[fix] Properly manage resolv.conf, dns resolvers and dnsmasq (#290)

* Adding resolvconf as dependency
* Adding new templates for dnsmasq
* Adding libnss-myhostname as dependency
* tableflip.gif
* Moar tableflip.gif :/
* Tweaking dns resolvers used by dnsmasq
* Adding Aquilenet + moving FDN back to top
* Clarifying how the resolv.dnsmasq.conf template is used
* Moving nsswitch force regen back to postinstall

data/hooks/conf_regen/43-dnsmasq

@@ -13,6 +13,15 @@ do_pre_regen() {
   # create directory for pending conf
   dnsmasq_dir="${pending_dir}/etc/dnsmasq.d"
   mkdir -p "$dnsmasq_dir"
+  etcdefault_dir="${pending_dir}/etc/default"
+  mkdir -p "$etcdefault_dir"
+
+  # add general conf files
+  cp plain/etcdefault ${pending_dir}/etc/default/dnsmasq
+  cp plain/dnsmasq.conf ${pending_dir}/etc/dnsmasq.conf
+
+  # add resolver file
+  cat plain/resolv.dnsmasq.conf | grep nameserver | shuf > ${pending_dir}/etc/resolv.dnsmasq.conf
 
   # retrieve variables
   ipv4=$(curl -s -4 https://ip.yunohost.org 2>/dev/null || true)

data/templates/dnsmasq/plain/dnsmasq.conf

@@ -0,0 +1,6 @@
+domain-needed
+expand-hosts
+
+listen-address=127.0.0.1
+resolv-file=/etc/resolv.dnsmasq.conf
+cache-size=256

data/templates/dnsmasq/plain/etcdefault

@@ -0,0 +1,33 @@
+# This file has five functions: 
+# 1) to completely disable starting dnsmasq, 
+# 2) to set DOMAIN_SUFFIX by running `dnsdomainname` 
+# 3) to select an alternative config file
+#    by setting DNSMASQ_OPTS to --conf-file=<file>
+# 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for
+#    more configuration variables.
+# 5) to stop the resolvconf package from controlling dnsmasq's
+#    idea of which upstream nameservers to use.
+# For upgraders from very old versions, all the shell variables set 
+# here in previous versions are still honored by the init script
+# so if you just keep your old version of this file nothing will break.
+
+#DOMAIN_SUFFIX=`dnsdomainname`
+#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
+
+# Whether or not to run the dnsmasq daemon; set to 0 to disable.
+ENABLED=1
+
+# By default search this drop directory for configuration options.
+# Libvirt leaves a file here to make the system dnsmasq play nice.
+# Comment out this line if you don't want this. The dpkg-* are file
+# endings which cause dnsmasq to skip that file. This avoids pulling
+# in backups made by dpkg.
+CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
+
+# If the resolvconf package is installed, dnsmasq will use its output 
+# rather than the contents of /etc/resolv.conf to find upstream 
+# nameservers. Uncommenting this line inhibits this behaviour.
+# Note that including a "resolv-file=<filename>" line in 
+# /etc/dnsmasq.conf is not enough to override resolvconf if it is
+# installed: the line below must be uncommented.
+IGNORE_RESOLVCONF=yes

data/templates/dnsmasq/plain/resolv.dnsmasq.conf

@@ -0,0 +1,31 @@
+# This file will be used to generate /etc/resolv.dnsmasq.conf
+# To avoid that every instance rely on the first server as primary
+# server, this list is *shuffled* during every regen-conf of dnsmasq
+# In the possibility where the first nameserver is down, dnsmasq
+# will automatically switch to the next as primary server.
+
+# List taken from
+# http://diyisp.org/dokuwiki/doku.php?id=technical:dnsresolver
+
+# (FR) FDN
+nameserver 80.67.169.12
+nameserver 80.67.169.40
+# (FR) LDN
+nameserver 80.67.188.188
+# (FR) ARN
+nameserver 89.234.141.66
+# (FR) gozmail / grifon
+nameserver 89.234.186.18
+# (DE) FoeBud / Digital Courage
+nameserver 85.214.20.141
+# (FR) Aquilenet [added manually, following comments from @sachaz]
+nameserver 141.255.128.100
+nameserver 141.255.128.101
+# (DE) CCC Berlin
+nameserver 213.73.91.35
+# (DE) Ideal-Hosting
+nameserver 84.200.69.80
+nameserver 84.200.70.40
+# (DK) censurfridns
+nameserver 91.239.100.100
+nameserver 89.233.43.71

data/templates/nsswitch/nsswitch.conf

@@ -9,7 +9,7 @@ group:          compat ldap
 shadow:         compat ldap
 gshadow:        files
 
-hosts:          files mdns4_minimal [NOTFOUND=return] dns
+hosts:          files myhostname mdns4_minimal [NOTFOUND=return] dns
 networks:       files
 
 protocols:      db files

debian/control

@@ -22,7 +22,7 @@ Depends: ${python:Depends}, ${misc:Depends}
  , dovecot-ldap, dovecot-lmtpd, dovecot-managesieved
  , dovecot-antispam, fail2ban
  , nginx-extras (>=1.6.2), php5-fpm, php5-ldap, php5-intl
- , dnsmasq, openssl, avahi-daemon, libnss-mdns
+ , dnsmasq, openssl, avahi-daemon, libnss-mdns, resolvconf, libnss-myhostname
  , ssowat, metronome
  , rspamd (>= 1.2.0), rmilter (>=1.7.0), redis-server, opendkim-tools
  , haveged

src/yunohost/tools.py

@@ -164,6 +164,9 @@ def tools_maindomain(auth, new_domain=None):
         logger.warning("%s" % e, exc_info=1)
         raise MoulinetteError(errno.EPERM, m18n.n('maindomain_change_failed'))
 
+    # Clear nsswitch cache for hosts to make sure hostname is resolved ...
+    subprocess.call(['nscd', '-i', 'hosts'])
+
     # Set hostname
     pretty_hostname = "(YunoHost/%s)" % new_domain
     commands = [
@@ -319,6 +322,7 @@ def tools_postinstall(domain, password, ignore_dyndns=False):
     logger.success(m18n.n('yunohost_ca_creation_success'))
 
     # New domain config
+    service_regen_conf(['nsswitch'], force=True)
     domain_add(auth, domain, dyndns)
     tools_maindomain(auth, domain)