Created attachment 149341 [details] add # BEFORE: local_unbound to files/dnscrypt-proxy.in A 10.x system running dns/dnscrypt_proxy as a forwarder for a local_unbound cache hang because some services (e.g. ntpd or sysutils/bsdstats) can't resolve hostnames until dns/dnscrypt_proxy has started. The attached patch adds # BEFORE: local_unbound to files/dnscrypt-proxy.in. Is a warning required here since things work differently (named on 9.x, local_unbound on 10.x)? bdrewery mentioned a warning might be useful.
Maintainer CC'd
Using "BEFORE: local_unbound" or "BEFORE: named" should be OK. You might even get away with "BEFORE: local_unbound named", but check that rcorder doesn't complain when only one of them exists. Unfortunately, this will not work in a jail, because /etc/rc sets early_late_divider to NETWORKING (which comes after local_unbound) instead of FILESYSTEMS. From the revision history for /etc/rc, this seems to be at least partly my fault; I should have removed that logic in r168283. You can work around it by setting early_late_divider to something else, e.g. netif: # echo early_late_divider=netif >>/etc/rc.conf
I'll take it.
# BEFORE: named local_unbound unbound should work for anyone running dns/dnscrypt_proxy as a forwarder for a unbound cache whether it's local_unbound on 10+ or the dns/unbound on 9.x. I tested this on 9.3 and 10.1 and there were no problems. I didn't test in a jail.
A commit references this bug: Author: des Date: Mon Dec 1 12:30:00 UTC 2014 New revision: 275360 URL: https://svnweb.freebsd.org/changeset/base/275360 Log: The early-late divider was originally set to mountcritlocal. Since that service does not run in jails, it was necessary to change it to something else when jailed, and NETWORKING was arbitrarily chosen. The divider was later moved to FILESYSTEMS when it was introduced, but the logic to change it to NETWORKING when jailed remained. Remove it, as it no longer serves any purpose. PR: 194975 MFC after: 1 week Changes: head/etc/rc
A commit references this bug: Author: xmj Date: Tue Dec 2 09:21:51 UTC 2014 New revision: 373758 URL: https://svnweb.freebsd.org/changeset/ports/373758 Log: dns/dnscrypt-proxy: start before unbound - To prevent hanging on 10.x systems which ship with unbound and depend on DNS resolving, start dnscrypt-proxy before unbound. - Bump PORTREVISION PR: 194975 Differential Revision: https://reviews.freebsd.org/D1249 Submitted by: Joseph Mingrone <jrm@ftfl.ca> Approved by: koobs (mentor) Changes: head/dns/dnscrypt-proxy/Makefile head/dns/dnscrypt-proxy/files/dnscrypt-proxy.in
Committed, thanks!