From owner-freebsd-questions@FreeBSD.ORG Sun Mar 16 00:01:42 2014 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8A3E616E for ; Sun, 16 Mar 2014 00:01:42 +0000 (UTC) Received: from mail-pd0-x233.google.com (mail-pd0-x233.google.com [IPv6:2607:f8b0:400e:c02::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 60D573B4 for ; Sun, 16 Mar 2014 00:01:42 +0000 (UTC) Received: by mail-pd0-f179.google.com with SMTP id w10so4083674pde.10 for ; Sat, 15 Mar 2014 17:01:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=zPrdJDYyDMpsGxkeMBB0kEsxNWkodGqcHQi5inYMnHs=; b=VyeM+33HtxAKcJFLQNnhkTV64Zm6xP/z/9efOVgFs0cVCqehzXMtCRFQOMtEliLdIQ F0Fw65S+RRkJdmQMAOzyUzpPD0WMgqw3AXUEOtBaE/+5RprgzAgQjYXpmg7JrBHIrIIu iuMTAFqmDvjAO/kLu6dnyZqzlQaTIPhLqs8p+tSPg4aB+ARylW9WRkzWDLDdX3EGq39x NF/laK+/AzIBSutYM6yKYOshUA56U2rjQKX3YflEq/lt27rTobe6EAhBQlMU5GxxSs5V sOZj4DeSrQkf/PE36Dk6moxrs4m/ANUk8IDlYGxYazH87tFBNpZzlOzl0vCTWVvSGD0I rX/Q== MIME-Version: 1.0 X-Received: by 10.66.142.170 with SMTP id rx10mr17389776pab.117.1394928102047; Sat, 15 Mar 2014 17:01:42 -0700 (PDT) Sender: kob6558@gmail.com Received: by 10.66.0.164 with HTTP; Sat, 15 Mar 2014 17:01:41 -0700 (PDT) In-Reply-To: <5324C1E9.6040802@rcn.com> References: <5324C1E9.6040802@rcn.com> Date: Sat, 15 Mar 2014 17:01:41 -0700 X-Google-Sender-Auth: Hl5uOUOjusLUaE66-mRL4SmINmo Message-ID: Subject: Re: changes to base system DNS From: Kevin Oberman To: Robert Huff Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Mar 2014 00:01:42 -0000 On Sat, Mar 15, 2014 at 2:11 PM, Robert Huff wrote: > > "rcorder /etc/rc.d/* /usr/local/etc/rc.d/*" on the old and new systems > > and compare the locations of named vs. local_unbound? > > On the current system, named comes up as number 74. > Would someone who uses only unbound report how it works for them? > Better yet - someone who's using port.bind? > > > > So it depends on what capability you are looking for as to whether it > starts earlier or later. (No easy answers here.) > > Short version: this system is authoritative for its zone, so a > caching-only resolver is no good. > Using system bind worked fine; everybody found everything they needed > at the right time. > I don't grok the rcorder system: it is my impression that everything > in /etc/rc.d is provessed independently and before /usr/local/etc/rc.d. If > that's true, then it seems like named might start after things that need > its services. > OK. So you will need a full install of the BIND 9.9 port (dns/bind99). rcorder(8) an the init system is based on REQUIRE, PROVIDE, and KEYWORD statements in each file in the rc.d directories. It does this without respect to what directory the file is in. While by default it searches /etc/rc.d and /usr/local/etc/rc.d, it can search anywhere that is mounted if that directory is specified in rc.conf. There are several psuedo-inits that provide "dividers" between major parts of the startup including NETWORKING, SERVERS, DAEMON, and FILESYSTEMS. Note that they are set AFTER the named things have been started, so named will depend on FILESYSTEMS and SERVERS, but not DAEMONS. These simplify ordering and are fairly self-explanatory. Most startup scripts list a number of requires. So the ports version of BIND and the system version both list the same REQUIREs and PROVIDEs, so will start at about hte same point. (When more than one file lists the same requirements, the order is not guaranteed.) So, if you install BIND, you should see no difference between the old base BIND and the ports versions, though the order may vary slightly. Note that the base BIND was chrooted by default. I don't believe that ports version is on 10, so you really should either chroot it yourself or, better yet, put it in a jail. I really recommend a jail. -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com