From owner-freebsd-net@freebsd.org Mon Jun 15 12:57:17 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 632AD333622 for ; Mon, 15 Jun 2020 12:57:17 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 49lrvd1LFvz4YKf for ; Mon, 15 Jun 2020 12:57:17 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: by mailman.nyi.freebsd.org (Postfix) id 2DF75333787; Mon, 15 Jun 2020 12:57:17 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2DBEE333706 for ; Mon, 15 Jun 2020 12:57:17 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49lrvc674sz4YWL; Mon, 15 Jun 2020 12:57:16 +0000 (UTC) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1]) by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 05FCvFSI076655; Mon, 15 Jun 2020 05:57:15 -0700 (PDT) (envelope-from freebsd-rwg@gndrsh.dnsmgr.net) Received: (from freebsd-rwg@localhost) by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 05FCvFgD076654; Mon, 15 Jun 2020 05:57:15 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <202006151257.05FCvFgD076654@gndrsh.dnsmgr.net> Subject: Re: unbound and (isc) dhcpd startup order In-Reply-To: <3ace8441-a59b-8667-ed32-324853360281@FreeBSD.org> To: Andriy Gapon Date: Mon, 15 Jun 2020 05:57:15 -0700 (PDT) CC: Ryan Steinmetz , jaap@NLnetLabs.nl, net@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Rspamd-Queue-Id: 49lrvc674sz4YWL X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:13868, ipnet:69.59.192.0/19, country:US] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jun 2020 12:57:17 -0000 > > I am configuring a small LAN -- mostly a gateway / router for it -- and I am > using unbound for a local DNS and isc-dhcp44-server for DHCP. > I have a few hosts with static IP addresses (for various reasons). > So, in unbound.conf I have an entry like > local-data: "hipster.home.arpa. IN A 192.168.0.222" > and in dhcpd.conf have: > host hipster { > > > hardware ethernet 40:74:e0:xx:xx:xx; > > > fixed-address hipster.home.arpa; > > > } > > I am using a DNS name to avoid hardcoding the same IP address twice. > But obviously this depends on the local DNS server starting before the HDCP > server if they are on the same host / router. > It seems that at the moment there is nothing to ensure that order. > > For the moment I modified rc.d/unbound to add this line: > # BEFORE: dhcpd >From looking at /etc/rc.d/local_unbound we see: # PROVIDE: local_unbound # REQUIRE: FILESYSTEMS defaultroute netwait resolv # BEFORE: NETWORKING # KEYWORD: shutdown What makes it work for that case is the BEFORE: NETWORKING is that line missing for the port version? > I am not sure if this is the best solution and it's something that can be > included into the port. I think that DNS needs to be started before more than just dhcpd, so this is just 1 of many possible cases. This can also be issues with almost any network stuff that wants to do stuff by DNS value, including the networkself. DNS creates a chicken/egg problem in that you may, or may not need the network to resolve names, I have always hated that aspect of it. Modern tooling can help, you use stuff to build your /etc/rc config files that can me run while the network is up and functional so that this entering IP addresses in N places is less painful. I seen no problem in adding a BEFORE: NETWORKING to the port, covering a larger number of casses than your narrow BEFORE: dhcpd. > > On a related note, unbound rc script provides "unbound" service. > I think that maybe it should provide something more generic such as "nameserver" > or "dns-server" (not sure if there is an established name for that). > The reason I am saying this is that, IMO, if unbound is replaced with some other > name server implementation the rc dependency chains should stay the same. I do not see anything in the base system that uses unbound or local_unbound service name, so this looks like it could be straightforward, though there may be some ports that have use of this token. For the blue bikeshed I find that "server" is just noise in the token and that "dns" already has "s" for system, so just "dns" is good with me :-) > Thanks! > -- > Andriy Gapon -- Rod Grimes rgrimes@freebsd.org