On 08/23/15 12:40, Theo de Raadt wrote:
something like this would probably do it, but would be undone anytime
you update
or at least I think it will be undone, but maybe not I don't have any
experience with making changes to it.
--- /etc/rc Sat Aug 22 03:06:56 2015
+++ /etc/rc.new Sun Aug 23 12:27:53 2015
@@ -371,7 +371,7 @@
make_keys
echo -n 'starting early daemons:'
-start_daemon syslogd ldattach pflogd nsd unbound ntpd
+start_daemon syslogd ldattach pflogd isc_named ntpd
start_daemon iscsid isakmpd iked sasyncd ldapd npppd
echo '.'
probably have to add something to /etc/rc.conf.local like
isc_named_flags=YES
On 08/23/15 12:00, George wrote:
Hi guys,
I was wondering if someone might have a hint on how to start isc_name
(on 5.7) earlier than network services like DHCP and NFS. This was OK
for me on 5.6 when it was in base but now I have issues as my configs
are tied to DNS services on the local machine.
I read a bit and fiddled with the rc code, getting failures there, ... I
am maybe not looking in the right place??
Or don't use ISC BIND. Start your migrationg towards unbound / nsd,
which are the new, safer toolkit for DNS.
In my opinion, ISC BIND falls soundly into this catagory:
https://en.wikipedia.org/wiki/Unsafe_at_Any_Speed
As a former corvair owner I guarantee it was perfectly safe while parked.
"general reluctance to spend money on improving safety"
Except in this case, it is not the "manufacturers", but the drivers
failing to spend "time" catching up.
There is a general reluctance by many system administrators to
(a) comprehend that two decades of research has demonstrated the
unsoundness of resource record caching when doing
mixed authoritative + recursive
(b) because it can do do mixed mode, in practice BIND encourages
doing so
(c) in part, NSD and unbound were written to stop that practice
(d) Some of you are sticks in the mud, and deserve to get hurt.
