Date: Mon, 15 Jun 2020 05:57:15 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Andriy Gapon <avg@freebsd.org> Cc: Ryan Steinmetz <zi@freebsd.org>, jaap@NLnetLabs.nl, net@freebsd.org Subject: Re: unbound and (isc) dhcpd startup order Message-ID: <202006151257.05FCvFgD076654@gndrsh.dnsmgr.net> In-Reply-To: <3ace8441-a59b-8667-ed32-324853360281@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> I am configuring a small LAN -- mostly a gateway / router for it -- and I am
> using unbound for a local DNS and isc-dhcp44-server for DHCP.
> I have a few hosts with static IP addresses (for various reasons).
> So, in unbound.conf I have an entry like
> local-data: "hipster.home.arpa. IN A 192.168.0.222"
> and in dhcpd.conf have:
> host hipster {
>
>
> hardware ethernet 40:74:e0:xx:xx:xx;
>
>
> fixed-address hipster.home.arpa;
>
>
> }
>
> I am using a DNS name to avoid hardcoding the same IP address twice.
> But obviously this depends on the local DNS server starting before the HDCP
> server if they are on the same host / router.
> It seems that at the moment there is nothing to ensure that order.
>
> For the moment I modified rc.d/unbound to add this line:
> # BEFORE: dhcpd
>From looking at /etc/rc.d/local_unbound we see:
# PROVIDE: local_unbound
# REQUIRE: FILESYSTEMS defaultroute netwait resolv
# BEFORE: NETWORKING
# KEYWORD: shutdown
What makes it work for that case is the BEFORE: NETWORKING is that
line missing for the port version?
> I am not sure if this is the best solution and it's something that can be
> included into the port.
I think that DNS needs to be started before more than just dhcpd,
so this is just 1 of many possible cases. This can also be issues
with almost any network stuff that wants to do stuff by DNS value,
including the networkself. DNS creates a chicken/egg problem in
that you may, or may not need the network to resolve names, I have
always hated that aspect of it. Modern tooling can help, you use
stuff to build your /etc/rc config files that can me run while the
network is up and functional so that this entering IP addresses in
N places is less painful.
I seen no problem in adding a BEFORE: NETWORKING to the port, covering
a larger number of casses than your narrow BEFORE: dhcpd.
>
> On a related note, unbound rc script provides "unbound" service.
> I think that maybe it should provide something more generic such as "nameserver"
> or "dns-server" (not sure if there is an established name for that).
> The reason I am saying this is that, IMO, if unbound is replaced with some other
> name server implementation the rc dependency chains should stay the same.
I do not see anything in the base system that uses unbound or local_unbound
service name, so this looks like it could be straightforward, though there
may be some ports that have use of this token.
For the blue bikeshed I find that "server" is just noise in the token
and that "dns" already has "s" for system, so just "dns" is good with me :-)
> Thanks!
> --
> Andriy Gapon
--
Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006151257.05FCvFgD076654>