Can someone explain to me the behavior of /etc/resolv.conf and /var/run/resolv.conf?

[kennyj]

I’m writing some scripts for my company in order to set ipfw configuration depending on which network the computer is on at any time. To do this, I created a launch daemon that runs a script whenever /etc/resolv.conf changes. I also tried this with /var/run/resolv.conf.

What the script does is checks to see if resolv.conf is there. If it isn’t, the script exits. If it is, it checks the file for what the domain value is and sets the firewall config appropriately.

So, as a test today I wrote a script using “say” to tell me every time /etc/resolv.conf changes. This file seems to be created at startup and changes multiple times (I don’t know if the file is just being touched or what) quite rapidly. Then once a user logs in, the file is changed again multiple times and the script is run. Using /var/run/resolv.conf as the target was even worse with the frequency of file changes.

What I was seeing is that it would take a while to startup using my firewall script, then it would hang when a user tried to login. I’m thinking because resolv.conf was changing this quickly, the script was running multiple times ontop of itself. To help with these symptoms I put a “sleep 20” in my script after it would write the firewall config to IPFW. This seems to help performance a lot, but it still is run multiple times as a computer starts up and a user logs in.

So here’s my shell script… there are a couple of other parts to this, but they aren’t affecting this at all. The “say” commands in here are just for testing reasons on my own part.

#autoipfw.sh – Sets environment and loads the firewall configuration files
#Version 1.5 Kenneth Edgar
# Constants
FLUSH=’/sbin/ipfw -fq flush’
RESOLV=/etc/resolv.conf
RESTRICT=’/sbin/ipfw -q /etc/ipfw_restrict.conf’
INTERNAL=’/sbin/ipfw -q /etc/ipfw_internal.conf’
# If the resolv.conf file does not exist, exit code 98, otherwise set firewall and exit 99
if [ ! -f “$RESOLV” ]
then
say “network not available”;
exit 98
else
NETWORK=$(cat $RESOLV | grep domain | awk ‘{print $2}’)
case “$NETWORK” in
yourdomain.com)
say “setting internal firewall”;
$FLUSH;
$INTERNAL;
sleep 20;
;;
*)
say “setting external firewall”;
$FLUSH;
$RESTRICT;
sleep 20;
;;
esac;
exit 99;
fi
exit 1

[Author]

Posts