Bug 194975 - dns/dnscrypt-proxy should start before local_unbound
Summary: dns/dnscrypt-proxy should start before local_unbound
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Johannes Jost Meixner
Depends on:
Reported: 2014-11-12 22:20 UTC by Joseph Mingrone
Modified: 2014-12-02 09:23 UTC (History)
3 users (show)

See Also:
jrm: maintainer-feedback? (freebsd)

add # BEFORE: local_unbound to files/dnscrypt-proxy.in (329 bytes, patch)
2014-11-12 22:20 UTC, Joseph Mingrone
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Mingrone freebsd_committer 2014-11-12 22:20:58 UTC
Created attachment 149341 [details]
add # BEFORE: local_unbound to files/dnscrypt-proxy.in

A 10.x system running dns/dnscrypt_proxy as a forwarder for a local_unbound cache hang because some services (e.g. ntpd or sysutils/bsdstats) can't resolve hostnames until dns/dnscrypt_proxy has started.  The attached patch adds 

# BEFORE: local_unbound

to files/dnscrypt-proxy.in.

Is a warning required here since things work differently (named on 9.x, local_unbound on 10.x)?  bdrewery mentioned a warning might be useful.
Comment 1 Bugzilla Automation freebsd_committer 2014-11-12 22:20:58 UTC
Maintainer CC'd
Comment 2 Dag-Erling Smørgrav freebsd_committer 2014-11-26 11:01:09 UTC
Using "BEFORE: local_unbound" or "BEFORE: named" should be OK.  You
might even get away with "BEFORE: local_unbound named", but check that
rcorder doesn't complain when only one of them exists.

Unfortunately, this will not work in a jail, because /etc/rc sets
early_late_divider to NETWORKING (which comes after local_unbound)
instead of FILESYSTEMS.  From the revision history for /etc/rc, this
seems to be at least partly my fault; I should have removed that logic
in r168283.  You can work around it by setting early_late_divider to
something else, e.g. netif:

# echo early_late_divider=netif >>/etc/rc.conf
Comment 3 Johannes Jost Meixner freebsd_committer 2014-11-26 11:23:12 UTC
I'll take it.
Comment 4 Joseph Mingrone freebsd_committer 2014-11-29 23:04:49 UTC
# BEFORE: named local_unbound unbound

should work for anyone running dns/dnscrypt_proxy as a forwarder for a unbound cache whether it's local_unbound on 10+ or the dns/unbound on 9.x.

I tested this on 9.3 and 10.1 and there were no problems.  I didn't test in a jail.
Comment 5 commit-hook freebsd_committer 2014-12-01 12:30:11 UTC
A commit references this bug:

Author: des
Date: Mon Dec  1 12:30:00 UTC 2014
New revision: 275360
URL: https://svnweb.freebsd.org/changeset/base/275360

  The early-late divider was originally set to mountcritlocal.  Since that
  service does not run in jails, it was necessary to change it to something
  else when jailed, and NETWORKING was arbitrarily chosen.  The divider was
  later moved to FILESYSTEMS when it was introduced, but the logic to change
  it to NETWORKING when jailed remained.  Remove it, as it no longer serves
  any purpose.

  PR:		194975
  MFC after:	1 week

Comment 6 commit-hook freebsd_committer 2014-12-02 09:21:52 UTC
A commit references this bug:

Author: xmj
Date: Tue Dec  2 09:21:51 UTC 2014
New revision: 373758
URL: https://svnweb.freebsd.org/changeset/ports/373758

  dns/dnscrypt-proxy: start before unbound

  - To prevent hanging on 10.x systems which ship with unbound and depend on
    DNS resolving, start dnscrypt-proxy before unbound.

  PR:		194975
  Differential Revision:	https://reviews.freebsd.org/D1249
  Submitted by:	Joseph Mingrone <jrm@ftfl.ca>
  Approved by:	koobs (mentor)

Comment 7 Johannes Jost Meixner freebsd_committer 2014-12-02 09:23:48 UTC
Committed, thanks!