changes to base system DNS

Kevin Oberman rkoberman at gmail.com
Sun Mar 16 00:01:42 UTC 2014 

On Sat, Mar 15, 2014 at 2:11 PM, Robert Huff <roberthuff at rcn.com> wrote:

> > "rcorder /etc/rc.d/* /usr/local/etc/rc.d/*" on the old and new systems
> > and compare the locations of named vs. local_unbound?
>
>     On the current system, named comes up as number 74.
>     Would someone who uses only unbound report how it works for them?
>     Better yet - someone who's using port.bind?
>
>
> > So it depends on what capability you are looking for as to whether it
> starts earlier or later. (No easy answers here.)
>
>     Short version: this system is authoritative for its zone, so a
> caching-only resolver is no good.
>     Using system bind worked fine; everybody found everything they needed
> at the right time.
>     I don't grok the rcorder system: it is my impression that everything
> in /etc/rc.d is provessed independently and before /usr/local/etc/rc.d.  If
> that's true, then it seems like named might start after things that need
> its services.
>

OK. So you will need a full install of the BIND 9.9 port (dns/bind99).

rcorder(8) an the init system is based on REQUIRE, PROVIDE, and KEYWORD
statements in each file in the rc.d directories. It does this without
respect to what directory the file is in. While by default it searches
/etc/rc.d and /usr/local/etc/rc.d, it can search anywhere that is mounted
if that directory is specified in rc.conf.

There are several psuedo-inits that provide "dividers" between major parts
of the startup including NETWORKING, SERVERS, DAEMON, and FILESYSTEMS. Note
that they are set AFTER the named things have been started, so named will
depend on FILESYSTEMS and SERVERS, but not DAEMONS. These simplify ordering
and are fairly self-explanatory. Most startup scripts list a number of
requires. So the ports version of BIND and the system version both list the
same REQUIREs and PROVIDEs, so will start at about hte same point. (When
more than one file lists the same requirements, the order is not
guaranteed.)

So, if you install BIND, you should see no difference between the old base
BIND and the ports versions, though the order may vary slightly.

Note that the base BIND was chrooted by default. I don't believe that ports
version is on 10, so you really should either chroot it yourself or, better
yet, put it in a jail. I really recommend a jail.
-- 
R. Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com

More information about the freebsd-questions mailing list