• Thomas Haller's avatar
    dns: move ratelimiting and restart from NMDnsManager to NMDnsDnsmasq · 93d5efb4
    Thomas Haller authored
    Note that the only DNS plugin that actually emits the FAILED signal was
    NMDnsDnsmasq. Let's not handle restart, retry and rate-limiting by
    NMDnsManager but by NMDnsDnsmasq itself.
    
    There are three goals here:
    
    (1) we want that when dnsmasq (infrequently) crashes, that we always keep
      retrying. A random crash should be automatically resolved and
      eventually dnsmasq should be working again.
      Note that we anyway cannot fully detect whether something is wrong.
      OK, we detect crashes, but if dnsmasq just gets catatonic, it's just
      as broken. Point being: our ability to detect non-working dnsmasq is limited.
    
    (2) when dnsmasq keeps crashing all the time, then rate limit the retry.
      Of course, at this point there is already something seriously wrong,
      but we shouldn't kill the system by respawning the process without rate
      limiting.
    
    (3) previously, when NMDnsManager noticed that the pluging was broken
      (and rate-limiting kicked in), it would temporarily disable the plugin.
      Basically, that meant to write the real name servers to /etc/resolv.conf
      directly, instead of setting localhost. This partly conflicts with
      (1), because we want to retry and recover automatically. So what good
      is it to notice a problem, resort to plain /etc/resolv.conf for a
      short time, and then run into the issues again? If something is really
      broken, there is no way but to involve the user to investigate and
      fix the issue. Hence, we don't need to concern NMDnsManager with this either.
      The only thing that the manager notices is when the dnsmasq binary is not
      available. In that case, update() fails right away, and the manager falls back
      to configure the name servers in /etc/resolv.conf directly.
    
    Also, change the backoff time from 5 minutes to 1 minute (twice the
    burst interval). There is not particularly strong reason for either
    choice, I think that if the ratelimit kicks in, then something is
    already so wrong that it doesn't matter either way. Anyway, also 60
    seconds is long enough to not kill the machine otherwise.
    93d5efb4
Name
Last commit
Last update
clients Loading commit data...
contrib Loading commit data...
data Loading commit data...
dispatcher Loading commit data...
docs Loading commit data...
examples Loading commit data...
introspection Loading commit data...
libnm Loading commit data...
libnm-core Loading commit data...
m4 Loading commit data...
man Loading commit data...
po Loading commit data...
shared Loading commit data...
src Loading commit data...
tools Loading commit data...
vapi Loading commit data...
.dir-locals.el Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
.mailmap Loading commit data...
.travis.yml Loading commit data...
AUTHORS Loading commit data...
CONTRIBUTING Loading commit data...
COPYING Loading commit data...
COPYING.GFDL Loading commit data...
COPYING.LGPL Loading commit data...
ChangeLog Loading commit data...
MAINTAINERS Loading commit data...
Makefile.am Loading commit data...
Makefile.examples Loading commit data...
Makefile.glib Loading commit data...
Makefile.vapigen Loading commit data...
NEWS Loading commit data...
NetworkManager.pc.in Loading commit data...
README Loading commit data...
TODO Loading commit data...
autogen.sh Loading commit data...
config-extra.h.meson Loading commit data...
config-extra.h.mk Loading commit data...
config.h.meson Loading commit data...
configure.ac Loading commit data...
linker-script-binary.ver Loading commit data...
linker-script-devices.ver Loading commit data...
linker-script-settings.ver Loading commit data...
meson.build Loading commit data...
meson_options.txt Loading commit data...
valgrind.suppressions Loading commit data...