Date: Tue, 14 Jul 2015 14:31:40 -0400 From: Charles Sprickman <spork@bway.net> To: Paul Mather <paul@gromit.dlib.vt.edu> Cc: krad <kraduk@gmail.com>, freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: Circular dependency between local_unbound and ntpd? Message-ID: <BA6C16E2-2EBF-4B30-9B1B-1C36A889AE3C@bway.net> In-Reply-To: <E6BF2A3D-01CA-4AE5-AB3D-883ADE3DF26C@gromit.dlib.vt.edu> References: <EDD17B95-0EA7-4C97-836D-7707416C0F07@gromit.dlib.vt.edu> <CALfReye4Byhv0dX%2B2JVm=CEuAPnDitYOwgBFm_071Qwg_jvP_g@mail.gmail.com> <E6BF2A3D-01CA-4AE5-AB3D-883ADE3DF26C@gromit.dlib.vt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 14, 2015, at 10:47 AM, Paul Mather <paul@gromit.dlib.vt.edu> = wrote: > On Jul 14, 2015, at 10:33 AM, krad <kraduk@gmail.com> wrote: >>=20 >> As >>=20 >> $ grep REQUIRE /etc/rc.d/ntpd >> # REQUIRE: DAEMON ntpdate FILESYSTEMS devfs >>=20 >>=20 >> You could set something similar to the following in the rc.conf >>=20 >> ntpdate_hosts=3D"a.b.c.d w.x.y.z" >> ntpdate_enable=3Dyes >=20 > Thanks for that suggestion. I assume the "a.b.c.d w.x.y.z" are IP = addresses, not hostnames, otherwise we'd have the same problem. >=20 > The /etc/rc.d/ntpdate startup script has a "REQUIRE: NETWORKING ..." = and /etc/rc.d/local_unbound has a "BEFORE: NETWORKING" in it, meaning it = will be running before ntpdate runs. That means DNS resolution will = require an accurate clock and, I assume, mean that ntpdate will require = IP addresses, too? >=20 > So, it still comes down to this: do I need to know the IP address of = an NTP server to be able to use local_unbound safely with NTP? Hopefully not. I have a client with a number of Mikrotik routers = sprinkled around upstate. They did not have an NTP server to point to, = so I used a pool server. Mikrotik will take a hostname, but it saves an = IP. A year later I see a few not reestablish OpenVPN connections after = power failures, spend an hour troubleshooting, turns out that those IPs = were no longer NTP servers, the box thought it was 1970, and that causes = the VPN to fail. TL;DR, don=92t save NTP servers by IP in config files. Charles >=20 > Cheers, >=20 > Paul. >=20 >=20 >>=20 >>=20 >>=20 >>=20 >> On 14 July 2015 at 14:43, Paul Mather <paul@gromit.dlib.vt.edu = <mailto:paul@gromit.dlib.vt.edu>> wrote: >> I believe I ran afoul of a circular dependency between local_unbound = and ntpd on my 10.2-PRERELEASE system. I use a stock /etc/ntp.conf and = use ntpd_sync_on_start=3D"YES". >>=20 >> Last night, a BIOS settings reset cause my CMOS clock to go WAY out = of synch for the first time. No problem, I thought: NTP will correct it = at boot. >>=20 >> Wrong! >>=20 >> When my system booted, the time was not corrected. Also, DNS = resolution was not working. I figured out it was because local_unbound = relies on an accurately set clock, but the clock could not be set = accurately because my stock ntp.conf requires working DNS resolution to = reach the NTP servers. >>=20 >> That sounds like a potential circular dependency to me. >>=20 >> My workaround at the time was to look up 0.freebsd.pool.ntp.org = <http://0.freebsd.pool.ntp.org/>; on another system; stop ntpd; then do a = ntpdate using the IP addresses to set the clock. Once the clock was set = accurately, things were all hunky dory. >>=20 >> Does anyone have any suggestion for an automatic way around this? I = guess one way would be to put the IP address of an NTP server into my = ntp.conf file, so at least one would be reachable without needing a = working DNS? >>=20 >> My main concern is for those systems like my Raspberry Pi and = Beaglebone Black that don't have a battery-backed clock. I currently = don't use local_unbound on those, but it seems like I'd encounter this = problem routinely if I did. >>=20 >> Cheers, >>=20 >> Paul. >> _______________________________________________ >> freebsd-stable@freebsd.org <mailto:freebsd-stable@freebsd.org> = mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable = <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>; >> To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org = <mailto:freebsd-stable-unsubscribe@freebsd.org>" >>=20 >=20 > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BA6C16E2-2EBF-4B30-9B1B-1C36A889AE3C>