Date: Sat, 13 Oct 2018 17:58:32 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@des.no> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: DNS KSK rollover, local_unbound and 11.2-STABLE Message-ID: <44dd8f4d-1608-b38f-2f3e-90d234065038@grosbein.net> In-Reply-To: <86bm7y2lui.fsf@next.des.no> References: <5BC046FB.9080906@grosbein.net> <861s8uaodn.fsf@next.des.no> <20be8009-5de8-61f0-dc67-a6b18af7bc37@grosbein.net> <86bm7y2lui.fsf@next.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
13.10.2018 17:16, Dag-Erling Smørgrav wrote: > Eugene Grosbein <eugen@grosbein.net> writes: >> The commands "unbound-anchor -vv; cat /var/unbound/root.key" show: >> [...] >> ; created by unbound-anchor on Sat Oct 13 14:28:12 2018 >> . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 >> . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D >> >> Several seconds later, "cat /var/unbound/root.key" shows: >> [...] >> It seems, distinct processes update the file and one of them fails. > > You're supposed to run unbound-anchor *before* starting unbound (and the > rc script will automatically do that if /var/unbound/root.key does not > exist). What you're seeing now is unbound periodically overwriting > root.key with what it has in memory. This nanobsd does not have root.key in its persistent configuration and runs mpd5 from ports as PPPoE client for global connectivity. According to rcorder, /etc/rc.d/local_unbound runs BEFORE: NETWORKING and much earlier then /usr/local/etc/rc.d/mpd5 is started that REQUIRES: SERVERS So, local_unbound startup script has no chance to update root.key with unbound-anchor and the unbound daemon starts with no root.key at all. /etc/unbound is symlink to /var/unbound here.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44dd8f4d-1608-b38f-2f3e-90d234065038>