How to set up unbound on FreeBSD 10

Fri Nov 1 17:31:18 UTC 2013

On 11/01/13 11:32, Vincent Hoffman wrote:
> On 30/10/2013 12:34, Peter Ulrich Kruppa wrote:
>>
>> On 10/30/13 11:21, Wei Guo wrote:
>>> 于 10/30/13, 4:29 PM, Peter Ulrich Kruppa 写道:
>>>> Hi,
>>>>
>>>> as I can see there is a new default dns server shipping with FreeBSD 10:
>>>> unbound.
>>>>
>>>> When I try to set it up as described in
>>>>
>>>> http://blog.des.no/2013/09/local-caching-resolver-in-freebsd-10/
>>>>
>>>> by typing
>>>>
>>>> # echo local_unbound_enable=yes >>/etc/rc.conf
>>>> # service local_unbound start
>>>>
>>>> I am locked out of my internet connection and nobody is served any dns .
>>>> So I guess something must be missing.
>>>> For example: Do I have to mount any devfs ?
>>> I guess you must have the following line in your ppp.conf:
>>>
>>> disable dns
>>>
>>> in order to stop ppp(8) from rewriting your /etc/resolv.conf. And you
>>> to can edit /var/unbound/forward.conf and /var/unbound/unbound.conf
>>> to meet your demands.
>> Thanks, that is a good hint - but it doesn't solve the problem.
>> As soon as I activate unbound I no dns requests from my machine (neither
>> from any other) will be answered.
> Hi,
> I Just tested this on a 10.0-BETA1 machine and am not having any issues.
> after starting local_unbound,  whats the contents of your
> /etc/resolv.conf and the output of sockstat -4 | grep unbound ? for
> reverence mine is:
> root at bsdpkgbuild:~ # cat /etc/resolv.conf
> search mydomain.net
> # nameserver 192.168.11.1
> # nameserver 192.168.11.2
> nameserver 127.0.0.1
> options edns0
> root at bsdpkgbuild:~ # sockstat -4 | grep unbound
> unbound  unbound    11042 6  udp4   127.0.0.1:53          *:*
> unbound  unbound    11042 7  tcp4   127.0.0.1:53          *:*

Hello everybody,

it seems I have found the way to work my setup:
My /etc/resolv.conf must not be changed by unbound. I.e. After starting
local_unbound I remove the lines  nameserver 127.0.0.1 and options edns0
and uncomment the nameserver entries created by ppp.
nameserver 217.237.151.51
nameserver 217.237.149.205

My /var/unbound/forward.conf I leave as it was generated:
forward-zone:
        name: .
        forward-addr: 217.237.151.51
        forward-addr: 217.237.149.205

and in my /var/unbound/unbound.conf I add some lines
server:
        username: unbound
        directory: /var/unbound
        chroot: /var/unbound
        pidfile: /var/run/local_unbound.pid
        auto-trust-anchor-file: /var/unbound/root.key
        interface: 127.0.0.1
        interface: 192.168.10.1
        access-control: 127.0.0.0/8 allow
        access-control: 192.168.10.0/16 allow_snoop

include: /var/unbound/forward.conf

sockstat now gives me four lines:
unbound  unbound    50518 3  udp4   127.0.0.1:53          *:*
unbound  unbound    50518 4  tcp4   127.0.0.1:53          *:*
unbound  unbound    50518 5  udp4   192.168.10.1:53       *:*
unbound  unbound    50518 6  tcp4   192.168.10.1:53       *:*

Thanks for your help and support!

Greetings

Peter

> Vince
> 
>> Greetings
>>
>> Peter
>>>
>>>> My machine has got two nics: one unconfigured to dial in to an ADSL
>>>> connection via DSL bridge and one with IP 192.168.10.1 to my LAN.
>>>>
>>>> With old named/bind all I need to set is
>>>>
>>>>     named_enable="YES"
>>>> in /etc/rc.conf and
>>>>
>>>>          listen-on       { 127.0.0.1;
>>>>                            192.168.10.1;};
>>>> in /var/named/etc/namedb/named.conf
>>>>
>>>>
>>>>
>>>> Thanks for your help
>>>>
>>>> Peter
>>>> _______________________________________________
>>>> freebsd-questions at freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>> To unsubscribe, send any mail to
>>>> "freebsd-questions-unsubscribe at freebsd.org"
>>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>
> 
> 