unbound setup questions
ml at my.gd
Wed Aug 19 11:11:35 UTC 2015
On 19 August 2015 at 01:59, Michael Powell <nightrecon at hotmail.com> wrote:
> Antoine Kallab wrote:
> > Hi all,
> > I can't seem to get unbound to resolve DNS requests coming from any
> > machine other than localhost. I am not sure what I'm doing wrong, and
> > would appreciate some guidance.
> > The other computer that's asking for resolution has an IP address of
> > 10.33.2.2/24.
> > It can ping Internet IP addresses, it just can't resolve domain names.
> > Its address, DNS, and gateway settings are all being handled by the
> > DHCP server also running on my BSD server.
> > (It felt impolite dumping all of my files in to an E-Mail, so I put
> > them on Pastebin. Hope that's okay)
> > Here's my /var/unbound/unbound.conf:
> > http://pastebin.com/ZKqsn5dV
> > The relevant sections of my /etc/rc.conf that deal with setting
> > addresses for the NICs:
> > http://pastebin.com/n5RxzePF
> > Here is my /usr/local/etc/dhcpd.conf:
> > http://pastebin.com/CQydK4MC
> > I double and triple checked to make sure my firewall wasn't getting in
> > way. But just in case, here's my /etc/pf.conf:
> > http://pastebin.com/Ews1t9QN
> I just began looking at replacing Bind since after last portupgrade to the
> latest and greatest broke the named chroot environment which has served me
> well for so long. Waiting to see if it is going to be fixed, or if bind is
> going to be ignored from now on. Hedging my bets with a plan B.
> The unbound that ships with the OS is really only designed to be a resolver
> for the local machine, at least as far as I know at this point in my meager
> research. If you need services more like you may have been accustomed to
> with Bind you may wish to take a look at the unbound in the ports tree:
> /usr/ports/dns/unound. Didn't know about this one until some wise chap on
> irc hit me with the clue bat.
I have to disagree here.
Been using local_unbound as a forwarding resolver for client hosts and it
works just fine.
Find below the configuration.
access-control: 10.104.0.0/16 allow
access-control: 127.0.0.1/32 allow
Note that I've had to specifically put each of my interfaces in the config
otherwise I ran into problems.
The .254 interfaces are CARPs and if I use "interface : 0.0.0.0" , Unbound
receives the query on its CARP and replies via its physical address, which
the client rejects.
More information about the freebsd-questions