From owner-freebsd-questions@freebsd.org Thu Oct 12 13:15:56 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C067E2942C for ; Thu, 12 Oct 2017 13:15:56 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D8B9B769C7; Thu, 12 Oct 2017 13:15:55 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-it0-x236.google.com with SMTP id j140so6806788itj.1; Thu, 12 Oct 2017 06:15:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=x1FMdAgxp+I19/D/WZbF8CH7WnSGhpuZTsltMxrerbA=; b=OHxkz7Reoq6cwzqoz7IqUXa9xLm9hA9T4D3DgDjoCZFqaXByDoGfa5Vj867SFsIJ1F AI99Jq4K0BiqG266oDbZkQ81RzZxvD0JXUReSwjoJ2wQqw2t2wUofcu2l+ulpB3jG/+E wf6MO1tzLlm3710GuLIVPAKkTxeFuZkO7JMEO6K8SWtA3/vglDynPeHydHo9YqZQB98F MRkIu/v1FR7I0N+k2JiFmMmsgCxEzwyuXLERgy4TmLyMzGaV+zIYQtUYWXhPDjY8oynu 3rsJ6Hhxfs8WumGctTIvN40T55SEI5d5G3Nk9As2ds0l/CEtBFShKobxkwzW7IXMPAOT 7YOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=x1FMdAgxp+I19/D/WZbF8CH7WnSGhpuZTsltMxrerbA=; b=HSaebFEbXLe5ksHEPNDX7Vw8+98JFjBZjwCf9OSQHuMAn+tbyQELbYXw08yvU86Xlr h3Sqs1YgHh9Zh7R4o2oskWmcB0UZrPrqBoh64seTHrFDjVNzyI1JIx3o06J/zZ9mUYPF Xklm9PWgiD7aVWZOHOcX+KDLDd2RpUPjS6HvDBCk+eb3eM7MuOhKeiwz2l5RGCSWxw6S swvRu1NKXP1jywwKMUklgM1BlQ3/adNCLtI27NXmOCdtVJ8XIpfXxnSK06htS2mW+4NP Pf+oZY5g7YH/fSAwEB12eHIhdZB/BYHmyXK1m+VJJ9r2ojiofObVYeBf7ANo6AQyw/cg iL7w== X-Gm-Message-State: AMCzsaXievN7f7AjfY8CC3ZU46P/UoaTCEe8nwbbf0g5RWuVb6FTHrRu Z4uU0U6W7mrCj8S+o12eu90Ltw== X-Google-Smtp-Source: AOwi7QAQX3hcKm6H5alHM7byVjeCPWjtotJ0H8tGS88YCvaHS4X4qC+RYOVlP+6LAYoeZfd3mcG7Fw== X-Received: by 10.36.79.22 with SMTP id c22mr3298668itb.102.1507814155057; Thu, 12 Oct 2017 06:15:55 -0700 (PDT) Received: from [10.0.10.3] (cpe-65-25-55-4.neo.res.rr.com. [65.25.55.4]) by smtp.googlemail.com with ESMTPSA id e89sm102088itd.3.2017.10.12.06.15.54 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 12 Oct 2017 06:15:54 -0700 (PDT) Message-ID: <59DF6B07.4030102@gmail.com> Date: Thu, 12 Oct 2017 09:15:51 -0400 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Matthew Seaman CC: freebsd-questions@freebsd.org Subject: Re: Unbound(8) caching resolver no workie on fresh install :-( References: <1468.1507784248@segfault.tristatelogic.com> <098539ec-6a14-00f3-f5e7-bd197d63e499@FreeBSD.org> In-Reply-To: <098539ec-6a14-00f3-f5e7-bd197d63e499@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Oct 2017 13:15:56 -0000 Matthew Seaman wrote: > On 12/10/2017 05:57, Ronald F. Guilmette wrote: >> I just installed a fresh 11.1-RELEASE system onto a pristine drive. >> (Be patient with me please. I haven't done this in a long while.) >> >> All seems to be working well, however I noticed the new install option >> to enable a local caching resolver, and I said to myself "Yea! Sounds >> great to me!" So I enabled that. >> >> After the install finished and I booted the new system, I immediately >> got some console errors indicating that the various default NTP servers >> (I also enabled NTP) were not resolving. :-( >> >> So, um, what gives? This particular machine is, for the moment, NAT'd/DHCP'd >> behind my trusty Linksys E4200. Do I need to poke a hole in that so that the >> UDP DNS query replies can actually make it all the way back to this box? >> Or is there something I need to diddle under /etc/unbound that isn't just >> ready to go, out of the box? > > This is something I've observed too -- it's an ordering or timing > problem with the startup scripts -- ie. ntpd(8) gets started before > local_unbound is properly ready to answer queries. > > However, the effect is largely cosmetic. ntpd will complain about > resolving server names on startup, but as soon as unbound gets going, > ntpd should connect and sync up. > > I suspect you were being misled by the other problem you posted about > where ntpd was dying shortly after startup because the clock was way off > -- these error messages are not related to why ntpd is failing. > > As for local_unbound, if you can resolve hostnames into IP numbers 'host > www.freebsd.org' from the command line, then you can be pretty sure > that local_unbound is working OK. local_unbound defaults to using any > resolvers found in /etc/resolv.conf as forwarders -- so if your local > DHCP server says to use a specific resolver, it will -- but you can > override that by setting local_unbound_forwarders in /etc/rc.conf to a > list of IP numbers for the DNS resolvers you'ld like to use. > local_unbound will in fact work perfectly happily without any > forwarders, but there isn't a flag to force that behavior. > > Cheers, > > Matthew unbound has a built-in "root-zone" function which negates the need for a forward-zone: section at all. Is there a rc.conf parameter to enable that function for local_unbound?