diff --git a/data/hooks/conf_regen/43-dnsmasq b/data/hooks/conf_regen/43-dnsmasq index aab2b599f..e298f7eaa 100755 --- a/data/hooks/conf_regen/43-dnsmasq +++ b/data/hooks/conf_regen/43-dnsmasq @@ -13,6 +13,15 @@ do_pre_regen() { # create directory for pending conf dnsmasq_dir="${pending_dir}/etc/dnsmasq.d" mkdir -p "$dnsmasq_dir" + etcdefault_dir="${pending_dir}/etc/default" + mkdir -p "$etcdefault_dir" + + # add general conf files + cp plain/etcdefault ${pending_dir}/etc/default/dnsmasq + cp plain/dnsmasq.conf ${pending_dir}/etc/dnsmasq.conf + + # add resolver file + cat plain/resolv.dnsmasq.conf | grep nameserver | shuf > ${pending_dir}/etc/resolv.dnsmasq.conf # retrieve variables ipv4=$(curl -s -4 https://ip.yunohost.org 2>/dev/null || true) diff --git a/data/templates/dnsmasq/plain/dnsmasq.conf b/data/templates/dnsmasq/plain/dnsmasq.conf new file mode 100644 index 000000000..12a14048a --- /dev/null +++ b/data/templates/dnsmasq/plain/dnsmasq.conf @@ -0,0 +1,6 @@ +domain-needed +expand-hosts + +listen-address=127.0.0.1 +resolv-file=/etc/resolv.dnsmasq.conf +cache-size=256 diff --git a/data/templates/dnsmasq/plain/etcdefault b/data/templates/dnsmasq/plain/etcdefault new file mode 100644 index 000000000..e62dbbf67 --- /dev/null +++ b/data/templates/dnsmasq/plain/etcdefault @@ -0,0 +1,33 @@ +# This file has five functions: +# 1) to completely disable starting dnsmasq, +# 2) to set DOMAIN_SUFFIX by running `dnsdomainname` +# 3) to select an alternative config file +# by setting DNSMASQ_OPTS to --conf-file= +# 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for +# more configuration variables. +# 5) to stop the resolvconf package from controlling dnsmasq's +# idea of which upstream nameservers to use. +# For upgraders from very old versions, all the shell variables set +# here in previous versions are still honored by the init script +# so if you just keep your old version of this file nothing will break. + +#DOMAIN_SUFFIX=`dnsdomainname` +#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" + +# Whether or not to run the dnsmasq daemon; set to 0 to disable. +ENABLED=1 + +# By default search this drop directory for configuration options. +# Libvirt leaves a file here to make the system dnsmasq play nice. +# Comment out this line if you don't want this. The dpkg-* are file +# endings which cause dnsmasq to skip that file. This avoids pulling +# in backups made by dpkg. +CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new + +# If the resolvconf package is installed, dnsmasq will use its output +# rather than the contents of /etc/resolv.conf to find upstream +# nameservers. Uncommenting this line inhibits this behaviour. +# Note that including a "resolv-file=" line in +# /etc/dnsmasq.conf is not enough to override resolvconf if it is +# installed: the line below must be uncommented. +IGNORE_RESOLVCONF=yes diff --git a/data/templates/dnsmasq/plain/resolv.dnsmasq.conf b/data/templates/dnsmasq/plain/resolv.dnsmasq.conf new file mode 100644 index 000000000..bc36ef365 --- /dev/null +++ b/data/templates/dnsmasq/plain/resolv.dnsmasq.conf @@ -0,0 +1,31 @@ +# This file will be used to generate /etc/resolv.dnsmasq.conf +# To avoid that every instance rely on the first server as primary +# server, this list is *shuffled* during every regen-conf of dnsmasq +# In the possibility where the first nameserver is down, dnsmasq +# will automatically switch to the next as primary server. + +# List taken from +# http://diyisp.org/dokuwiki/doku.php?id=technical:dnsresolver + +# (FR) FDN +nameserver 80.67.169.12 +nameserver 80.67.169.40 +# (FR) LDN +nameserver 80.67.188.188 +# (FR) ARN +nameserver 89.234.141.66 +# (FR) gozmail / grifon +nameserver 89.234.186.18 +# (DE) FoeBud / Digital Courage +nameserver 85.214.20.141 +# (FR) Aquilenet [added manually, following comments from @sachaz] +nameserver 141.255.128.100 +nameserver 141.255.128.101 +# (DE) CCC Berlin +nameserver 213.73.91.35 +# (DE) Ideal-Hosting +nameserver 84.200.69.80 +nameserver 84.200.70.40 +# (DK) censurfridns +nameserver 91.239.100.100 +nameserver 89.233.43.71 diff --git a/data/templates/nsswitch/nsswitch.conf b/data/templates/nsswitch/nsswitch.conf index cf5b45256..b55e01b02 100644 --- a/data/templates/nsswitch/nsswitch.conf +++ b/data/templates/nsswitch/nsswitch.conf @@ -9,7 +9,7 @@ group: compat ldap shadow: compat ldap gshadow: files -hosts: files mdns4_minimal [NOTFOUND=return] dns +hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files diff --git a/debian/control b/debian/control index c261546dd..3be8b917e 100644 --- a/debian/control +++ b/debian/control @@ -22,7 +22,7 @@ Depends: ${python:Depends}, ${misc:Depends} , dovecot-ldap, dovecot-lmtpd, dovecot-managesieved , dovecot-antispam, fail2ban , nginx-extras (>=1.6.2), php5-fpm, php5-ldap, php5-intl - , dnsmasq, openssl, avahi-daemon, libnss-mdns + , dnsmasq, openssl, avahi-daemon, libnss-mdns, resolvconf, libnss-myhostname , ssowat, metronome , rspamd (>= 1.2.0), rmilter (>=1.7.0), redis-server, opendkim-tools , haveged diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index f5fc2fc01..cf3152dce 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -164,6 +164,9 @@ def tools_maindomain(auth, new_domain=None): logger.warning("%s" % e, exc_info=1) raise MoulinetteError(errno.EPERM, m18n.n('maindomain_change_failed')) + # Clear nsswitch cache for hosts to make sure hostname is resolved ... + subprocess.call(['nscd', '-i', 'hosts']) + # Set hostname pretty_hostname = "(YunoHost/%s)" % new_domain commands = [ @@ -319,6 +322,7 @@ def tools_postinstall(domain, password, ignore_dyndns=False): logger.success(m18n.n('yunohost_ca_creation_success')) # New domain config + service_regen_conf(['nsswitch'], force=True) domain_add(auth, domain, dyndns) tools_maindomain(auth, domain)