Bug 1317554 (dnssec-trigger-el7-rebase)

Summary: rebase dnssec-trigger to the latest upstream version (SVN revision)
Product: Red Hat Enterprise Linux 7 Reporter: David Jaša <djasa>
Component: dnssec-triggerAssignee: Martin Osvald 🛹 <mosvald>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: low    
Version: 7.3CC: lmiksik, ovasik, psklenar, thozza
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-27 12:16:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1061225, 1063731, 1110700, 1191021    

Description David Jaša 2016-03-14 14:26:30 UTC 
Description of problem:
When using NetworkManager with dns=unbound, NM expects dnssec-trigger to update unbound configuration based on network events. Current dnssec-trigger version is too old to have that capability so unbound rebase seems a good thing to do at this point.

Version-Release number of selected component (if applicable):
dnssec-trigger-0.11-21.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. setup NM with dns=unbound (also enable unbound and dnssec-triggerd services)
2. change network configuration
3.

Actual results:
NetworkManager[18412]: <warn>  could not spawn process '/usr/libexec/dnssec-trigger-script --async --update': Failed to execute child process "/usr/libexec/dnssec-trigger-script" (No such file or directory)
NetworkManager[18412]: <warn>  DNS: plugin unbound update failed

Expected results:
dnssec updates unbound configuration

Additional info:
Comment 1 Tomáš Hozza 2016-03-14 14:59:39 UTC 
While rebasing dnssec-trigger is definitely a good idea, it is not yet in a shape in which we can put in into RHEL.

The version available in RHEL-7 does not need the NetworkManager "unbound" DNS module. It will function in autonomous way. This means you don't need to set "dns=" in NM configuration at all, or you can set it to "dns=none". NM is usually rebased to the latest Upstream version, therefore its code is ahead of what is available in dhssec-trigger.

For more information about how to set-up NM in RHEL-7, please see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_DNS_Traffic_with_DNSSEC.html
Comment 3 Tomáš Hozza 2016-10-21 15:28:24 UTC 
*** Bug 1110136 has been marked as a duplicate of this bug. ***
Comment 8 Red Hat Bugzilla Rules Engine 2018-11-27 12:16:03 UTC 
Development Management has reviewed and declined this request. You may appeal this decision by reopening this request.