Now that your OpenBSD machine is running, there are some initial configuration changes you can make to get things tuned up. That's not to say the default settings are bad, but with some small tweaks you can get the machine tailored to your needs.
The following changes are inspired by the information found in the "welcome"
man afterboot. You should give them a read for yourself, especially
if you're on OpenBSD 6.4 or later as it may have more up-to-date information
than is listed here.
dmesg output for the community
First things first, help the OpenBSD community by sending information about your system to the developers so that they can have better insight to the type of hardware being used with OpenBSD.
$ (dmesg; sysctl hw.sensors) | mail -s "dmesg output" firstname.lastname@example.org
Set your installurl
The installurl represents the server from which you will obtain syspatches,
packages, and upgrade binaries. There are many mirrors available and you
should choose one that is closest to you to get the fastest response times. If
there are multiple mirrors near you, send a few pings to them to get an idea of
which one might be faster. Don't forget to test out the cloudflare and fastly
mirrors as well. Once you've identified the fastest mirror, echo it to
$ doas sh -c "echo 'https://cloudflare.cdn.openbsd.org/pub/OpenBSD/' > /etc/installurl"
Since the last release, the developers may have released patches for various
bugs that have been found. The
syspatch(8) utility makes it easy to retrieve
and install them. To see which patches are available, you can use the
otherwise simply issue the
syspatch command to install them automatically.
I like to reboot after this step to ensure all the updates are running
$ doas syspatch $ doas shutdown -r now
Configure timekeeping facilities
The Network Time Procotol can be used to automatically update the clock on your
machine. This is a convenient way to ensure your clock stays in sync and won't
drift over time. First, add the following line in
/etc/rc.conf.local to force
ntpd (the NTP daemon) to synchronize the clock immediately on startup.
Next, visit the NTP Pool Project site to identify NTP servers nearest to
you. On the right-hand side you should see a breakdown by continent, through
which you can drill down to specific server pools. Your country may even have
dedicated pools. With this information you can fill in the
to control how
ntpd gets updates. Using the "servers" (plural) and
"constraints" (plural) keywords ensures that if the URL resolves to multiple IP
addresses, they will all be checked. Don't forget the 's'.
listen on * servers 0.us.pool.ntp.org servers 1.us.pool.ntp.org servers 2.us.pool.ntp.org servers 3.us.pool.ntp.org constraints from "https://www.iso.org" constraints from "https://www.nist.gov" constraints from "https://www.google.com" constraints from "https://www.amazon.com"
The constraints URLs are used as a sanity-check on the values received from your
NTP pools to protect against a man-in-the-middle attack attempting to sabotage
your systems clock. You may choose any HTTPS sites you wish, but a couple
standards organizations and popular sites should do you well. Don't forget to
enclose these constraints URLs in quotes, otherwise
ntpd will yell at you.
Print the contents of
/etc/myname to validate the hostname being used for your
machine. This should be a fully-qualified domain name, not just the hostname. If
it's empty, you can echo your FQDN to it the same way we did for the installurl.
$ cat /etc/myname gridc0.gridc0.com
Verify network interfaces
You can list out the current interface configurations using
ifconfig. Don't be
too alarmed if you see more interfaces than you're expecting.
lo0 is your
enc0 is an encapsulation interface for ipsec, and
is the packet filter logging interface. These are built-in and you can leave
them alone for now.
Setup DNS options
If you wish to use different DNS servers than those provided to you over DHCP,
you can configure them in
/etc/resolv.conf.tail. This file will be appended to
/etc/resolv.conf which is written by your DHCP client (so making changes there
will just get overwritten). If you want to find the DNS servers that are fastest
for you, you could use a tool like GRC's DNS Benchmark. Identify 3 servers
you want to use and add them in place of the IP addresses below in
nameserver <IP address> nameserver <IP address> nameserver <IP address> domain <yourdomain> lookup file bind family ipv4
domain keyword specifies your local domain to allow people on your network
to use hostnames only, rather than the FQDN for a server. The
specifies that the contents of
/etc/hosts will be searched first before
performing a proper DNS query. Lastly, you can indicate that only IPv4 queries
should be performed with the
family keyword. If you use IPv6 as well, don't
include that line.
Reboot and enjoy
To ensure you made the changes correctly, reboot once more. Watch the console output for errors before assuming that the configuration changes were valid.
$ doas shutdown -r now
Now your machine is setup for normal operation - enjoy!
For more detailed information on these utilities or configuration files, you can
pass their names to
$ man ntpd.conf
Or visit their online man pages at the following links