summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2018-03-30 20:49:16 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2018-03-30 20:49:16 +0200
commitdf65dc89b428c8f66ee2203f4a14eb2592d89ee0 (patch)
tree30fe6378dbeb4f594099b2fc26e3037729d4dfeb
parentd9503224c8a93a30b0c8627084b2744d3ee6f403 (diff)
examples/var_service: new example: dnsmasq service
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--examples/var_service/dnsmasq/README10
-rw-r--r--examples/var_service/dnsmasq/dnsmasq.conf76
-rwxr-xr-xexamples/var_service/dnsmasq/log/run21
-rwxr-xr-xexamples/var_service/dnsmasq/p_log4
-rwxr-xr-xexamples/var_service/dnsmasq/run12
-rwxr-xr-xexamples/var_service/dnsmasq/w_log4
-rw-r--r--examples/var_service/fw/etc/dnsmasq_servers.conf38
7 files changed, 165 insertions, 0 deletions
diff --git a/examples/var_service/dnsmasq/README b/examples/var_service/dnsmasq/README
new file mode 100644
index 000000000..a20740d6e
--- /dev/null
+++ b/examples/var_service/dnsmasq/README
@@ -0,0 +1,10 @@
+Local DNS cache service.
+
+This service is useful if you have more than 3 DNS servers,
+or if you need a finer-grained control of which servers
+can serve which domain.
+
+To make programs use local DNS server, make sure
+/etc/resolv.conf says:
+
+nameserver 127.0.0.1
diff --git a/examples/var_service/dnsmasq/dnsmasq.conf b/examples/var_service/dnsmasq/dnsmasq.conf
new file mode 100644
index 000000000..2cfb0fe81
--- /dev/null
+++ b/examples/var_service/dnsmasq/dnsmasq.conf
@@ -0,0 +1,76 @@
+keep-in-foreground
+
+# "-" is stderr:
+log-facility=-
+
+# May also try log-queries=extra
+log-queries
+
+# No param = pidfile disabled:
+pid-file
+
+interface=lo
+listen-address=127.0.0.1
+bind-interfaces
+
+cache-size=999
+
+servers-file=/etc/dnsmasq_servers.conf
+
+# Don’t read /etc/resolv.conf and /etc/hosts:
+no-resolv
+#no-hosts
+
+# All reverse lookups for private IP ranges (ie 192.168.x.x, etc)
+# which are not found in /etc/hosts or the DHCP leases file are
+# answered with "no such domain" rather than being forwarded
+# upstream. The set of prefixes affected is the list given in
+# RFC6303.
+#bogus-priv
+
+#−T, --local-ttl=<time>
+# When replying with information from /etc/hosts or configuration
+# or the DHCP leases file dnsmasq by default sets the time-to-live
+# field to zero, meaning that the requester should not itself
+# cache the information. This is the correct thing to do in almost
+# all situations. This option allows a time-to-live (in seconds)
+# to be given for these replies. This will reduce the load on the
+# server at the expense of clients using stale data under some
+# circumstances.
+local-ttl=67
+
+#--dhcp-ttl=<time>
+# As for --local-ttl, but affects only replies with information
+# from DHCP leases. If both are given, --dhcp-ttl applies for DHCP
+# information, and --local-ttl for others. Setting this to zero
+# eliminates the effect of --local-ttl for DHCP.
+#
+#--neg-ttl=<time>
+# Negative replies from upstream servers normally contain time-to-
+# live information in SOA records which dnsmasq uses for caching.
+# If the replies from upstream servers omit this information, dns-
+# masq does not cache the reply. This option gives a default value
+# for time-to-live (in seconds) which dnsmasq uses to cache nega-
+# tive replies even in the absence of an SOA record.
+neg-ttl=67
+
+#--max-ttl=<time>
+# Set a maximum TTL value that will be handed out to clients. The
+# specified maximum TTL will be given to clients instead of the
+# true TTL value if it is lower. The true TTL value is however
+# kept in the cache to avoid flooding the upstream DNS servers.
+#
+#--max-cache-ttl=<time>
+# Set a maximum TTL value for entries in the cache.
+#
+#--min-cache-ttl=<time>
+# Extend short TTL values to the time given when caching them.
+# Note that artificially extending TTL values is in general a bad
+# idea, do not do it unless you have a good reason, and understand
+# what you are doing. Dnsmasq limits the value of this option to
+# one hour, unless recompiled.
+min-cache-ttl=67
+
+#--auth-ttl=<time>
+# Set the TTL value returned in answers from the authoritative
+# server.
diff --git a/examples/var_service/dnsmasq/log/run b/examples/var_service/dnsmasq/log/run
new file mode 100755
index 000000000..69d74b73f
--- /dev/null
+++ b/examples/var_service/dnsmasq/log/run
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+user=logger
+
+logdir="/var/log/service/`(cd ..;basename $PWD)`"
+mkdir -p "$logdir" 2>/dev/null
+chown -R "$user": "$logdir"
+chmod -R go-rwxst,u+rwX "$logdir"
+rm -rf logdir
+ln -s "$logdir" logdir
+
+# make this dir accessible to logger
+chmod a+rX .
+
+exec >/dev/null
+exec 2>&1
+exec \
+env - PATH="$PATH" \
+softlimit \
+setuidgid "$user" \
+svlogd -tt "$logdir"
diff --git a/examples/var_service/dnsmasq/p_log b/examples/var_service/dnsmasq/p_log
new file mode 100755
index 000000000..a2521be05
--- /dev/null
+++ b/examples/var_service/dnsmasq/p_log
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd log/logdir || exit 1
+cat @* current | $PAGER
diff --git a/examples/var_service/dnsmasq/run b/examples/var_service/dnsmasq/run
new file mode 100755
index 000000000..2ac94282f
--- /dev/null
+++ b/examples/var_service/dnsmasq/run
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+#exec >/dev/null
+exec 2>&1
+exec </dev/null
+
+echo "* Starting dnsmasq"
+exec \
+env - PATH="$PATH" \
+softlimit \
+setuidgid root \
+dnsmasq -C dnsmasq.conf
diff --git a/examples/var_service/dnsmasq/w_log b/examples/var_service/dnsmasq/w_log
new file mode 100755
index 000000000..aa36ef13b
--- /dev/null
+++ b/examples/var_service/dnsmasq/w_log
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd log/logdir || exit 1
+watch -n2 'w=`ttysize w`; h=`ttysize h`; tail -$((h-3)) current 2>&1 | cut -b1-$((w-2))'
diff --git a/examples/var_service/fw/etc/dnsmasq_servers.conf b/examples/var_service/fw/etc/dnsmasq_servers.conf
new file mode 100644
index 000000000..68313605f
--- /dev/null
+++ b/examples/var_service/fw/etc/dnsmasq_servers.conf
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+empty=true
+
+prio=0
+i=0; while test "${if[$i]}"; do
+ test x"${dns_prio[$i]}" != x"" \
+ && test "${dns_prio[$i]}" -gt "$prio" \
+ && prio="${dns_prio[$i]}"
+let i++; done
+
+i=0; while test "${if[$i]}"; do
+ if test "${dnsmasq[$i]}"; then
+ for d in ${dnsmasq[$i]}; do
+ echo "$d"
+ empty=false
+ done
+ let i++;
+ continue
+ fi
+ # This iface has no dnsmasq-extended config.
+ # Use simple DNS names instead, if those exist.
+ for d in ${dns[$i]}; do
+ p="${dns_prio[$i]}"
+ test x"$p" == x"" && p=0
+ test x"$p" == x"$prio" || continue
+ echo "server=$d"
+ empty=false
+ done
+ let i++;
+done
+
+# Use Google DNS servers if nothing else is configured
+$empty && echo "server=8.8.8.8"
+$empty && echo "server=8.8.4.4"
+
+# SIGHUP: make dnsmasq reload config
+sv h dnsmasq