Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [bind] very slow startup

    Scheduled Pinned Locked Moved pfSense Packages
    14 Posts 4 Posters 4.2k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG Offline
      Gertjan @raverag
      last edited by

      @raverag said in [bind] very slow startup:

      Any suggestions?

      Yeah, look two lines lower :

      2c574fa7-0b01-480b-9d79-57fcb9856daf-image.png

      😊

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      R 1 Reply Last reply Reply Quote 0
      • R Offline
        raverag @Gertjan
        last edited by raverag

        @gertjan I think is not the same.
        in the issue reported about 9.16_12 (I have 9.16_13) they reported a problem reading configuration.
        in any case creating a link as shown:

        [2.6.0-RELEASE][root@pfSense.home.arpa]/cf: ls -l
        total 4
        drwxr-xr-x  3 root  wheel  512 Mar 28 07:52 conf
        lrwxr-xr-x  1 root  wheel   14 Mar 28 05:43 named -> /var/etc/named
        

        the problem still present.

        GertjanG 1 Reply Last reply Reply Quote 0
        • GertjanG Offline
          Gertjan @raverag
          last edited by

          @raverag
          Take a look to be sure.

          I saw over there : BIND 9.16_12 - and version BIND 9.16_13 - you use 9.16.23

          I'm not using bind myself (on pfSense) but it looks like many versions exists.

          There are some issues about where bind could/should find it's cobbfig :
          Here : /etc/named/
          or here /var/etc/named/
          or somewhere else ? Like here :

          --sysconfdir=/usr/local/etc/namedb'
          

          Your's is complaining that there is noything here :

          Mar 28 07:28:35 pfSense named[41515]: loading configuration from '/etc/namedb/named.conf'
          Mar 28 07:28:35 pfSense named[41515]: open: /etc/namedb/named.conf: file not found

          which seams normal to me, most if not all pfSense settings are in /usr/local/etc or could be in /var/etc/.

          Try the simlink trick.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          R 1 Reply Last reply Reply Quote 0
          • R Offline
            raverag @Gertjan
            last edited by

            @gertjan Thanks
            I've looked into several path (thanks to find) but nothing found.
            It seems that the location /vat/etc/named is dynamically created and populated.

            what I've found to improve the startup is:

            1. created a copy of /var/etc/named (once populated) into /cf/named
            2. using shellcmd start a copy of bind looking the configuration in /cf/named
            3. after the time needed for the initialization the system (re)starts normally bind using /var/etc/named for chroot.

            it's a quick workaround.... but let me able to use dns while pfsense initialize bind...

            1 Reply Last reply Reply Quote 0
            • D Offline
              davetick
              last edited by

              I had the same problem with bind taking an unnecessarily long time to startup. I did the same as you at the start - created a temporary bind configuration, and used rc.custom.local to start it early on in boot - which seemed to work.

              Investigating further, it turned out that the pfsense bind package file (bind.inc) was calling rndc even though named was not running. The timeout in rndc is now 60 seconds (reasonably recent change), so if you have > 1 zone, it will delay by minutes.

              See my other post for a suggested rndc shell wrapper workaround - that checks if named is running first: bind 9.16_13 - rndc delays. If you choose this approach, make sure to move the original rndc binary out of the way first!

              If you want to see more supporting evidence, look at /usr/local/pkg/bind.inc - search for the line

              // Freeze dynamic zones to prevent journal corruption_text
              

              The code calls rndc without checking that named is actually running - with a resulting 60 second timeout for each dynamic zone.

              R G 2 Replies Last reply Reply Quote 2
              • R Offline
                raverag @davetick
                last edited by

                Dear @davetick ,
                you have really found the issue!
                thanks to your feedback.

                1 Reply Last reply Reply Quote 0
                • G Offline
                  gogglespisano @davetick
                  last edited by

                  Thank you @davetick !

                  I've been fighting the BIND startup with no success until I found your post.

                  I have ~25 zones and it seemed like it would never start.

                  R 1 Reply Last reply Reply Quote 0
                  • R Offline
                    raverag @gogglespisano
                    last edited by raverag

                    @gogglespisano as @davetick suggested the fix for me was rename
                    /usr/local/sbin/rndc in /usr/local/sbin/rndc.orig and create a new /usr/local/sbin/rndc:

                    #!/bin/sh
                    if [ -n "`/bin/ps auxw | /usr/bin/grep "[n]amed " | /usr/bin/awk '{print $2}'`" ]; then
                            /usr/local/sbin/rndc.orig "$@"
                    fi
                    

                    don't forget to add permission +x to the new /usr/local/sbin/rndc and remember to do it again in case of future upgrade.

                    1 Reply Last reply Reply Quote 0
                    • G Offline
                      gogglespisano
                      last edited by

                      Based on @davetick workaround, I've summitted a pull request to fix this problem and also make the BIND widget work again. It would work on an upgrade that still had the old /cf/named/ folder, but would fail on a new install of 2.6.

                      The code is at https://github.com/pfsense/FreeBSD-ports/pull/1163/files/

                      I've also attached a patch file. Please test it and let me know if you have any problems or you can comment in the pull request or associated bugs.

                      1163.patch

                      G 1 Reply Last reply Reply Quote 1
                      • G Offline
                        gogglespisano @gogglespisano
                        last edited by

                        BIND 9.16_17 has been released with the patch

                        D 1 Reply Last reply Reply Quote 1
                        • D Offline
                          davetick @gogglespisano
                          last edited by

                          Awesome work ! Have had a look and seems to have combined a number of really good fixes. RC start/stop, bind.inc rndc calls - all looking good.

                          Deployed to test instance performing really fine, will test/break/play for a few days more before deploying to prod, however a nice solid fix - thanks @gogglespisano ,

                          So nice to have reasonable boot time without hacky workaround

                          :-)

                          G 1 Reply Last reply Reply Quote 1
                          • G Offline
                            gogglespisano @davetick
                            last edited by

                            Thanks @davetick. It was your post that got me pointed in the right direction.

                            R 1 Reply Last reply Reply Quote 1
                            • R Offline
                              raverag @gogglespisano
                              last edited by

                              @gogglespisano good job! i've tested in my environment and it works properly

                              1 Reply Last reply Reply Quote 1
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.