DNS KSK rollover, local_unbound and 11.2-STABLE
Eugene Grosbein
eugen at grosbein.net
Sat Oct 13 11:43:37 UTC 2018
13.10.2018 17:58, Eugene Grosbein wrote:
>> You're supposed to run unbound-anchor *before* starting unbound (and the
>> rc script will automatically do that if /var/unbound/root.key does not
>> exist). What you're seeing now is unbound periodically overwriting
>> root.key with what it has in memory.
>
> This nanobsd does not have root.key in its persistent configuration
> and runs mpd5 from ports as PPPoE client for global connectivity.
>
> According to rcorder, /etc/rc.d/local_unbound runs BEFORE: NETWORKING
> and much earlier then /usr/local/etc/rc.d/mpd5 is started that REQUIRES: SERVERS
>
> So, local_unbound startup script has no chance to update root.key with unbound-anchor
> and the unbound daemon starts with no root.key at all.
I've changed startup script of mpd5 to settings like /etc/rc.d/ppp has
and now it starts before local_unbound but that does not help
because mpd5 runs PPPoE client connection in background and
it takes upto 3 seconds to establish PPPoE, so local_unbound still starts "too early".
And I cannot use "netwait" because local_unbound starts before /etc/rc.d/netwait too.
More information about the freebsd-net
mailing list