From owner-freebsd-stable@freebsd.org Fri Jun 10 21:44:36 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7FF0CAEF561 for ; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6B8A22B53 for ; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: by mailman.ysv.freebsd.org (Postfix) id 671FCAEF55E; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 66C03AEF55C for ; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 287612B52 for ; Fri, 10 Jun 2016 21:44:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bBUEB-0001GO-Gk; Sat, 11 Jun 2016 00:44:31 +0300 Date: Sat, 11 Jun 2016 00:44:31 +0300 From: Slawa Olhovchenkov To: Lowell Gilbert Cc: Dag-Erling =?utf-8?B?U23DuHJncmF2?= , stable@freebsd.org, krad Subject: Re: unbound and ntp issuse Message-ID: <20160610214431.GA2894@zxy.spb.ru> References: <20160608094859.GH75625@zxy.spb.ru> <20160609080440.GR75630@zxy.spb.ru> <20160609133739.GV75630@zxy.spb.ru> <44r3c68od2.fsf@lowell-desk.lan> <20160609140209.GW75630@zxy.spb.ru> <44mvmu8b9m.fsf@lowell-desk.lan> <20160609185645.GZ75630@zxy.spb.ru> <44vb1gx3l9.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <44vb1gx3l9.fsf@be-well.ilk.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 21:44:36 -0000 On Fri, Jun 10, 2016 at 03:10:10PM -0400, Lowell Gilbert wrote: > Slawa Olhovchenkov writes: > > > On Thu, Jun 09, 2016 at 02:31:17PM -0400, Lowell Gilbert wrote: > > > >> Slawa Olhovchenkov writes: > >> > >> > On Thu, Jun 09, 2016 at 09:48:25AM -0400, Lowell Gilbert wrote: > >> > > >> >> Slawa Olhovchenkov writes: > >> >> > >> >> > On Thu, Jun 09, 2016 at 02:29:09PM +0100, krad wrote: > >> >> > > >> >> >> I doubt that will happen as you are asking to pollute every release > >> >> >> installation for an edge condition when there is numerous work arounds > >> >> >> that would be acceptable to most. eg two lines in rc.conf will fix the > >> >> >> issue. > >> >> > > >> >> > This manual editing will be required by every install on RPi, for > >> >> > example. > >> >> > >> >> No, it won't. Most people will just give the system a valid DNS > >> >> configuration, and the clock will not be an issue. > >> > > >> > What invalid in my DNS configuration? > >> > >> You said that you configured 127.0.0.1 as your DNS server. You didn't > >> say how (or rather where) you did that, but if you had used the address > >> of a working upstream recursive server, I suspect there wouldn't have > >> been any problem. > > > > Configuring 127.0.0.1 as DNS server and enabling loacal_unbound cause > > unbound acts as recursive resolver. This is conventional setup. > > ("No forwarders found in resolv.conf, unbound will recurse." > > -- from /usr/sbin/local-unbound-setup) > > I'll check on it if I get a chance. > > > Using upstream recursive server with local unbound will cause same > > problem, IMHO, because unbound will be enfocing DNSSEC by the same > > way and rejecting all answers from upstream. > > Well, we know that is not the case, because in that case nearly everyone > would be having the problem. Only in case of very incorrect time at startup (2008 year in may case, after CMOS reset)