unbound and (isc) dhcpd startup order

Andriy Gapon avg at FreeBSD.org
Mon Jun 15 13:20:29 UTC 2020 

On 15/06/2020 15:57, Rodney W. Grimes wrote:
>>
>> I am configuring a small LAN -- mostly a gateway / router for it -- and I am
>> using unbound for a local DNS and isc-dhcp44-server for DHCP.
>> I have a few hosts with static IP addresses (for various reasons).
>> So, in unbound.conf I have an entry like
>>   local-data: "hipster.home.arpa. IN A 192.168.0.222"
>> and in dhcpd.conf  have:
>>   host hipster {
>>
>>
>>     hardware ethernet 40:74:e0:xx:xx:xx;
>>
>>
>>     fixed-address hipster.home.arpa;
>>
>>
>>  }
>>
>> I am using a DNS name to avoid hardcoding the same IP address twice.
>> But obviously this depends on the local DNS server starting before the HDCP
>> server if they are on the same host / router.
>> It seems that at the moment there is nothing to ensure that order.
>>
>> For the moment I modified rc.d/unbound to add this line:
>>   # BEFORE: dhcpd
> 
>>From looking at /etc/rc.d/local_unbound we see:
> # PROVIDE: local_unbound
> # REQUIRE: FILESYSTEMS defaultroute netwait resolv
> # BEFORE: NETWORKING
> # KEYWORD: shutdown
> 
> What makes it work for that case is the BEFORE: NETWORKING is that
> line missing for the port version?

Yes, it is:
# PROVIDE: unbound
# REQUIRE: SERVERS cleanvar
# KEYWORD: shutdown

If we add BEFORE: NETWORKING then REQUIRE will also have to be adjusted as it's
impossible to be before NETWORKING and after SERVERS.

>> I am not sure if this is the best solution and it's something that can be
>> included into the port.
> 
> I think that DNS needs to be started before more than just dhcpd,
> so this is just 1 of many possible cases.  This can also be issues
> with almost any network stuff that wants to do stuff by DNS value,
> including the networkself.  DNS creates a chicken/egg problem in
> that you may, or may not need the network to resolve names, I have
> always hated that aspect of it.  Modern tooling can help, you use
> stuff to build your /etc/rc config files that can me run while the
> network is up and functional so that this entering IP addresses in
> N places is less painful.
> 
> I seen no problem in adding a BEFORE: NETWORKING to the port, covering
> a larger number of casses than your narrow BEFORE: dhcpd.

I agree.
I hope it doesn't break any currently working configurations too.

>> On a related note, unbound rc script provides "unbound" service.
>> I think that maybe it should provide something more generic such as "nameserver"
>> or "dns-server" (not sure if there is an established name for that).
>> The reason I am saying this is that, IMO, if unbound is replaced with some other
>> name server implementation the rc dependency chains should stay the same.
> 
> I do not see anything in the base system that uses unbound or local_unbound
> service name, so this looks like it could be straightforward, though there
> may be some ports that have use of this token.
> 
> For the blue bikeshed I find that "server" is just noise in the token
> and that "dns" already has "s" for system, so just "dns" is good with me :-)

That's a good point.
I've just checked bind ports and they use PROVIDE: named
Not sure if "named" here is a bind specific name or a generic one.


-- 
Andriy Gapon

More information about the freebsd-net mailing list