How to set up unbound on FreeBSD 10
Peter Ulrich Kruppa
ulrich at pukruppa.de
Fri Nov 1 17:31:18 UTC 2013
On 11/01/13 11:32, Vincent Hoffman wrote:
> On 30/10/2013 12:34, Peter Ulrich Kruppa wrote:
>>
>> On 10/30/13 11:21, Wei Guo wrote:
>>> 于 10/30/13, 4:29 PM, Peter Ulrich Kruppa 写道:
>>>> Hi,
>>>>
>>>> as I can see there is a new default dns server shipping with FreeBSD 10:
>>>> unbound.
>>>>
>>>> When I try to set it up as described in
>>>>
>>>> http://blog.des.no/2013/09/local-caching-resolver-in-freebsd-10/
>>>>
>>>> by typing
>>>>
>>>> # echo local_unbound_enable=yes >>/etc/rc.conf
>>>> # service local_unbound start
>>>>
>>>> I am locked out of my internet connection and nobody is served any dns .
>>>> So I guess something must be missing.
>>>> For example: Do I have to mount any devfs ?
>>> I guess you must have the following line in your ppp.conf:
>>>
>>> disable dns
>>>
>>> in order to stop ppp(8) from rewriting your /etc/resolv.conf. And you
>>> to can edit /var/unbound/forward.conf and /var/unbound/unbound.conf
>>> to meet your demands.
>> Thanks, that is a good hint - but it doesn't solve the problem.
>> As soon as I activate unbound I no dns requests from my machine (neither
>> from any other) will be answered.
> Hi,
> I Just tested this on a 10.0-BETA1 machine and am not having any issues.
> after starting local_unbound, whats the contents of your
> /etc/resolv.conf and the output of sockstat -4 | grep unbound ? for
> reverence mine is:
> root at bsdpkgbuild:~ # cat /etc/resolv.conf
> search mydomain.net
> # nameserver 192.168.11.1
> # nameserver 192.168.11.2
> nameserver 127.0.0.1
> options edns0
> root at bsdpkgbuild:~ # sockstat -4 | grep unbound
> unbound unbound 11042 6 udp4 127.0.0.1:53 *:*
> unbound unbound 11042 7 tcp4 127.0.0.1:53 *:*
Hello everybody,
it seems I have found the way to work my setup:
My /etc/resolv.conf must not be changed by unbound. I.e. After starting
local_unbound I remove the lines nameserver 127.0.0.1 and options edns0
and uncomment the nameserver entries created by ppp.
nameserver 217.237.151.51
nameserver 217.237.149.205
My /var/unbound/forward.conf I leave as it was generated:
forward-zone:
name: .
forward-addr: 217.237.151.51
forward-addr: 217.237.149.205
and in my /var/unbound/unbound.conf I add some lines
server:
username: unbound
directory: /var/unbound
chroot: /var/unbound
pidfile: /var/run/local_unbound.pid
auto-trust-anchor-file: /var/unbound/root.key
interface: 127.0.0.1
interface: 192.168.10.1
access-control: 127.0.0.0/8 allow
access-control: 192.168.10.0/16 allow_snoop
include: /var/unbound/forward.conf
sockstat now gives me four lines:
unbound unbound 50518 3 udp4 127.0.0.1:53 *:*
unbound unbound 50518 4 tcp4 127.0.0.1:53 *:*
unbound unbound 50518 5 udp4 192.168.10.1:53 *:*
unbound unbound 50518 6 tcp4 192.168.10.1:53 *:*
Thanks for your help and support!
Greetings
Peter
> Vince
>
>> Greetings
>>
>> Peter
>>>
>>>> My machine has got two nics: one unconfigured to dial in to an ADSL
>>>> connection via DSL bridge and one with IP 192.168.10.1 to my LAN.
>>>>
>>>> With old named/bind all I need to set is
>>>>
>>>> named_enable="YES"
>>>> in /etc/rc.conf and
>>>>
>>>> listen-on { 127.0.0.1;
>>>> 192.168.10.1;};
>>>> in /var/named/etc/namedb/named.conf
>>>>
>>>>
>>>>
>>>> Thanks for your help
>>>>
>>>> Peter
>>>> _______________________________________________
>>>> freebsd-questions at freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>> To unsubscribe, send any mail to
>>>> "freebsd-questions-unsubscribe at freebsd.org"
>>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>
>
>
More information about the freebsd-questions
mailing list