Bug 1298263 - spamassassin starts before DNS is configured properly when using sysinit networking
spamassassin starts before DNS is configured properly when using sysinit netw...
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: spamassassin (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jaroslav Škarvada
qe-baseos-daemons
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-13 10:59 EST by Matthew Miller
Modified: 2017-08-03 03:33 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Miller 2016-01-13 10:59:54 EST
Description of problem:

  The symptom: 

    log messages like

      Jan 12 17:06:35 hostname spamd[18817]: dns: bad dns reply: Connection refused      
                                                                             
      Jan 12 17:06:36 hostname spamd[27101]: dns: sendto() to [127.0.0.1]:53 failed: Connection refused, no more alternatives 

    and DNS-based rules not working.

  The setup:

    * No local resolver
    * Static configuration with ifcfg entries containing ip addr and DNS servers
    * No NetworkManager

Version-Release number of selected component (if applicable):

    spamassassin-3.4.0-2.el7.x86_64

How reproducible:

    repeatable.

Steps to Reproduce:

  1. Disable network manager; use static config
  2. Reboot.

Actual results:

  DNS errors about no server on localhost

Expected results:

  Servers found in /etc/resolv.conf used.

Additional info:

  It turns out that there is an empty (except for comments) /etc/resolv.conf.save. This appears to be swapped back in on system shutdown (at least, I think so, but network-functions is some seriously human-unreadable bash scripting). Then, spamassassin apparently starts _before_ the correct servers are written and, there we go.

  I guess it'd be most ideal if spamassassin realized that resolv.conf changed and updated to use the new servers. But failing that, maybe it could be started only after the interface is up?
Comment 2 Jakub Jelen 2016-01-14 08:58:37 EST
spamassassin starts

    After=syslog.target network.target

When you disable NetworkManager, systemd might not tell you when the network is really ready. Common ever-green and fun of parallel boots.

Question is if these errors should not be fatal. It would "postpone" the real start of the service until the DNS is really ready and answering, if it is required to operate. Though it might break other setups.


This same topic is also discussed on Perlmonks [1] without any reasonable solution, but I would consider it as an misconfiguration:

> Discard NM *and* use a static resolv.conf which does not change between reboots.

Shouldn't you take care of your  resolv.conf  when using static configuration? But it leaves you writing the DNS servers in both ifcfg and resolv.conf, which is unfortunate.

Re-reading  resolv.conf  would be nice, but there is still two layers of abstraction between spamassassin and the file itself, Perl library and glibc. Having support for this in perl::Net::DNS would be at least convenient.


Debian report [2] of the similar topic is without any response so far. I will try to keep an eye on this bug, even though I am not sure if there is something we can do for it.


[1] http://www.perlmonks.org/?node_id=1130289
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741521
Comment 4 Jaroslav Škarvada 2017-07-13 11:50:00 EDT
Static IPs and DNS can be set in NetworkManager. You can even have manual configuration and NetworkManager set to ignore configuration of specific interface.

Individual services shouldn't do workarounds. Workarounds, if needed, should be done by systemd.

Note You need to log in before you can comment on or make changes to this bug.