FreeBSD 10 + unbound + jail == nothing resolves

Ruben van Staveren ruben at verweg.com
Thu Aug 14 15:17:21 UTC 2014 

Marc,

can you try to disable DNSSEC? 

http://www.unbound.net/documentation/howto_turnoff_dnssec.html

(and add val-log-level: 2)

it might be that your upstream nameserver botches DNSSEC reply. To keep DNSSEC, uncomment inclusion of the generated forwarder configuration and have unbound query the root nameservers itself.

Cheers,
	Ruben
 

On 14 Aug 2014, at 8:48, Marc Fournier <scrappy at hub.org> wrote:

> 
> Before I give up and just install bind (which I’d really like to avoid doing, but it did work out of the box) … has anyone gotten this to run?
> 
> I’ve searched Google, and can find next to nothing  … but I have to be missing something obvious, else I would expect to find loads … or nobody is acutally doing this …
> 
> I tried the simple: 
> 
> add local_unbound_enable=“YES” to rc.conf
> start up the service
> 
> it modifies my /etc/resolv.conf, starts  up, but when I try to ‘drill’ a domain, I get nothing back … checked /var/log/messages, only thing I see is what appears to be the start up:
> 
> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 0: validator
> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 1: iterator
> 
> 
> I’ve even tried running from the command line with ‘-d -vv’, and all I get is:
> 
> /var/unbound # /usr/sbin/unbound -c/var/unbound/unbound.conf -d -vv
> [1407997717] unbound[45554:0] notice: Start of unbound 1.4.20.
> [1407997717] unbound[45554:0] debug: switching log to syslog
> 
> I have it running on the host server, and it responsed perfectly well … I’ve tried changing the ‘namserver’ setting in /etc/resolv.conf to be the IP of the jail, vs localhost … as well as setting ‘interfaces’ in /var/unbound/unbound.conf … no difference …
> 
> Help?
> 
> 
> 
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20140814/9b5aa2bd/attachment.sig>

More information about the freebsd-jail mailing list