From owner-freebsd-stable@freebsd.org Tue Jul 14 18:31:56 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 08D899A1B2A for ; Tue, 14 Jul 2015 18:31:56 +0000 (UTC) (envelope-from spork@bway.net) Received: from smtp2.bway.net (smtp2.v6.bway.net [IPv6:2607:d300:1::28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B4297A07 for ; Tue, 14 Jul 2015 18:31:55 +0000 (UTC) (envelope-from spork@bway.net) Received: from fruitcake.sporklab.com (foon.sporktines.com [96.57.144.66]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: spork@bway.net) by smtp2.bway.net (Postfix) with ESMTPSA id 3E06A95851; Tue, 14 Jul 2015 14:31:45 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bway.net; s=mail; t=1436898705; bh=K6jW2livkyMoJo3vtvo7ZpR9OPa+laWKT51sUQQwacA=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=l8AHJyYiEuzgbEHDWx8pNhxZJQ/2w+VhCUj6/DdxJAjAwFDagBdRcv9rRRdz1ihkm uMo/8dBe2VGvuXJ9ziXwvBnpG8H621ijqJbm5ZOw5iHVwOqEFjyHhAcradJ4KJlK3S 501MtWzT5KQlzoerC8wusYKkfXD4MmhzyPLekgJ0= Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: Circular dependency between local_unbound and ntpd? From: Charles Sprickman In-Reply-To: Date: Tue, 14 Jul 2015 14:31:40 -0400 Cc: krad , freebsd-stable Content-Transfer-Encoding: quoted-printable Message-Id: References: To: Paul Mather X-Mailer: Apple Mail (2.1878.6) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2015 18:31:56 -0000 On Jul 14, 2015, at 10:47 AM, Paul Mather = wrote: > On Jul 14, 2015, at 10:33 AM, krad wrote: >>=20 >> As >>=20 >> $ grep REQUIRE /etc/rc.d/ntpd >> # REQUIRE: DAEMON ntpdate FILESYSTEMS devfs >>=20 >>=20 >> You could set something similar to the following in the rc.conf >>=20 >> ntpdate_hosts=3D"a.b.c.d w.x.y.z" >> ntpdate_enable=3Dyes >=20 > Thanks for that suggestion. I assume the "a.b.c.d w.x.y.z" are IP = addresses, not hostnames, otherwise we'd have the same problem. >=20 > The /etc/rc.d/ntpdate startup script has a "REQUIRE: NETWORKING ..." = and /etc/rc.d/local_unbound has a "BEFORE: NETWORKING" in it, meaning it = will be running before ntpdate runs. That means DNS resolution will = require an accurate clock and, I assume, mean that ntpdate will require = IP addresses, too? >=20 > So, it still comes down to this: do I need to know the IP address of = an NTP server to be able to use local_unbound safely with NTP? Hopefully not. I have a client with a number of Mikrotik routers = sprinkled around upstate. They did not have an NTP server to point to, = so I used a pool server. Mikrotik will take a hostname, but it saves an = IP. A year later I see a few not reestablish OpenVPN connections after = power failures, spend an hour troubleshooting, turns out that those IPs = were no longer NTP servers, the box thought it was 1970, and that causes = the VPN to fail. TL;DR, don=92t save NTP servers by IP in config files. Charles >=20 > Cheers, >=20 > Paul. >=20 >=20 >>=20 >>=20 >>=20 >>=20 >> On 14 July 2015 at 14:43, Paul Mather > wrote: >> I believe I ran afoul of a circular dependency between local_unbound = and ntpd on my 10.2-PRERELEASE system. I use a stock /etc/ntp.conf and = use ntpd_sync_on_start=3D"YES". >>=20 >> Last night, a BIOS settings reset cause my CMOS clock to go WAY out = of synch for the first time. No problem, I thought: NTP will correct it = at boot. >>=20 >> Wrong! >>=20 >> When my system booted, the time was not corrected. Also, DNS = resolution was not working. I figured out it was because local_unbound = relies on an accurately set clock, but the clock could not be set = accurately because my stock ntp.conf requires working DNS resolution to = reach the NTP servers. >>=20 >> That sounds like a potential circular dependency to me. >>=20 >> My workaround at the time was to look up 0.freebsd.pool.ntp.org = on another system; stop ntpd; then do a = ntpdate using the IP addresses to set the clock. Once the clock was set = accurately, things were all hunky dory. >>=20 >> Does anyone have any suggestion for an automatic way around this? I = guess one way would be to put the IP address of an NTP server into my = ntp.conf file, so at least one would be reachable without needing a = working DNS? >>=20 >> My main concern is for those systems like my Raspberry Pi and = Beaglebone Black that don't have a battery-backed clock. I currently = don't use local_unbound on those, but it seems like I'd encounter this = problem routinely if I did. >>=20 >> Cheers, >>=20 >> Paul. >> _______________________________________________ >> freebsd-stable@freebsd.org = mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable = >> To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org = " >>=20 >=20 > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"