[bind] very slow startup
-
@gertjan Thanks
I've looked into several path (thanks to find) but nothing found.
It seems that the location /vat/etc/named is dynamically created and populated.what I've found to improve the startup is:
- created a copy of /var/etc/named (once populated) into /cf/named
- using shellcmd start a copy of bind looking the configuration in /cf/named
- after the time needed for the initialization the system (re)starts normally bind using /var/etc/named for chroot.
it's a quick workaround.... but let me able to use dns while pfsense initialize bind...
-
I had the same problem with bind taking an unnecessarily long time to startup. I did the same as you at the start - created a temporary bind configuration, and used rc.custom.local to start it early on in boot - which seemed to work.
Investigating further, it turned out that the pfsense bind package file (bind.inc) was calling rndc even though named was not running. The timeout in rndc is now 60 seconds (reasonably recent change), so if you have > 1 zone, it will delay by minutes.
See my other post for a suggested rndc shell wrapper workaround - that checks if named is running first: bind 9.16_13 - rndc delays. If you choose this approach, make sure to move the original rndc binary out of the way first!
If you want to see more supporting evidence, look at /usr/local/pkg/bind.inc - search for the line
// Freeze dynamic zones to prevent journal corruption_textThe code calls rndc without checking that named is actually running - with a resulting 60 second timeout for each dynamic zone.
-
Dear @davetick ,
you have really found the issue!
thanks to your feedback. -
Thank you @davetick !
I've been fighting the BIND startup with no success until I found your post.
I have ~25 zones and it seemed like it would never start.
-
@gogglespisano as @davetick suggested the fix for me was rename
/usr/local/sbin/rndc in /usr/local/sbin/rndc.orig and create a new /usr/local/sbin/rndc:#!/bin/sh if [ -n "`/bin/ps auxw | /usr/bin/grep "[n]amed " | /usr/bin/awk '{print $2}'`" ]; then /usr/local/sbin/rndc.orig "$@" fidon't forget to add permission +x to the new /usr/local/sbin/rndc and remember to do it again in case of future upgrade.
-
Based on @davetick workaround, I've summitted a pull request to fix this problem and also make the BIND widget work again. It would work on an upgrade that still had the old /cf/named/ folder, but would fail on a new install of 2.6.
The code is at https://github.com/pfsense/FreeBSD-ports/pull/1163/files/
I've also attached a patch file. Please test it and let me know if you have any problems or you can comment in the pull request or associated bugs.
-
BIND 9.16_17 has been released with the patch
-
Awesome work ! Have had a look and seems to have combined a number of really good fixes. RC start/stop, bind.inc rndc calls - all looking good.
Deployed to test instance performing really fine, will test/break/play for a few days more before deploying to prod, however a nice solid fix - thanks @gogglespisano ,
So nice to have reasonable boot time without hacky workaround
:-)
-
Thanks @davetick. It was your post that got me pointed in the right direction.
-
@gogglespisano good job! i've tested in my environment and it works properly