Date: Mon, 15 Jun 2020 16:20:23 +0300 From: Andriy Gapon <avg@FreeBSD.org> To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> Cc: Ryan Steinmetz <zi@freebsd.org>, jaap@NLnetLabs.nl, net@freebsd.org Subject: Re: unbound and (isc) dhcpd startup order Message-ID: <a0656ff4-6f02-ad4e-174b-ffdfe115156d@FreeBSD.org> In-Reply-To: <202006151257.05FCvFgD076654@gndrsh.dnsmgr.net> References: <202006151257.05FCvFgD076654@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15/06/2020 15:57, Rodney W. Grimes wrote:
>>
>> I am configuring a small LAN -- mostly a gateway / router for it -- and I am
>> using unbound for a local DNS and isc-dhcp44-server for DHCP.
>> I have a few hosts with static IP addresses (for various reasons).
>> So, in unbound.conf I have an entry like
>> local-data: "hipster.home.arpa. IN A 192.168.0.222"
>> and in dhcpd.conf have:
>> host hipster {
>>
>>
>> hardware ethernet 40:74:e0:xx:xx:xx;
>>
>>
>> fixed-address hipster.home.arpa;
>>
>>
>> }
>>
>> I am using a DNS name to avoid hardcoding the same IP address twice.
>> But obviously this depends on the local DNS server starting before the HDCP
>> server if they are on the same host / router.
>> It seems that at the moment there is nothing to ensure that order.
>>
>> For the moment I modified rc.d/unbound to add this line:
>> # BEFORE: dhcpd
>
>>From looking at /etc/rc.d/local_unbound we see:
> # PROVIDE: local_unbound
> # REQUIRE: FILESYSTEMS defaultroute netwait resolv
> # BEFORE: NETWORKING
> # KEYWORD: shutdown
>
> What makes it work for that case is the BEFORE: NETWORKING is that
> line missing for the port version?
Yes, it is:
# PROVIDE: unbound
# REQUIRE: SERVERS cleanvar
# KEYWORD: shutdown
If we add BEFORE: NETWORKING then REQUIRE will also have to be adjusted as it's
impossible to be before NETWORKING and after SERVERS.
>> I am not sure if this is the best solution and it's something that can be
>> included into the port.
>
> I think that DNS needs to be started before more than just dhcpd,
> so this is just 1 of many possible cases. This can also be issues
> with almost any network stuff that wants to do stuff by DNS value,
> including the networkself. DNS creates a chicken/egg problem in
> that you may, or may not need the network to resolve names, I have
> always hated that aspect of it. Modern tooling can help, you use
> stuff to build your /etc/rc config files that can me run while the
> network is up and functional so that this entering IP addresses in
> N places is less painful.
>
> I seen no problem in adding a BEFORE: NETWORKING to the port, covering
> a larger number of casses than your narrow BEFORE: dhcpd.
I agree.
I hope it doesn't break any currently working configurations too.
>> On a related note, unbound rc script provides "unbound" service.
>> I think that maybe it should provide something more generic such as "nameserver"
>> or "dns-server" (not sure if there is an established name for that).
>> The reason I am saying this is that, IMO, if unbound is replaced with some other
>> name server implementation the rc dependency chains should stay the same.
>
> I do not see anything in the base system that uses unbound or local_unbound
> service name, so this looks like it could be straightforward, though there
> may be some ports that have use of this token.
>
> For the blue bikeshed I find that "server" is just noise in the token
> and that "dns" already has "s" for system, so just "dns" is good with me :-)
That's a good point.
I've just checked bind ports and they use PROVIDE: named
Not sure if "named" here is a bind specific name or a generic one.
--
Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a0656ff4-6f02-ad4e-174b-ffdfe115156d>