Unbound(8) caching resolver no workie on fresh install :-(

Ernie Luzar luzar722 at gmail.com
Thu Oct 12 13:15:56 UTC 2017 

Matthew Seaman wrote:
> On 12/10/2017 05:57, Ronald F. Guilmette wrote:
>> I just installed a fresh 11.1-RELEASE system onto a pristine drive.
>> (Be patient with me please.  I haven't done this in a long while.)
>>
>> All seems to be working well, however I noticed the new install option
>> to enable a local caching resolver, and I said to myself "Yea!  Sounds
>> great to me!"  So I enabled that.
>>
>> After the install finished and I booted the new system, I immediately
>> got some console errors indicating that the various default NTP servers
>> (I also enabled NTP) were not resolving. :-(
>>
>> So, um, what gives?  This particular machine is, for the moment, NAT'd/DHCP'd
>> behind my trusty Linksys E4200.  Do I need to poke a hole in that so that the
>> UDP DNS query replies can actually make it all the way back to this box?
>> Or is there something I need to diddle under /etc/unbound that isn't just
>> ready to go, out of the box?
> 
> This is something I've observed too -- it's an ordering or timing
> problem with the startup scripts -- ie. ntpd(8) gets started before
> local_unbound is properly ready to answer queries.
> 
> However, the effect is largely cosmetic.  ntpd will complain about
> resolving server names on startup, but as soon as unbound gets going,
> ntpd should connect and sync up.
> 
> I suspect you were being misled by the other problem you posted about
> where ntpd was dying shortly after startup because the clock was way off
> -- these error messages are not related to why ntpd is failing.
> 
> As for local_unbound, if you can resolve hostnames into IP numbers 'host
> www.freebsd.org'  from the command line, then you can be pretty sure
> that local_unbound is working OK.  local_unbound defaults to using any
> resolvers found in /etc/resolv.conf as forwarders -- so if your local
> DHCP server says to use a specific resolver, it will -- but you can
> override that by setting local_unbound_forwarders in /etc/rc.conf to a
> list of IP numbers for the DNS resolvers you'ld like to use.
> local_unbound will in fact work perfectly happily without any
> forwarders, but there isn't a flag to force that behavior.
> 
> 	Cheers,
> 
> 	Matthew

unbound has a built-in "root-zone" function which negates the need for a 
forward-zone: section at all. Is there a rc.conf parameter to enable 
that function for local_unbound?

More information about the freebsd-questions mailing list