Date: Sat, 13 Oct 2018 18:43:27 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@des.no> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: DNS KSK rollover, local_unbound and 11.2-STABLE Message-ID: <14c9f7e1-4073-8d0f-d029-e0b0401ddb8c@grosbein.net> In-Reply-To: <44dd8f4d-1608-b38f-2f3e-90d234065038@grosbein.net> References: <5BC046FB.9080906@grosbein.net> <861s8uaodn.fsf@next.des.no> <20be8009-5de8-61f0-dc67-a6b18af7bc37@grosbein.net> <86bm7y2lui.fsf@next.des.no> <44dd8f4d-1608-b38f-2f3e-90d234065038@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
13.10.2018 17:58, Eugene Grosbein wrote: >> You're supposed to run unbound-anchor *before* starting unbound (and the >> rc script will automatically do that if /var/unbound/root.key does not >> exist). What you're seeing now is unbound periodically overwriting >> root.key with what it has in memory. > > This nanobsd does not have root.key in its persistent configuration > and runs mpd5 from ports as PPPoE client for global connectivity. > > According to rcorder, /etc/rc.d/local_unbound runs BEFORE: NETWORKING > and much earlier then /usr/local/etc/rc.d/mpd5 is started that REQUIRES: SERVERS > > So, local_unbound startup script has no chance to update root.key with unbound-anchor > and the unbound daemon starts with no root.key at all. I've changed startup script of mpd5 to settings like /etc/rc.d/ppp has and now it starts before local_unbound but that does not help because mpd5 runs PPPoE client connection in background and it takes upto 3 seconds to establish PPPoE, so local_unbound still starts "too early". And I cannot use "netwait" because local_unbound starts before /etc/rc.d/netwait too.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14c9f7e1-4073-8d0f-d029-e0b0401ddb8c>