From owner-freebsd-net@freebsd.org Mon Jun 15 13:20:29 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2911A333770 for ; Mon, 15 Jun 2020 13:20:29 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 49lsQN6DG4z4ZkH for ; Mon, 15 Jun 2020 13:20:28 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mailman.nyi.freebsd.org (Postfix) id D3E313339D4; Mon, 15 Jun 2020 13:20:28 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D3A9833376F for ; Mon, 15 Jun 2020 13:20:28 +0000 (UTC) (envelope-from agapon@gmail.com) Received: from mail-lf1-f68.google.com (mail-lf1-f68.google.com [209.85.167.68]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49lsQN0QLtz4ZST; Mon, 15 Jun 2020 13:20:27 +0000 (UTC) (envelope-from agapon@gmail.com) Received: by mail-lf1-f68.google.com with SMTP id c12so9498132lfc.10; Mon, 15 Jun 2020 06:20:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=qbhx17neD7/IiuiOWOBHCaDgpLWZ3P7/cLDPBg639ac=; b=ZG1ZjYBr76fVlYZ6HBuCVhTHyZbr6FnY89YrunB1giFZkTyNdf+Y/LKL9rBafAdvYs PA8JaADc5M/yRNDhtZ7+Y6HKbs8ZuUPaGTGp3TuzLLMeEklHw6iRhKNZHVLJmFSpK78u DJtxeQvZtVlQ8MllpH9Oa1TfoJ/b/07J2ZTVVhO+8EBZaeEX6PcRmNMIeQZXR8gEy92/ FY1sMaOXPkBh7CF002fZ5ZIfYj/X0Caj8ZKAaOBcxvbcDg9aTVj456pMvgtmvNBsuSqp 0CNq9H/4UZST7cuxRPo+RiJSCZS+Sfua50sbwfRjXbazCuFQEaZYppLHSlzyLwqVm/+F hw6Q== X-Gm-Message-State: AOAM5327MIAfDpCvZWQ+SYU/QBLKwHE20se64h0l6h5nncN3vzw8UEmx 1k7kq32sFYXpvgkhDWPuboLKL/JyHUM= X-Google-Smtp-Source: ABdhPJxrJR8tN7/Cb/lzGazQZDPxB96aLDBuGJMnbSb79p2inPXCOUVJYD0707fn72AW1a5LHJQm+Q== X-Received: by 2002:ac2:4829:: with SMTP id 9mr2012637lft.41.1592227225742; Mon, 15 Jun 2020 06:20:25 -0700 (PDT) Received: from [192.168.0.88] (east.meadow.volia.net. [93.72.151.96]) by smtp.googlemail.com with ESMTPSA id i22sm3808155ljb.50.2020.06.15.06.20.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Jun 2020 06:20:25 -0700 (PDT) Subject: Re: unbound and (isc) dhcpd startup order To: "Rodney W. Grimes" Cc: Ryan Steinmetz , jaap@NLnetLabs.nl, net@freebsd.org References: <202006151257.05FCvFgD076654@gndrsh.dnsmgr.net> From: Andriy Gapon Openpgp: preference=signencrypt Autocrypt: addr=avg@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFm4LIgBEADNB/3lT7f15UKeQ52xCFQx/GqHkSxEdVyLFZTmY3KyNPQGBtyvVyBfprJ7 mAeXZWfhat6cKNRAGZcL5EmewdQuUfQfBdYmKjbw3a9GFDsDNuhDA2QwFt8BmkiVMRYyvI7l N0eVzszWCUgdc3qqM6qqcgBaqsVmJluwpvwp4ZBXmch5BgDDDb1MPO8AZ2QZfIQmplkj8Y6Z AiNMknkmgaekIINSJX8IzRzKD5WwMsin70psE8dpL/iBsA2cpJGzWMObVTtCxeDKlBCNqM1i gTXta1ukdUT7JgLEFZk9ceYQQMJJtUwzWu1UHfZn0Fs29HTqawfWPSZVbulbrnu5q55R4PlQ /xURkWQUTyDpqUvb4JK371zhepXiXDwrrpnyyZABm3SFLkk2bHlheeKU6Yql4pcmSVym1AS4 dV8y0oHAfdlSCF6tpOPf2+K9nW1CFA8b/tw4oJBTtfZ1kxXOMdyZU5fiG7xb1qDgpQKgHUX8 7Rd2T1UVLVeuhYlXNw2F+a2ucY+cMoqz3LtpksUiBppJhw099gEXehcN2JbUZ2TueJdt1FdS ztnZmsHUXLxrRBtGwqnFL7GSd6snpGIKuuL305iaOGODbb9c7ne1JqBbkw1wh8ci6vvwGlzx rexzimRaBzJxlkjNfMx8WpCvYebGMydNoeEtkWldtjTNVsUAtQARAQABtB5BbmRyaXkgR2Fw b24gPGF2Z0BGcmVlQlNELm9yZz6JAlQEEwEIAD4WIQS+LEO7ngQnXA4Bjr538m7TUc1yjwUC WbgsiAIbIwUJBaOagAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRB38m7TUc1yj+JAEACV l9AK/nOWAt/9cufV2fRj0hdOqB1aCshtSrwHk/exXsDa4/FkmegxXQGY+3GWX3deIyesbVRL rYdtdK0dqJyT1SBqXK1h3/at9rxr9GQA6KWOxTjUFURsU7ok/6SIlm8uLRPNKO+yq0GDjgaO LzN+xykuBA0FlhQAXJnpZLcVfPJdWv7sSHGedL5ln8P8rxR+XnmsA5TUaaPcbhTB+mG+iKFj GghASDSfGqLWFPBlX/fpXikBDZ1gvOr8nyMY9nXhgfXpq3B6QCRYKPy58ChrZ5weeJZ29b7/ QdEO8NFNWHjSD9meiLdWQaqo9Y7uUxN3wySc/YUZxtS0bhAd8zJdNPsJYG8sXgKjeBQMVGuT eCAJFEYJqbwWvIXMfVWop4+O4xB+z2YE3jAbG/9tB/GSnQdVSj3G8MS80iLS58frnt+RSEw/ psahrfh0dh6SFHttE049xYiC+cM8J27Aaf0i9RflyITq57NuJm+AHJoU9SQUkIF0nc6lfA+o JRiyRlHZHKoRQkIg4aiKaZSWjQYRl5Txl0IZUP1dSWMX4s3XTMurC/pnja45dge/4ESOtJ9R 8XuIWg45Oq6MeIWdjKddGhRj3OohsltKgkEU3eLKYtB6qRTQypHHUawCXz88uYt5e3w4V16H lCpSTZV/EVHnNe45FVBlvK7k7HFfDDkryLkCDQRZuCyIARAAlq0slcsVboY/+IUJdcbEiJRW be9HKVz4SUchq0z9MZPX/0dcnvz/gkyYA+OuM78dNS7Mbby5dTvOqfpLJfCuhaNYOhlE0wY+ 1T6Tf1f4c/uA3U/YiadukQ3+6TJuYGAdRZD5EqYFIkreARTVWg87N9g0fT9BEqLw9lJtEGDY EWUE7L++B8o4uu3LQFEYxcrb4K/WKmgtmFcm77s0IKDrfcX4doV92QTIpLiRxcOmCC/OCYuO jB1oaaqXQzZrCutXRK0L5XN1Y1PYjIrEzHMIXmCDlLYnpFkK+itlXwlE2ZQxkfMruCWdQXye syl2fynAe8hvp7Mms9qU2r2K9EcJiR5N1t1C2/kTKNUhcRv7Yd/vwusK7BqJbhlng5ZgRx0m WxdntU/JLEntz3QBsBsWM9Y9wf2V4tLv6/DuDBta781RsCB/UrU2zNuOEkSixlUiHxw1dccI 6CVlaWkkJBxmHX22GdDFrcjvwMNIbbyfQLuBq6IOh8nvu9vuItup7qemDG3Ms6TVwA7BD3j+ 3fGprtyW8Fd/RR2bW2+LWkMrqHffAr6Y6V3h5kd2G9Q8ZWpEJk+LG6Mk3fhZhmCnHhDu6CwN MeUvxXDVO+fqc3JjFm5OxhmfVeJKrbCEUJyM8ESWLoNHLqjywdZga4Q7P12g8DUQ1mRxYg/L HgZY3zfKOqcAEQEAAYkCPAQYAQgAJhYhBL4sQ7ueBCdcDgGOvnfybtNRzXKPBQJZuCyIAhsM BQkFo5qAAAoJEHfybtNRzXKPBVwQAKfFy9P7N3OsLDMB56A4Kf+ZT+d5cIx0Yiaf4n6w7m3i ImHHHk9FIetI4Xe54a2IXh4Bq5UkAGY0667eIs+Z1Ea6I2i27Sdo7DxGwq09Qnm/Y65ADvXs 3aBvokCcm7FsM1wky395m8xUos1681oV5oxgqeRI8/76qy0hD9WR65UW+HQgZRIcIjSel9vR XDaD2HLGPTTGr7u4v00UeTMs6qvPsa2PJagogrKY8RXdFtXvweQFz78NbXhluwix2Tb9ETPk LIpDrtzV73CaE2aqBG/KrboXT2C67BgFtnk7T7Y7iKq4/XvEdDWscz2wws91BOXuMMd4c/c4 OmGW9m3RBLufFrOag1q5yUS9QbFfyqL6dftJP3Zq/xe+mr7sbWbhPVCQFrH3r26mpmy841ym dwQnNcsbIGiBASBSKksOvIDYKa2Wy8htPmWFTEOPRpFXdGQ27awcjjnB42nngyCK5ukZDHi6 w0qK5DNQQCkiweevCIC6wc3p67jl1EMFY5+z+zdTPb3h7LeVnGqW0qBQl99vVFgzLxchKcl0 R/paSFgwqXCZhAKMuUHncJuynDOP7z5LirUeFI8qsBAJi1rXpQoLJTVcW72swZ42IdPiboqx NbTMiNOiE36GqMcTPfKylCbF45JNX4nF9ElM0E+Y8gi4cizJYBRr2FBJgay0b9Cp Message-ID: Date: Mon, 15 Jun 2020 16:20:23 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Firefox/60.0 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <202006151257.05FCvFgD076654@gndrsh.dnsmgr.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 49lsQN0QLtz4ZST X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of agapon@gmail.com designates 209.85.167.68 as permitted sender) smtp.mailfrom=agapon@gmail.com X-Spamd-Result: default: False [-1.21 / 15.00]; MIME_TRACE(0.00)[0:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[FreeBSD.org]; ARC_NA(0.00)[]; NEURAL_HAM_LONG(-0.93)[-0.932]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.00)[-0.001]; RCVD_IN_DNSWL_NONE(0.00)[209.85.167.68:from]; NEURAL_HAM_MEDIUM(-0.28)[-0.279]; FORGED_SENDER(0.30)[avg@FreeBSD.org,agapon@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.167.68:from]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; RCVD_TLS_ALL(0.00)[]; FROM_NEQ_ENVFROM(0.00)[avg@FreeBSD.org,agapon@gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[93.72.151.96:received] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2020 13:20:29 -0000 On 15/06/2020 15:57, Rodney W. Grimes wrote: >> >> I am configuring a small LAN -- mostly a gateway / router for it -- and I am >> using unbound for a local DNS and isc-dhcp44-server for DHCP. >> I have a few hosts with static IP addresses (for various reasons). >> So, in unbound.conf I have an entry like >> local-data: "hipster.home.arpa. IN A 192.168.0.222" >> and in dhcpd.conf have: >> host hipster { >> >> >> hardware ethernet 40:74:e0:xx:xx:xx; >> >> >> fixed-address hipster.home.arpa; >> >> >> } >> >> I am using a DNS name to avoid hardcoding the same IP address twice. >> But obviously this depends on the local DNS server starting before the HDCP >> server if they are on the same host / router. >> It seems that at the moment there is nothing to ensure that order. >> >> For the moment I modified rc.d/unbound to add this line: >> # BEFORE: dhcpd > >>From looking at /etc/rc.d/local_unbound we see: > # PROVIDE: local_unbound > # REQUIRE: FILESYSTEMS defaultroute netwait resolv > # BEFORE: NETWORKING > # KEYWORD: shutdown > > What makes it work for that case is the BEFORE: NETWORKING is that > line missing for the port version? Yes, it is: # PROVIDE: unbound # REQUIRE: SERVERS cleanvar # KEYWORD: shutdown If we add BEFORE: NETWORKING then REQUIRE will also have to be adjusted as it's impossible to be before NETWORKING and after SERVERS. >> I am not sure if this is the best solution and it's something that can be >> included into the port. > > I think that DNS needs to be started before more than just dhcpd, > so this is just 1 of many possible cases. This can also be issues > with almost any network stuff that wants to do stuff by DNS value, > including the networkself. DNS creates a chicken/egg problem in > that you may, or may not need the network to resolve names, I have > always hated that aspect of it. Modern tooling can help, you use > stuff to build your /etc/rc config files that can me run while the > network is up and functional so that this entering IP addresses in > N places is less painful. > > I seen no problem in adding a BEFORE: NETWORKING to the port, covering > a larger number of casses than your narrow BEFORE: dhcpd. I agree. I hope it doesn't break any currently working configurations too. >> On a related note, unbound rc script provides "unbound" service. >> I think that maybe it should provide something more generic such as "nameserver" >> or "dns-server" (not sure if there is an established name for that). >> The reason I am saying this is that, IMO, if unbound is replaced with some other >> name server implementation the rc dependency chains should stay the same. > > I do not see anything in the base system that uses unbound or local_unbound > service name, so this looks like it could be straightforward, though there > may be some ports that have use of this token. > > For the blue bikeshed I find that "server" is just noise in the token > and that "dns" already has "s" for system, so just "dns" is good with me :-) That's a good point. I've just checked bind ports and they use PROVIDE: named Not sure if "named" here is a bind specific name or a generic one. -- Andriy Gapon