From owner-freebsd-questions@freebsd.org Thu Oct 12 11:11:31 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5DD0CE26025 for ; Thu, 12 Oct 2017 11:11:31 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1CE897222E for ; Thu, 12 Oct 2017 11:11:31 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from leaf.local (unknown [88.202.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 801936453 for ; Thu, 12 Oct 2017 11:11:29 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none (p=none dis=none) header.from=FreeBSD.org Subject: Re: Unbound(8) caching resolver no workie on fresh install :-( To: freebsd-questions@freebsd.org References: <1468.1507784248@segfault.tristatelogic.com> From: Matthew Seaman Message-ID: <098539ec-6a14-00f3-f5e7-bd197d63e499@FreeBSD.org> Date: Thu, 12 Oct 2017 12:11:29 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <1468.1507784248@segfault.tristatelogic.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Oct 2017 11:11:31 -0000 On 12/10/2017 05:57, Ronald F. Guilmette wrote: > > I just installed a fresh 11.1-RELEASE system onto a pristine drive. > (Be patient with me please. I haven't done this in a long while.) > > All seems to be working well, however I noticed the new install option > to enable a local caching resolver, and I said to myself "Yea! Sounds > great to me!" So I enabled that. > > After the install finished and I booted the new system, I immediately > got some console errors indicating that the various default NTP servers > (I also enabled NTP) were not resolving. :-( > > So, um, what gives? This particular machine is, for the moment, NAT'd/DHCP'd > behind my trusty Linksys E4200. Do I need to poke a hole in that so that the > UDP DNS query replies can actually make it all the way back to this box? > Or is there something I need to diddle under /etc/unbound that isn't just > ready to go, out of the box? This is something I've observed too -- it's an ordering or timing problem with the startup scripts -- ie. ntpd(8) gets started before local_unbound is properly ready to answer queries. However, the effect is largely cosmetic. ntpd will complain about resolving server names on startup, but as soon as unbound gets going, ntpd should connect and sync up. I suspect you were being misled by the other problem you posted about where ntpd was dying shortly after startup because the clock was way off -- these error messages are not related to why ntpd is failing. As for local_unbound, if you can resolve hostnames into IP numbers 'host www.freebsd.org' from the command line, then you can be pretty sure that local_unbound is working OK. local_unbound defaults to using any resolvers found in /etc/resolv.conf as forwarders -- so if your local DHCP server says to use a specific resolver, it will -- but you can override that by setting local_unbound_forwarders in /etc/rc.conf to a list of IP numbers for the DNS resolvers you'ld like to use. local_unbound will in fact work perfectly happily without any forwarders, but there isn't a flag to force that behaviour. Cheers, Matthew