pfSense

This occurs when:

• an LDAP authentication server is selected under User Manager > Settings > Authentication Server
• the selected LDAP server is configured using a FQDN rather than an IP address
• the FQDN of the LDAP server is not configured as an override in the DNS resolver and therefore is not in the /etc/hosts file.

The userlog show a delay of around 5 minutes per user:

2016-05-19 10:58:21 [unknown:usermod] root(0):wheel(0):Charlie &:/root:/bin/sh
2016-05-19 10:58:21 [unknown:useradd] admin(0):wheel(0):System Administrator:/root:/etc/rc.initial
2016-05-19 10:58:21 [unknown:useradd] admin(0) home /root made
2016-05-19 11:03:23 [unknown:useradd] xxxxx(2001):nobody(65534):X XXXX:/home/xxxxx:/sbin/nologin
2016-05-19 11:03:23 [unknown:useradd] xxxxx(2001) home /home/xxxxx made
2016-05-19 11:08:23 [unknown:useradd] yyyyy(2002):nobody(65534):Y YYYY:/home/yyyyy:/sbin/nologin
2016-05-19 11:08:23 [unknown:useradd] yyyyy(2002) home /home/yyyyy made
2016-05-19 11:13:24 [unknown:useradd] zzzzz(2003):nobody(65534):Z ZZZZ:/home/zzzzz:/sbin/nologin
2016-05-19 11:13:24 [unknown:useradd] zzzzz(2003) home /home/zzzzz made
...

This seemed to start immediately after an upgrade from 2.3.0 to 2.3.1, however I cannot see any difference in the relevant startup order between these versions so I am unsure why I haven't encountered it previously.

It would make sense however to have the DNS resolver available before any code involving DNS queries.

ie. could/should rc.bootup run these

/* start dnsmasq service */
services_dnsmasq_configure();

/* start unbound service */
services_unbound_configure();

ahead of this:

echo "Synchronizing user settings...";
local_sync_accounts();