Re: ntpd can hang on boot

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Jan Stary

Date: Saturday, September 6, 2008 - 11:50 am

On Sep 06 13:08:33, Peter Fraser wrote:
quoted text> ntpd hangs and cannot be interrupted. The only way to continue is to do a
> hardware reset.

Doesn't it time out eventually?

quoted text> As an aside, it was on my firewall. My firewall makes use of my dns which is
> on the inside of my network, but during the booting process the pf.conf cannot
> refer to a dns name that are define on the outside.

Use IP addresses in pf.conf, not names.

quoted text> The startup pf.conf built into /etc/rc

There is no "startup pf.conf built into /etc/rc"

quoted text> allows dns requests originating from machine being booted only.

The default is to NOT run pf at all, so it allows everything.

quoted text> For an external name, my dns has to pass a request though the firewall to the
> outside dns server. That cannot be done until the system is fully booted,

Whether "the system" is the inside dns client or the firewall, this is not
necessarily true. As soon as the firewall routes packets and does NAT
correctly, inside machine can use it as a gateway (while other
processes are still starting on the firewall).

If I read /etc/rc right, pf is already running when booting gets to ntpd.

quoted text> The solutions are:
> 1) don't use any external dns names in your pf.conf

Don't use ANY names in pf.conf

quoted text> 2) have three stage bootstrap of pf,
>    First stage, the code in /etc/rc
>    Second stage, /etc/rc.conf.local has pf.conf to allow the inside
> nameservers to pass though
>    Third stage, /etc/rc.local has code to set the final pf.conf file

No. Set pf.conf to do what you want, allow pf in rc.conf.local,
and let /etc/rc do the rest as it's supposed to.

quoted text> 3) put all external dns names in tables that have their contents
>    defined in /etc/rc.local (this is the one I currently use)

That is, duplicate external DNS information locally? No.

quoted text> 4) Modify /etc/rc

Whoa, stop right here!

quoted text> to allow pass through of dns requests.
>    The ones that should be allowed pass though would be the nameservers
>    defined in /etc/resolv.conf (this is what I would like)

Setting up your firewall happens in pf.conf, NOT in /etc/rc.
You should never touch /etc/rc.

	Jan

(You _have_ read man rc, right?)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

ntpd can hang on boot, Peter Fraser, (Sat Sep 6, 10:08 am)

Re: ntpd can hang on boot, Jan Stary, (Sat Sep 6, 11:50 am)

Re: ntpd can hang on boot, Peter Fraser, (Sat Sep 6, 12:48 pm)

Re: ntpd can hang on boot, David Higgs, (Sat Sep 6, 2:01 pm)

Re: ntpd can hang on boot, Peter Fraser, (Sat Sep 6, 2:26 pm)

Re: ntpd can hang on boot, Philip Guenther, (Sat Sep 6, 2:41 pm)

Re: ntpd can hang on boot, Frank Bax, (Sat Sep 6, 2:49 pm)

Re: ntpd can hang on boot, Peter Fraser, (Mon Sep 8, 6:57 am)

Re: ntpd can hang on boot, Peter Fraser, (Mon Sep 8, 7:11 am)

Re: ntpd can hang on boot, Giancarlo Razzolini, (Tue Sep 9, 11:53 am)

Re: ntpd can hang on boot, Henning Brauer, (Wed Sep 10, 1:29 am)

Re: ntpd can hang on boot, Jordi Espasa Clofent, (Wed Sep 10, 3:00 am)

Re: ntpd can hang on boot, Giancarlo Razzolini, (Wed Sep 10, 6:38 am)

Re: ntpd can hang on boot, Henning Brauer, (Wed Sep 10, 7:37 am)

Re: ntpd can hang on boot, Giancarlo Razzolini, (Wed Sep 10, 7:56 am)

Re: ntpd can hang on boot, Henning Brauer, (Thu Sep 11, 3:21 am)

Re: ntpd can hang on boot, Aaron Stellman, (Thu Sep 11, 2:46 pm)

Re: ntpd can hang on boot, Henning Brauer, (Fri Sep 12, 2:53 am)

Navigation

Popular discussions


linux-kernel:
Dave Jones	Re: OT: character encodings (was: Linux 2.6.20-rc4)
Greg Kroah-Hartman	[PATCH 17/36] sysdev: detect multiple driver registrations
Sam Ravnborg	Re: [PATCH] kbuild: fix make V=1
Nick Piggin	Re: [PATCH 0/24] make atomic_read() behave consistently across all architectures
Greg Kroah-Hartman	[PATCH 16/36] driver core: cpu: fix section mismatch in cpu.c:store_online
git:
Stephen R. van den Berg	Re: [RFC] origin link for cherry-pick and revert
Junio C Hamano	Re: [PATCH 1/2] Teach git-describe to display distances from tags.
Johannes Schindelin	Re: [PATCH 2/2] git-svn: support fetch with autocrlf on
fantasy1215	Will tortoisesvn conflict with tortoisegit?
Junio C Hamano	Re: [PATCH 6/6] Teach core object handling functions about gitlinks
linux-netdev:
Jarek Poplawski	Re: [PATCH] flush_work_sync vs. flush_scheduled_work Re: [PATCH] PHYLIB: IRQ event...
Lennert Buytenhek	Re: Distributed Switch Architecture(DSA)
Daniel Schaffrath	Re: tcp bw in 2.6
Guo-Fu Tseng	Re: jme: UDP checksum error, and lots of them
Gerrit Renker	[PATCH 37/37] dccp: Debugging functions for feature negotiation
openbsd-misc:
Claudio Jeker	Re: Vlan Tag on Vlan Tag (l2tunneling)
Josh Grosse	ssh/sshd challenge-response seems to have stopped working in -current
Pieter Verberne	File collision while using pkg_add
Tomas Bodzar	bsd: uvm_mapent_alloc: out of static map entries
Community First Financial	Teacher A+ Loan
git-commits-head:
Linux Kernel Mailing List	ath9k: Added get_survey callback in order to get channel noise
Linux Kernel Mailing List	tracing: protect reader of cmdline output
Linux Kernel Mailing List	kconfig: recalc symbol value before showing search results
Linux Kernel Mailing List	[ARM] 5185/1: Fix spi num_chipselect for lubbock
Linux Kernel Mailing List	swsusp: provide users with a hint about the no_console_suspend option

Colocation donated by:

Syndicate