14.10.2018 1:17, Dag-Erling Smørgrav wrote:
> Eugene Grosbein writes:
>> Index: sbin/init/rc.d/local_unbound
>> ===
>> --- sbin/init/rc.d/local_unbound(revision 338465)
>> +++ sbin/init/rc.d/local_unbound(working copy
Eugene Grosbein writes:
> Index: sbin/init/rc.d/local_unbound
> ===
> --- sbin/init/rc.d/local_unbound(revision 338465)
> +++ sbin/init/rc.d/local_unbound(working copy)
> @@ -4,8 +4,8 @@
> @@ -4,7 +4,7 @@
> #
>
> # P
14.10.2018 0:21, Dag-Erling Smørgrav wrote:
> Eugene Grosbein writes:
>> Index: sbin/init/rc.d/local_unbound
>> ===
>> --- sbin/init/rc.d/local_unbound(revision 338465)
>> +++ sbin/init/rc.d/local_unbound(working copy
Eugene Grosbein writes:
> Index: sbin/init/rc.d/local_unbound
> ===
> --- sbin/init/rc.d/local_unbound(revision 338465)
> +++ sbin/init/rc.d/local_unbound(working copy)
> @@ -4,8 +4,8 @@
> #
>
> # PROVIDE: local_unbo
13.10.2018 21:16, Dag-Erling Smørgrav wrote:
> Eugene Grosbein writes:
>> Dag-Erling Smørgrav writes:
>>> The local_unbound service was never intended to be started without a
>>> network connection.
>> Then this is regression since ISC BIND removal because it does not
>> have this problem.
>
>
Eugene Grosbein writes:
> Dag-Erling Smørgrav writes:
> > The local_unbound service was never intended to be started without a
> > network connection.
> Then this is regression since ISC BIND removal because it does not
> have this problem.
Unbound is not a replacement for BIND. It serves a dif
13.10.2018 19:13, Dag-Erling Smørgrav wrote:
> The local_unbound service was never intended to be started without a
> network connection.
Then this is regression since ISC BIND removal because it does not have this
problem.
We should deal with the problem so clean install of FreeBSD relying on b
13.10.2018 19:17, Dag-Erling Smørgrav wrote:
> Eugene Grosbein writes:
>> Then local_unbound startup script should be changed to start after
>> netwait script as bare minimum.
>
> It does:
>
> % freebsd-version
> 11.2-RELEASE-p4
> % rcorder /etc/rc.d/* | egrep 'unbound|netwait'
> /etc/rc.d/netw
13.10.2018 18:38, Dag-Erling Smørgrav wrote:
> Eugene Grosbein writes:
>> This nanobsd does not have root.key in its persistent configuration
>> and runs mpd5 from ports as PPPoE client for global connectivity.
>>
>> According to rcorder, /etc/rc.d/local_unbound runs BEFORE: NETWORKING
>> and muc
Just to show that there is no difference between a forwarding setup and
a recursing setup:
# truncate -s0 /etc/resolv.conf
# service local_unbound setup
Performing initial setup.
Extracting forwarders from /etc/resolv.conf.
No forwarders found in resolv.conf, unbound will recurse.
/var/unb
Eugene Grosbein writes:
> Then local_unbound startup script should be changed to start after
> netwait script as bare minimum.
It does:
% freebsd-version
11.2-RELEASE-p4
% rcorder /etc/rc.d/* | egrep 'unbound|netwait'
/etc/rc.d/netwait
/etc/rc.d/local_unbound
although it might be a good idea to
Eugene Grosbein writes:
> Why unbound daemon fails to update root.key after start?
The daemon uses a different bootstrap method than unbound-anchor, and if
I recall correctly, 1.5.10 is unable to self-boostrap when there are two
concurrent KSKs, i.e. phase E of ICANN's operational plan, although
13.10.2018 18:38, Dag-Erling Smørgrav wrote:
> Eugene Grosbein writes:
>> This nanobsd does not have root.key in its persistent configuration
>> and runs mpd5 from ports as PPPoE client for global connectivity.
>>
>> According to rcorder, /etc/rc.d/local_unbound runs BEFORE: NETWORKING
>> and muc
13.10.2018 17:58, Eugene Grosbein wrote:
>> You're supposed to run unbound-anchor *before* starting unbound (and the
>> rc script will automatically do that if /var/unbound/root.key does not
>> exist). What you're seeing now is unbound periodically overwriting
>> root.key with what it has in memo
13.10.2018 3:41, Dag-Erling Smørgrav wrote:
> Eugene Grosbein writes:
>> It seems that 11.2-STABLE still has old unbound version 1.5.10 having
>> no option trust-anchor-signaling.
>>
>> Can it be a reason that my home router running stable/11 r338011 as
>> NanoBSD with stock local_unbound
>> as D
Eugene Grosbein writes:
> This nanobsd does not have root.key in its persistent configuration
> and runs mpd5 from ports as PPPoE client for global connectivity.
>
> According to rcorder, /etc/rc.d/local_unbound runs BEFORE: NETWORKING
> and much earlier then /usr/local/etc/rc.d/mpd5 is started th
13.10.2018 17:16, Dag-Erling Smørgrav wrote:
> Eugene Grosbein writes:
>> The commands "unbound-anchor -vv; cat /var/unbound/root.key" show:
>> [...]
>> ; created by unbound-anchor on Sat Oct 13 14:28:12 2018
>> . IN DS 19036 8 2
>> 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB
Eugene Grosbein writes:
> The commands "unbound-anchor -vv; cat /var/unbound/root.key" show:
> [...]
> ; created by unbound-anchor on Sat Oct 13 14:28:12 2018
> . IN DS 19036 8 2
> 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
> . IN DS 20326 8 2
> E06D44B80B8F1D39A95C0B0D7C65
Here's the thing though, I am unable to reproduce the issue in
11.2-RELEASE (see attached log). Can you send me this tarball:
# tar zcf unbound.tgz /etc/resolv.conf /var/unbound
and also tell me which variables are set, i.e. the output from:
# grep -r unbound /etc/rc.conf*
DES
--
Dag-Erling S
13.10.2018 3:41, Dag-Erling Smørgrav wrote:
> In any case, if unbound-anchor is unable to get and validate the KSK, it
> will fall back to getting it over http (using an unvalidated DNS lookup)
> and verifying the accompanying signature against a hardcoded x509
> certificate which is valid until 2
13.10.2018 3:41, Dag-Erling Smørgrav wrote:
> In any case, if unbound-anchor is unable to get and validate the KSK, it
> will fall back to getting it over http (using an unvalidated DNS lookup)
> and verifying the accompanying signature against a hardcoded x509
> certificate which is valid until 2
I've enabled verbose debug logging for unbound:
$ fgrep unbound /etc/rc.conf
local_unbound_enable="YES"
local_unbound_workdir="/etc/unbound"
local_unbound_flags="-v -v"
Then did "service local_unbound restart" and put resulting log online:
http://www.grosbein.net/freebsd/unbound.log
___
Eugene Grosbein writes:
> It seems that 11.2-STABLE still has old unbound version 1.5.10 having
> no option trust-anchor-signaling.
>
> Can it be a reason that my home router running stable/11 r338011 as
> NanoBSD with stock local_unbound
> as DNS recursive service for LAN stopped working today?
23 matches
Mail list logo
