From nobody Sun Apr 07 17:21:22 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VCJt82SzCz5HBcw for ; Sun, 7 Apr 2024 17:21:36 +0000 (UTC) (envelope-from lumiwa@dismail.de) Received: from mx2.dismail.de (mx2.dismail.de [159.69.191.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4VCJt72yPrz4NF5 for ; Sun, 7 Apr 2024 17:21:35 +0000 (UTC) (envelope-from lumiwa@dismail.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=dismail.de header.s=20190914 header.b=FicZOuOc; dmarc=pass (policy=reject) header.from=dismail.de; spf=pass (mx1.freebsd.org: domain of lumiwa@dismail.de designates 159.69.191.136 as permitted sender) smtp.mailfrom=lumiwa@dismail.de Received: from mx2.dismail.de (localhost [127.0.0.1]) by mx2.dismail.de (OpenSMTPD) with ESMTP id 026ec56a for ; Sun, 7 Apr 2024 19:21:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date:from :to:subject:message-id:mime-version:content-type :content-transfer-encoding; s=20190914; bh=19cygP/lltnIjTt2r7L21 ZCjICwVnFQow5FNfQNvQKA=; b=FicZOuOcLdO0o1N8ld982GNq4SpVMzeaKfJU7 t8oKH6hlOMBWiBNWHMYHa/7c8ton8hPR4Jb5LYXJz7HB5+WFTHMYEpLXNyW/HGoM kdAGJMki8mv5awE0gqXWQY/US4iZvX1U1J/iWZErMQnI43K3VIh0nEtE/SiLaBh2 0v5L6VoO/w876rYelBbP2gSeWIUIqYaTeYtF5l1kMFeUzewd80PL6xPh+z8hv1QC b2NntzEgkkWMimHKpt5LG3/Al+LwhcvEs1yfZs5IXq066//Z/Qc64yzwHbas5n1O ozbxbwcRbk+DxvTRFM3HsefwgTZDpcVlpL5LgC7E9kDp72Trg== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx2.dismail.de (OpenSMTPD) with ESMTP id b0b0aac2 for ; Sun, 7 Apr 2024 19:21:31 +0200 (CEST) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 39424463 for ; Sun, 7 Apr 2024 19:21:31 +0200 (CEST) Received: by dismail.de (OpenSMTPD) with ESMTPSA id c778172b (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Sun, 7 Apr 2024 19:21:29 +0200 (CEST) Date: Sun, 7 Apr 2024 13:21:22 -0400 From: LuMiWa To: FreeBSD Questions Subject: unbound Message-ID: <20240407132122.4df71b31@dismail.de> X-Mailer: Claws Mail 3.19.1 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.69 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DWL_DNSWL_LOW(-1.00)[dismail.de:dkim]; NEURAL_HAM_SHORT(-0.99)[-0.992]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DMARC_POLICY_ALLOW(-0.50)[dismail.de,reject]; R_DKIM_ALLOW(-0.20)[dismail.de:s=20190914]; RCVD_IN_DNSWL_MED(-0.20)[159.69.191.136:from]; R_SPF_ALLOW(-0.20)[+ip4:159.69.191.136]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:159.69.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[dismail.de:+] X-Rspamd-Queue-Id: 4VCJt72yPrz4NF5 Hi! I have unbound from ports on FreeBSD 14.0 which I use for DNS over TLS. In /etc/resov.conf I have=20 nameserver 127.0.0.1 options edns0 and in /usr/loca/etc/unbound/unbound.conf I have server: port:53 directory: /usr/local/etc/unbound username: unbound chroot: /usr/local/etc/unbound=20 tls-cert-bundle: /etc/ssl/cert.pem module-config: "validator iterator"=20 access-control: 127.0.0.1/8 allow =20 .... .... forward-zone:=20 name: "."=20 forward-tls-upstream: yes forward-first: no forward-addr: 9.9.9.9@853#dns.quad9.net=20 forward-addr: 149.112.112.112@853#dns.quad9.net And it doesn't works but google, cloadflare have not problem. Than I added auto-trust-anchor-file: And start works except claws-mail. I am using IPFW firewal, default workstation and it blocks ipfw: 65500 Deny TCP 149.112.112.112:853 192.168.1.194:18760 in via lagg0 ipfw: 65500 Deny TCP 9.9.9.9:853 192.168.1.194:15141 in via lagg0 What should be the reason, please? Thank you. --=20 "If you can't explain it to a six year old, you don't understand it yourself." =E2=80=94 Albert Einstein