On Thu, 2018-03-29 at 14:40 +0300, Alexander Bokovoy via FreeIPA-users
wrote:
'DNS' service is starting at level 30
Indeed, quite early in the list.
However, in
some cases a service is unable to properly report to systemd that it
is
able to serve its clients, only that it started.
Indeed. I have considered that case many times in my efforts to get
the dependencies sane here. For services like named, which are
"type=forking" I suspect the most ideal signal is when the parent exits
and leaves the child running, serving the clients.
I am sure there are many daemons that don't follow that. For the case
of named, it seems to be close enough to correct (if not outright
correct) to work.
I don't have any services that depend on nss-lookup.target (which I
have depending on named-pkcs11.service) failing due to name resolution
failures.
But really, when named is actually ready to serve clients is almost
orthogonal. Fixing nss-lookup.target to depend on named-pkcs11.service
at least gets all of this much closer to correct than it is currently.
If there really were some amount of time between named's parent exiting
and named really being ready to serve clients, and it becomes a
critical issue, that can be taken up upstream with the ISC to see if
they can make named's parent exit a bit better behaved.
Or lacking that even, a new service "named-wait-online.service" could
be created that loops, testing named and only exiting once it was
actually serving queries the way NetworkManager-wait-online.service
waits for NM to actually have brought the interfaces online.
Cheers,
b.