Date: Thu, 12 Oct 2017 09:15:51 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Matthew Seaman <matthew@FreeBSD.org> Cc: freebsd-questions@freebsd.org Subject: Re: Unbound(8) caching resolver no workie on fresh install :-( Message-ID: <59DF6B07.4030102@gmail.com> In-Reply-To: <098539ec-6a14-00f3-f5e7-bd197d63e499@FreeBSD.org> References: <1468.1507784248@segfault.tristatelogic.com> <098539ec-6a14-00f3-f5e7-bd197d63e499@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > On 12/10/2017 05:57, Ronald F. Guilmette wrote: >> I just installed a fresh 11.1-RELEASE system onto a pristine drive. >> (Be patient with me please. I haven't done this in a long while.) >> >> All seems to be working well, however I noticed the new install option >> to enable a local caching resolver, and I said to myself "Yea! Sounds >> great to me!" So I enabled that. >> >> After the install finished and I booted the new system, I immediately >> got some console errors indicating that the various default NTP servers >> (I also enabled NTP) were not resolving. :-( >> >> So, um, what gives? This particular machine is, for the moment, NAT'd/DHCP'd >> behind my trusty Linksys E4200. Do I need to poke a hole in that so that the >> UDP DNS query replies can actually make it all the way back to this box? >> Or is there something I need to diddle under /etc/unbound that isn't just >> ready to go, out of the box? > > This is something I've observed too -- it's an ordering or timing > problem with the startup scripts -- ie. ntpd(8) gets started before > local_unbound is properly ready to answer queries. > > However, the effect is largely cosmetic. ntpd will complain about > resolving server names on startup, but as soon as unbound gets going, > ntpd should connect and sync up. > > I suspect you were being misled by the other problem you posted about > where ntpd was dying shortly after startup because the clock was way off > -- these error messages are not related to why ntpd is failing. > > As for local_unbound, if you can resolve hostnames into IP numbers 'host > www.freebsd.org' from the command line, then you can be pretty sure > that local_unbound is working OK. local_unbound defaults to using any > resolvers found in /etc/resolv.conf as forwarders -- so if your local > DHCP server says to use a specific resolver, it will -- but you can > override that by setting local_unbound_forwarders in /etc/rc.conf to a > list of IP numbers for the DNS resolvers you'ld like to use. > local_unbound will in fact work perfectly happily without any > forwarders, but there isn't a flag to force that behavior. > > Cheers, > > Matthew unbound has a built-in "root-zone" function which negates the need for a forward-zone: section at all. Is there a rc.conf parameter to enable that function for local_unbound?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59DF6B07.4030102>