From owner-freebsd-net@freebsd.org Thu Jun 18 20:09:44 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B135D3321AB for ; Thu, 18 Jun 2020 20:09:44 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ultimatedns.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49ntMD2087z3ywY; Thu, 18 Jun 2020 20:09:43 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (localhost [IPv6:0:0:0:0:0:0:0:1]) by udns.ultimatedns.net (8.15.2/8.15.2) with ESMTPS id 05IK9nDv002354 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 18 Jun 2020 13:09:55 -0700 (PDT) (envelope-from bsd-lists@BSDforge.com) X-Mailer: Cypht MIME-Version: 1.0 Cc: "Rodney W. Grimes" , Jaap Akkerhuis , Andriy Gapon , Ryan Steinmetz In-Reply-To: <202006171733.05HHXxru086351@gndrsh.dnsmgr.net> From: Chris Reply-To: bsd-lists@BSDforge.com To: freebsd-net Subject: Re: unbound and (isc) dhcpd startup order Date: Thu, 18 Jun 2020 13:09:55 -0700 Message-Id: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 49ntMD2087z3ywY X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; local_wl_ip(0.00)[24.113.41.81] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2020 20:09:44 -0000 On Wed, 17 Jun 2020 10:33:59 -0700 (PDT) Rodney W=2E Grimes freebsd-rwg@gndrs= h=2Ednsmgr=2Enet said > >=20 > > On (06/16/20 08:14), Rodney W=2E Grimes wrote: > >>Ok, well, I just thought of one and not sure if it is an issue or not, > >>doesng unbound have the ability to specify interfaces? If so those > >>may not exist until NETWORKING has run? > > > > >=20 > > Unbound isn't really going to do anything useful without the network=2E = I=20 > > don't think it is unreasonable that it should depend on NETWORKING=2E >=20 > Well then the current setup for local_unbound is counter to that, > as it is BEFORE: NETWORKING >=20 > > I think we're in an edge case here and, perhaps, a better solution migh= t=20 > > be to have someone(tm) add in support in rc=2Econf to specify dependency= =20 > > overrides=2E >=20 > dns and configuration are a chicken/egg problem, not really an edge > case, and a person must make a decision as to how to deal with that=2E >=20 > >=20 > > So, perhaps you could set: > >=20 > > dhcpd_after=3D"unbound" > >=20 > > Which would factor into the rcorder processing and make sure that dhcpd= =20 > > starts after unbound=2E > >=20 > > This would allow people to fine-tune things when they run into cases=20 > > like this=2E >=20 > Even beside the unbound problem, this is a good idea=2E It would > fix my "I need ipfw before routing as without ipfw my ospf packets > get blocked and things take much longer to come up problem=2E" Honestly=2E I'm really inclined to agree with Rodney=2E rcorder should really be a more fine-grained utility=2E What about something like: BEFORE: NETWORKING: pf or BEFORE: NETWORKING: ipfw or BEFORE: NETWORKING: unbound etc, etc=2E=2E=2E I think there *may* be a better direction=2E *But* this, at least should be an easy direction to add with few repercussions=2E Yes? >=20 >=20 > > -r > >=20 > > The idea that a daemon that depends on the network being functional > > >> > > >> On a related note, unbound rc script provides "unbound" serv= ice=2E > > >> > > >> I think that maybe it should provide something more generic = such > > as "nameserver" > > >> > > >> or "dns-server" (not sure if there is an established name fo= r > > that)=2E > > >> > > >> The reason I am saying this is that, IMO, if unbound is repl= aced > > with some other > > >> > > >> name server implementation the rc dependency chains should s= tay > > the same=2E > > >> > > > > > >> > > > I do not see anything in the base system that uses unbound or > > local_unbound > > >> > > > service name, so this looks like it could be straightforward, > > though there > > >> > > > may be some ports that have use of this token=2E > > >> > > > > > >> > > > For the blue bikeshed I find that "server" is just noise in t= he > > token > > >> > > > and that "dns" already has "s" for system, so just "dns" is g= ood > > with me :-) > > >> > > > > >> > > That's a good point=2E > > >> > > >> I don't agree=2E The term dns is too generic=2E People are often running > > >> dfferent nameservers on the same machine, as example: authoritative > > >> and nonauthoritative (e=2Eg=2E nsd & unbound)=2E > > > > >>Given examples by others your right, we can not put all of these > >>behind the knob "dns"=2E > > > > > >> Regards, > > >> =09jaap > >>--=20 > >>Rod Grimes =20 > >rgrimes@freebsd=2Eorg > >=20 > > --=20 > > Ryan Steinmetz > > PGP: 9079 51A3 34EF 0CD4 F228 EDC6 1EF8 BA6B D028 46D7 > >=20 >=20 > --=20 > Rod Grimes =20 > rgrimes@freebsd=2Eorg --Chris