From owner-freebsd-questions@FreeBSD.ORG Fri May 21 05:15:37 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3FAC116A4CE for ; Fri, 21 May 2004 05:15:37 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id E78DF43D53 for ; Fri, 21 May 2004 05:15:35 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i4LCFQHu086141 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 21 May 2004 13:15:26 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i4LCFQHw086140; Fri, 21 May 2004 13:15:26 +0100 (BST) (envelope-from matthew) Date: Fri, 21 May 2004 13:15:26 +0100 From: Matthew Seaman To: Nuno =?iso-8859-1?Q?C=E9sar?= Pires Message-ID: <20040521121526.GD31695@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Nuno =?iso-8859-1?Q?C=E9sar?= Pires , "'freebsd-questions@freebsd.org'" References: <6A7539CE32D1CC42AD0B863337EEFCFB020B20F6@isq004> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qGV0fN9tzfkG3CxV" Content-Disposition: inline In-Reply-To: <6A7539CE32D1CC42AD0B863337EEFCFB020B20F6@isq004> User-Agent: Mutt/1.5.6i X-Virus-Scanned: clamd / ClamAV version devel-20040504, clamav-milter version 0.70u X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: "'freebsd-questions@freebsd.org'" Subject: Re: Help to start BIND on boot X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2004 12:15:37 -0000 --qGV0fN9tzfkG3CxV Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 21, 2004 at 12:07:25PM +0100, Nuno C=E9sar Pires wrote: > I'm setting up a BIND/DNS server (recursive) and I'm facing a problem whe= n I > try to start the "named" automatically on boot (named_enable=3D"YES" in > rc.conf): >=20 > First I noticed that the boot process takes a very long time in the > "Starting Standard Daemons" phase. >=20 > After boot I have looked to the named messages and apparently it was > everything ok i.e.: >=20 > =20 >=20 > First message: "starting (etc/namedb/named.conf). named > 8.3.6-REL ....." >=20 > Second message: "limit files set to fdlimit (1024)" >=20 > Third message: "Ready to answer queries." >=20 > =20 >=20 > But the problem is the output of "ndc status": (server is initializing > itself) and then nothing happen. >=20 > =20 >=20 > Starting or restarting the named manually works just fine, the "ndc statu= s" > output is "server is up and running" and the queries answers are as > expected. >=20 > The result after comment the kern_securelevel=3D"2" and > kern_securelevel_enable=3D"YES" lines in the rc.conf and reboot was the s= ame > as described above. >=20 > =20 >=20 > The ROOT SERVERS file was updated and there is a permanent network > connection >=20 > =20 >=20 > Releases: >=20 > FreeBSD 4.9 >=20 > BIND 8.3.6 I usually see this effect with things like sshd(8), but it could affect BIND as well. I wonder if named(8) is blocking trying to read /dev/random to obtain a quantity of random data. If the system does not have sufficient suitable random data available, it will wait until it has acquired enough before replying. Sources of randomness are things like timing the gaps between key presses or between the arrival of network packets -- either of which may not be very effective around reboot time. Check your setting for 'rand_irqs' in /etc/rc.conf -- you need to set it to a list of IRQs that fire quite frequently and that have timings that can be used to harvest randomness from. To get a list of suitable IRQs use: % vmstat -i So for instance on my system that returns: interrupt total rate acpi0 irq9 1 0 pcm0 irq10 39644 0 mux irq11 12139824 77 mux irq15 854820 5 atkbd0 irq1 49505 0 psm0 irq12 389549 2 sio1 irq3 81928 0 clk irq0 157097139 1000 rtc irq8 20105805 128 Total 190758215 1214 Choose the IRQs that fire most often, but not the clk (clock) or rtc (real time clock) IRQs -- as those fire at regular intervals. In this case good choices are irq1 (atkbd -- the keyboard), irq11 and irq15 (mux -- the TCP multiplexor (ie network traffic)), irq12 (psm -- the mouse). Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --qGV0fN9tzfkG3CxV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFArfLeiD657aJF7eIRAnylAKCY6cVv8WsY9yH+I56YvsrbUNdbxACff781 b8BJXUsTh8tNFSWSJ9R46fs= =iMMP -----END PGP SIGNATURE----- --qGV0fN9tzfkG3CxV--