<time> +# When replying with information from /etc/hosts or configuration +# or the DHCP leases file dnsmasq by default sets the time-to-live +# field to zero, meaning that the requester should not itself +# cache the information. This is the correct thing to do in almost +# all situations. This option allows a time-to-live (in seconds) +# to be given for these replies. This will reduce the load on the +# server at the expense of clients using stale data under some +# circumstances. +local-ttl=67 + +#--dhcp-ttl=<time> +# As for --local-ttl, but affects only replies with information +# from DHCP leases. If both are given, --dhcp-ttl applies for DHCP +# information, and --local-ttl for others. Setting this to zero +# eliminates the effect of --local-ttl for DHCP. +# +#--neg-ttl=<time> +# Negative replies from upstream servers normally contain time-to- +# live information in SOA records which dnsmasq uses for caching. +# If the replies from upstream servers omit this information, dns- +# masq does not cache the reply. This option gives a default value +# for time-to-live (in seconds) which dnsmasq uses to cache nega- +# tive replies even in the absence of an SOA record. +neg-ttl=67 + +#--max-ttl=<time> +# Set a maximum TTL value that will be handed out to clients. The +# specified maximum TTL will be given to clients instead of the +# true TTL value if it is lower. The true TTL value is however +# kept in the cache to avoid flooding the upstream DNS servers. +# +#--max-cache-ttl=<time> +# Set a maximum TTL value for entries in the cache. +# +#--min-cache-ttl=<time> +# Extend short TTL values to the time given when caching them. +# Note that artificially extending TTL values is in general a bad +# idea, do not do it unless you have a good reason, and understand +# what you are doing. Dnsmasq limits the value of this option to +# one hour, unless recompiled. +min-cache-ttl=67 + +#--auth-ttl=<time> +# Set the TTL value returned in answers from the authoritative +# server. diff --git a/examples/var_service/dnsmasq/log/run b/examples/var_service/dnsmasq/log/run new file mode 100755 index 000000000..69d74b73f --- /dev/null +++ b/examples/var_service/dnsmasq/log/run @@ -0,0 +1,21 @@ +#!/bin/sh + +user=logger + +logdir="/var/log/service/`(cd ..;basename $PWD)`" +mkdir -p "$logdir" 2>/dev/null +chown -R "$user": "$logdir" +chmod -R go-rwxst,u+rwX "$logdir" +rm -rf logdir +ln -s "$logdir" logdir + +# make this dir accessible to logger +chmod a+rX . + +exec >/dev/null +exec 2>&1 +exec \ +env - PATH="$PATH" \ +softlimit \ +setuidgid "$user" \ +svlogd -tt "$logdir" diff --git a/examples/var_service/dnsmasq/p_log b/examples/var_service/dnsmasq/p_log new file mode 100755 index 000000000..a2521be05 --- /dev/null +++ b/examples/var_service/dnsmasq/p_log @@ -0,0 +1,4 @@ +#!/bin/sh + +cd log/logdir || exit 1 +cat @* current | $PAGER diff --git a/examples/var_service/dnsmasq/run b/examples/var_service/dnsmasq/run new file mode 100755 index 000000000..2ac94282f --- /dev/null +++ b/examples/var_service/dnsmasq/run @@ -0,0 +1,12 @@ +#!/bin/sh + +#exec >/dev/null +exec 2>&1 +exec </dev/null + +echo "* Starting dnsmasq" +exec \ +env - PATH="$PATH" \ +softlimit \ +setuidgid root \ +dnsmasq -C dnsmasq.conf diff --git a/examples/var_service/dnsmasq/w_log b/examples/var_service/dnsmasq/w_log new file mode 100755 index 000000000..aa36ef13b --- /dev/null +++ b/examples/var_service/dnsmasq/w_log @@ -0,0 +1,4 @@ +#!/bin/sh + +cd log/logdir || exit 1 +watch -n2 'w=`ttysize w`; h=`ttysize h`; tail -$((h-3)) current 2>&1 | cut -b1-$((w-2))' diff --git a/examples/var_service/fw/etc/dnsmasq_servers.conf b/examples/var_service/fw/etc/dnsmasq_servers.conf new file mode 100644 index 000000000..68313605f --- /dev/null +++ b/examples/var_service/fw/etc/dnsmasq_servers.conf @@ -0,0 +1,38 @@ +#!/bin/bash + +empty=true + +prio=0 +i=0; while test "${if[$i]}"; do + test x"${dns_prio[$i]}" != x"" \ + && test "${dns_prio[$i]}" -gt "$prio" \ + && prio="${dns_prio[$i]}" +let i++; done + +i=0; while test "${if[$i]}"; do + if test "${dnsmasq[$i]}"; then + for d in ${dnsmasq[$i]}; do + echo "$d" + empty=false + done + let i++; + continue + fi + # This iface has no dnsmasq-extended config. + # Use simple DNS names instead, if those exist. + for d in ${dns[$i]}; do + p="${dns_prio[$i]}" + test x"$p" == x"" && p=0 + test x"$p" == x"$prio" || continue + echo "server=$d" + empty=false + done + let i++; +done + +# Use Google DNS servers if nothing else is configured +$empty && echo "server=8.8.8.8" +$empty && echo "server=8.8.4.4" + +# SIGHUP: make dnsmasq reload config +sv h dnsmasq |