Unbound in jail

Beeblebrox zaphod at berentweb.com
Sat Dec 7 14:03:19 UTC 2013

I'd like to try running unbound in a jail. Since chrooting will be
irrelevant, I have set in unbound.conf (chroot: ""). Config file passes
sanity test with unbound-checkconf. But I have several questions:

1. As testing, from host-proper:  unbound -c /etc/unbound/unbound.conf gives
below error if these are set in unbound.conf: (#    so-rcvbuf: 4m, #   
so-sndbuf: 4m). Not necessary?
unbound[9069:0] error: setsockopt(..., SO_RCVBUF, ...) failed: No buffer
space available  unbound[9069:0] fatal error: could not open ports

2. Since unbound does NOT get started/stopped as a service - as stated in
man page (unbound -c/kill unbound.pid), unbound_enable=yes in
<jailname>/etc/rc.conf will most likely not work. How is that managed in

3. unbound will be tasked to cache and serve the DNS requests from clients,
but needs to use forward-addr parameter to forward the DNS query to a
Tor-Socks jail. Failing a response from Tor, it needs to fall-back to
dns/dnscrypt-proxy (which will run either in the DNS or TOR jail). MyQ: Does
a simple forward-addr to the TOR jail IP work for the DNS query, or is a
more complicated setup necessary? For the fall-back method using
dnscrypt-proxy, I assume placing this in unbound.conf will work, if
dnscrypt-proxy is placed in the same jail as unbound?
forward-addr: <tor-jail-ip>
forward-addr: at 40


View this message in context: http://freebsd.1045724.n5.nabble.com/Unbound-in-jail-tp5866649.html
Sent from the freebsd-questions mailing list archive at Nabble.com.

More information about the freebsd-questions mailing list