From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1895
Path: news.gmane.org!not-for-mail
From: Charlie Brady <charlieb-supervision@budge.apana.org.au>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: Installing dnscache with runit, without other djb utils
Date: Fri, 18 Jul 2008 10:20:33 -0400 (EDT)
Message-ID: <Pine.LNX.4.64.0807181009500.21979@e-smith.charlieb.ott.istop.com>
References: <20060928001213.GA13416@cengkeh.novenine.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Trace: ger.gmane.org 1216390856 31619 80.91.229.12 (18 Jul 2008 14:20:56 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 18 Jul 2008 14:20:56 +0000 (UTC)
Cc: supervision@list.skarnet.org
To: Roy Lanek <lanek@novenine.com>
Original-X-From: supervision-return-2130-gcsg-supervision=m.gmane.org@list.skarnet.org Fri Jul 18 16:21:37 2008
Return-path: <supervision-return-2130-gcsg-supervision=m.gmane.org@list.skarnet.org>
Envelope-to: gcsg-supervision@gmane.org
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by lo.gmane.org with smtp (Exim 4.50)
	id 1KJqpw-0001UF-G0
	for gcsg-supervision@gmane.org; Fri, 18 Jul 2008 16:21:32 +0200
Original-Received: (qmail 4148 invoked by uid 76); 18 Jul 2008 14:20:58 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 4113 invoked from network); 18 Jul 2008 14:20:58 -0000
X-X-Sender: charlieb@e-smith.charlieb.ott.istop.com
In-Reply-To: <20060928001213.GA13416@cengkeh.novenine.com>
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1895
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/1895>


On Thu, 28 Sep 2006, Roy Lanek wrote:

> ** Sorry for answering late

And sorry for following up very late - but there's an error here worth 
highlighting given the "recently discovered" issues with DNS query port 
randomisation.

> #!/bin/sh
> exec 2>&1
> cd '/etc/dnscache' || exit 1
>
> # -- seed:
> umask 077
> /bin/rm -f seed
> /bin/dd if=/dev/urandom bs=128 count=1 > seed 2> /dev/null
>    # -- "Linux has a good source of random data, use 128
>    # -- bytes of it to pass it to 'dns_random_init' (via
>    # -- 'seed')."^1
>
> exec chpst -U yyy -e ./env -o 250 -d "$DATALIMIT" \
>        /usr/bin/dnscache

There's something important missing here. You need to do:

exec<seed

or

exec chpst -U yyy -e ./env -o 250 -d "$DATALIMIT" \
         /usr/bin/dnscache <seed