Unbound(8) caching resolver no workie on fresh install :-(
matthew at FreeBSD.org
Thu Oct 12 11:11:31 UTC 2017
On 12/10/2017 05:57, Ronald F. Guilmette wrote:
> I just installed a fresh 11.1-RELEASE system onto a pristine drive.
> (Be patient with me please. I haven't done this in a long while.)
> All seems to be working well, however I noticed the new install option
> to enable a local caching resolver, and I said to myself "Yea! Sounds
> great to me!" So I enabled that.
> After the install finished and I booted the new system, I immediately
> got some console errors indicating that the various default NTP servers
> (I also enabled NTP) were not resolving. :-(
> So, um, what gives? This particular machine is, for the moment, NAT'd/DHCP'd
> behind my trusty Linksys E4200. Do I need to poke a hole in that so that the
> UDP DNS query replies can actually make it all the way back to this box?
> Or is there something I need to diddle under /etc/unbound that isn't just
> ready to go, out of the box?
This is something I've observed too -- it's an ordering or timing
problem with the startup scripts -- ie. ntpd(8) gets started before
local_unbound is properly ready to answer queries.
However, the effect is largely cosmetic. ntpd will complain about
resolving server names on startup, but as soon as unbound gets going,
ntpd should connect and sync up.
I suspect you were being misled by the other problem you posted about
where ntpd was dying shortly after startup because the clock was way off
-- these error messages are not related to why ntpd is failing.
As for local_unbound, if you can resolve hostnames into IP numbers 'host
www.freebsd.org' from the command line, then you can be pretty sure
that local_unbound is working OK. local_unbound defaults to using any
resolvers found in /etc/resolv.conf as forwarders -- so if your local
DHCP server says to use a specific resolver, it will -- but you can
override that by setting local_unbound_forwarders in /etc/rc.conf to a
list of IP numbers for the DNS resolvers you'ld like to use.
local_unbound will in fact work perfectly happily without any
forwarders, but there isn't a flag to force that behaviour.
More information about the freebsd-questions