From owner-freebsd-stable@freebsd.org Thu Jun 9 18:56:49 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1683CB70914 for ; Thu, 9 Jun 2016 18:56:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 0283D1964 for ; Thu, 9 Jun 2016 18:56:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 01D35B70913; Thu, 9 Jun 2016 18:56:49 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 017E0B70912 for ; Thu, 9 Jun 2016 18:56:49 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B6AD11963 for ; Thu, 9 Jun 2016 18:56:48 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bB58H-000DaU-DQ; Thu, 09 Jun 2016 21:56:45 +0300 Date: Thu, 9 Jun 2016 21:56:45 +0300 From: Slawa Olhovchenkov To: stable@freebsd.org Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , krad Subject: Re: unbound and ntp issuse Message-ID: <20160609185645.GZ75630@zxy.spb.ru> References: <20160602122727.GB75625@zxy.spb.ru> <86pors7cba.fsf@desk.des.no> <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> <20160609140209.GW75630@zxy.spb.ru> <44mvmu8b9m.fsf@lowell-desk.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44mvmu8b9m.fsf@lowell-desk.lan> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jun 2016 18:56:49 -0000 On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote: > Slawa Olhovchenkov writes: > > > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote: > > > >> Slawa Olhovchenkov writes: > >> > >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > >> > > >> >> I doubt that will happen as you are asking to pollute every release > >> >> installation for an edge condition when there is numerous work arounds > >> >> that would be acceptable to most. eg two lines in rc.conf will fix the > >> >> issue. > >> > > >> > This manual editing will be required by every install on RPi, for > >> > example. > >> > >> No, it won't. Most people will just give the system a valid DNS > >> configuration, and the clock will not be an issue. > > > > What invalid in my DNS configuration? > > You said that you configured 127.0.0.1 as your DNS server. You didn't > say how (or rather where) you did that, but if you had used the address > of a working upstream recursive server, I suspect there wouldn't have > been any problem. Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause unbound acts as recursive resolver. This is conventional setup. ("No forwarders found in resolv.conf, unbound will recurse." -- from /usr/sbin/local-unbound-setup) Using upstream recursive server with local unbound will cause same problem, IMHO, because unbound will be enfocing DNSSEC by the same way and rejecting all answers from upstream.