Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Jun 2016 21:56:45 +0300
From:      Slawa Olhovchenkov <slw@zxy.spb.ru>
To:        stable@freebsd.org
Cc:        Dag-Erling =?utf-8?B?U23DuHJncmF2?= <des@des.no>, krad <kraduk@gmail.com>
Subject:   Re: unbound and ntp issuse
Message-ID:  <20160609185645.GZ75630@zxy.spb.ru>
In-Reply-To: <44mvmu8b9m.fsf@lowell-desk.lan>
References:  <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <CALfReyes2H4e86B8gUfPEui8ivqWuaMDzcMa_=4BQorvvTam9A@mail.gmail.com> <20160609080440.GR75630@zxy.spb.ru> <CALfReycwtf9eiVDRLpqW==fYNWfaoeERfh8tFg=LKaiXWGC3ig@mail.gmail.com> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> <20160609140209.GW75630@zxy.spb.ru> <44mvmu8b9m.fsf@lowell-desk.lan>
index | next in thread | previous in thread | raw e-mail 

On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote:

> Slawa Olhovchenkov <slw@zxy.spb.ru> writes:
> 
> > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote:
> >
> >> Slawa Olhovchenkov <slw@zxy.spb.ru> writes:
> >> 
> >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote:
> >> >
> >> >> I doubt that will happen as you are asking to pollute every release
> >> >> installation for an edge condition when  there is numerous work arounds
> >> >> that would be acceptable to most.   eg two lines in rc.conf will fix the
> >> >> issue.
> >> >
> >> > This manual editing will be required by every install on RPi, for
> >> > example.
> >> 
> >> No, it won't. Most people will just give the system a valid DNS
> >> configuration, and the clock will not be an issue.
> >
> > What invalid in my DNS configuration?
> 
> You said that you configured 127.0.0.1 as your DNS server. You didn't
> say how (or rather where) you did that, but if you had used the address
> of a working upstream recursive server, I suspect there wouldn't have
> been any problem.

Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause
unbound acts as recursive resolver. This is conventional setup.
("No forwarders found in resolv.conf, unbound will recurse."
-- from /usr/sbin/local-unbound-setup)

Using upstream recursive server with local unbound will cause same
problem, IMHO, because unbound will be enfocing DNSSEC by the same
way and rejecting all answers from upstream.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160609185645.GZ75630>