Red Hat Bugzilla – Bug 1298263
spamassassin starts before DNS is configured properly when using sysinit networking
Last modified: 2018-02-19 04:30:27 EST
Description of problem:
log messages like
Jan 12 17:06:35 hostname spamd: dns: bad dns reply: Connection refused
Jan 12 17:06:36 hostname spamd: dns: sendto() to [127.0.0.1]:53 failed: Connection refused, no more alternatives
and DNS-based rules not working.
* No local resolver
* Static configuration with ifcfg entries containing ip addr and DNS servers
* No NetworkManager
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Disable network manager; use static config
DNS errors about no server on localhost
Servers found in /etc/resolv.conf used.
It turns out that there is an empty (except for comments) /etc/resolv.conf.save. This appears to be swapped back in on system shutdown (at least, I think so, but network-functions is some seriously human-unreadable bash scripting). Then, spamassassin apparently starts _before_ the correct servers are written and, there we go.
I guess it'd be most ideal if spamassassin realized that resolv.conf changed and updated to use the new servers. But failing that, maybe it could be started only after the interface is up?
When you disable NetworkManager, systemd might not tell you when the network is really ready. Common ever-green and fun of parallel boots.
Question is if these errors should not be fatal. It would "postpone" the real start of the service until the DNS is really ready and answering, if it is required to operate. Though it might break other setups.
This same topic is also discussed on Perlmonks  without any reasonable solution, but I would consider it as an misconfiguration:
> Discard NM *and* use a static resolv.conf which does not change between reboots.
Shouldn't you take care of your resolv.conf when using static configuration? But it leaves you writing the DNS servers in both ifcfg and resolv.conf, which is unfortunate.
Re-reading resolv.conf would be nice, but there is still two layers of abstraction between spamassassin and the file itself, Perl library and glibc. Having support for this in perl::Net::DNS would be at least convenient.
Debian report  of the similar topic is without any response so far. I will try to keep an eye on this bug, even though I am not sure if there is something we can do for it.
Static IPs and DNS can be set in NetworkManager. You can even have manual configuration and NetworkManager set to ignore configuration of specific interface.
Individual services shouldn't do workarounds. Workarounds, if needed, should be done by systemd.