On Sun, 23 Aug 2015 12:49:20 -0500 Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
> On 08/23/15 12:40, Theo de Raadt wrote: > >> something like this would probably do it, but would be undone > >> anytime you update > or at least I think it will be undone, but maybe not I don't have any > experience with making changes to it. > >> > >> --- /etc/rc Sat Aug 22 03:06:56 2015 > >> +++ /etc/rc.new Sun Aug 23 12:27:53 2015 > >> @@ -371,7 +371,7 @@ > >> make_keys > >> > >> echo -n 'starting early daemons:' > >> -start_daemon syslogd ldattach pflogd nsd unbound ntpd > >> +start_daemon syslogd ldattach pflogd isc_named ntpd > >> start_daemon iscsid isakmpd iked sasyncd ldapd npppd > >> echo '.' > >> > probably have to add something to /etc/rc.conf.local like > isc_named_flags=YES Thanks for taking the time. FYI the 2 changes, above, did not work it still fails starting. I shall look into moving to the other 2 when I get the time. Thank you both. > > >> On 08/23/15 12:00, George wrote: > >>> Hi guys, > >>> > >>> I was wondering if someone might have a hint on how to start > >>> isc_name (on 5.7) earlier than network services like DHCP and > >>> NFS. This was OK for me on 5.6 when it was in base but now I have > >>> issues as my configs are tied to DNS services on the local > >>> machine. > >>> > >>> I read a bit and fiddled with the rc code, getting failures > >>> there, ... I am maybe not looking in the right place?? > > Or don't use ISC BIND. Start your migrationg towards unbound / nsd, > > which are the new, safer toolkit for DNS. > > > > In my opinion, ISC BIND falls soundly into this catagory: > > > > https://en.wikipedia.org/wiki/Unsafe_at_Any_Speed > As a former corvair owner I guarantee it was perfectly safe while > parked. > > > "general reluctance to spend money on improving safety" > > > > Except in this case, it is not the "manufacturers", but the drivers > > failing to spend "time" catching up. > > > > There is a general reluctance by many system administrators to > > (a) comprehend that two decades of research has demonstrated > > the unsoundness of resource record caching when doing > > mixed authoritative + recursive > > (b) because it can do do mixed mode, in practice BIND > > encourages doing so > > (c) in part, NSD and unbound were written to stop that practice > > (d) Some of you are sticks in the mud, and deserve to get hurt.