From nobody Tue Mar  8 11:50:58 2022
X-Original-To: questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 12A241A066A6
	for <questions@mlmmj.nyi.freebsd.org>; Tue,  8 Mar 2022 11:51:17 +0000 (UTC)
	(envelope-from pstreem@gmail.com)
Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4KCYZD20zJz3KqD
	for <questions@freebsd.org>; Tue,  8 Mar 2022 11:51:16 +0000 (UTC)
	(envelope-from pstreem@gmail.com)
Received: by mail-ed1-x52f.google.com with SMTP id b24so1474698edu.10
        for <questions@freebsd.org>; Tue, 08 Mar 2022 03:51:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=CQ/4z+IX6jWCdg0F8dOhf/ZUmZCi6MP4Xj/7Xli9Mc4=;
        b=CaqtHK9Z8lR6N4h1SBXTTqrLltlUrnWY/P2qwjkNInxtvwKdK7eNaPe42PSTqZLPlo
         bedyEBRkkvhFuwi07BDCofA6wxOR3DPPnAlDLDTPOrdhhqssDJE/KMH2ThSQBWn40whM
         2vJmu6tPnEd9c+ou5L78uwx2cWJlQOUzXT0IIkLdWSclJmuHDmSIagFfIG0FpdT8aq1O
         UsnIh+XBV8X9vEHH1tuELi//R2gkEZC+MUleaVQUA8JyCBAI/DnjgQnPA71ra8M8Xj8x
         Rlv0R3VgmQ0Xu7ZKXiXnrubj5T9if6my9oV0YJVeVxsE72CLIERMJPNo1WqlRe9WNIti
         oWVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=CQ/4z+IX6jWCdg0F8dOhf/ZUmZCi6MP4Xj/7Xli9Mc4=;
        b=dz6T0EGmgRNoCQ24stPjVJsraDQkKCIMHQ8ua3Z0Lm/HK3gnuT1AwOWDVJiNB2snwd
         SO1TQ6gbVSB/VCkk5Yh9UiMc0uYOAXG6J8cJu93J+BO4bs3UU2PwDvfcz9Zsv2lqTbbC
         dIFnfbc+RqFBKvUtZxjo6bzU/7q82odYFO1L1FxB/OvI7FLTS68Vj/rpQAJA8md+TwBh
         8SPZLX0iCbsD9q+iteM3B3EJeZZQ0mSiGIpfmHQr7rzYn6id+/mFY8G6v+hym6h2UatK
         i4oIxJGNViCRT15BT6renq0w+heUoQEeOHVKzny3ZaJPVnX/v4lhJHZ1Uw68g+DUN3ii
         kPow==
X-Gm-Message-State: AOAM530kh1nRObeSHK9kqG7+YArDpIc60Y45tXaNxh1z0lcviGTCkM6B
	KSlUqgktxIx+4YaDuT0LZMI5b+KMAI18KMKAIsMznx64P1Y=
X-Google-Smtp-Source: ABdhPJwKXOc6C2H8Erz64KSLbdFUfmXZbNH7ghqhBy/hOZ3tgqVmJMF0pAafR61neframEw0Y3j9OsF21ZcGEiq/av8=
X-Received: by 2002:a05:6402:278d:b0:416:4a65:c9db with SMTP id
 b13-20020a056402278d00b004164a65c9dbmr8858301ede.191.1646740269399; Tue, 08
 Mar 2022 03:51:09 -0800 (PST)
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
Sender: owner-freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
MIME-Version: 1.0
References: <dfca984d-95e5-a0e7-3f2e-da0a9925dce8@unixnation.net> <bda5e771-b3ff-6071-cecc-007c85508708@gmx.at>
In-Reply-To: <bda5e771-b3ff-6071-cecc-007c85508708@gmx.at>
From: PstreeM China <pstreem@gmail.com>
Date: Tue, 8 Mar 2022 19:50:58 +0800
Message-ID: <CAPDFJPjETPBRA3+pDma99ZdOf6g1n4CZLE=F+HYxhJ860D6LEg@mail.gmail.com>
Subject: Re: local-unbound in a jail
To: infoomatic <infoomatic@gmx.at>
Cc: questions@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000cb816505d9b3989b"
X-Rspamd-Queue-Id: 4KCYZD20zJz3KqD
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=CaqtHK9Z;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of pstreem@gmail.com designates 2a00:1450:4864:20::52f as permitted sender) smtp.mailfrom=pstreem@gmail.com
X-Spamd-Result: default: False [-4.00 / 15.00];
	 TO_DN_SOME(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c];
	 FREEMAIL_FROM(0.00)[gmail.com];
	 MID_RHS_MATCH_FROMTLD(0.00)[];
	 DKIM_TRACE(0.00)[gmail.com:+];
	 RCPT_COUNT_TWO(0.00)[2];
	 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	 NEURAL_HAM_SHORT(-1.00)[-1.000];
	 FREEMAIL_TO(0.00)[gmx.at];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+,1:+,2:~];
	 FREEMAIL_ENVFROM(0.00)[gmail.com];
	 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	 DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	 FROM_HAS_DN(0.00)[];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	 PREVIOUSLY_DELIVERED(0.00)[questions@freebsd.org];
	 TO_MATCH_ENVRCPT_SOME(0.00)[];
	 RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::52f:from];
	 MLMMJ_DEST(0.00)[questions];
	 RCVD_COUNT_TWO(0.00)[2];
	 RCVD_TLS_ALL(0.00)[]
X-ThisMailContainsUnwantedMimeParts: N

--000000000000cb816505d9b3989b
Content-Type: text/plain; charset="UTF-8"

yes, highly recommend using vnet to do this. and also recommend the tools:
*bastille* . it's a amazing tools to manager the jail.
i think vnet it's the best way to startup the service in jail.  i use
bastille create jail and configure use vnet .

On Sat, Feb 19, 2022 at 2:03 AM infoomatic <infoomatic@gmx.at> wrote:

> I highly recommend using vnet enabled jails for network based services
> ... imho too much hassle with networking issues with non-vnet jails.
>
>
> On 18.02.22 18:02, Steve Kirk wrote:
> > Afternoon all,
> >
> > I suspect that I know the answer to this question, however... I have
> > tried to run local-unbound in a jail (as I intend to run rspamd in
> > said jail) but it seems like it doesn't play nicely because there's no
> > loopback address *inside* the jail which is the only interface this
> > service is designed to work with.
> >
> > Trying to keep things minimal but I think I should be installing
> > unbound or named from ports if I want a caching DNS server inside a
> > jail, rather than abusing local-unbound?
> >
> > Cheers,
> > Steve
> >
>
>

--000000000000cb816505d9b3989b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">yes, highly recommend using vnet to do this. and also reco=
mmend the tools:=C2=A0 <b>bastille</b> . it&#39;s a amazing=C2=A0tools=C2=
=A0to=C2=A0manager the=C2=A0jail.=C2=A0<div>i think vnet it&#39;s the best =
way to startup the service in jail.=C2=A0 i use bastille create jail and co=
nfigure use vnet .</div></div><br><div class=3D"gmail_quote"><div dir=3D"lt=
r" class=3D"gmail_attr">On Sat, Feb 19, 2022 at 2:03 AM infoomatic &lt;<a h=
ref=3D"mailto:infoomatic@gmx.at">infoomatic@gmx.at</a>&gt; wrote:<br></div>=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">I highly recommend using =
vnet enabled jails for network based services<br>
... imho too much hassle with networking issues with non-vnet jails.<br>
<br>
<br>
On 18.02.22 18:02, Steve Kirk wrote:<br>
&gt; Afternoon all,<br>
&gt;<br>
&gt; I suspect that I know the answer to this question, however... I have<b=
r>
&gt; tried to run local-unbound in a jail (as I intend to run rspamd in<br>
&gt; said jail) but it seems like it doesn&#39;t play nicely because there&=
#39;s no<br>
&gt; loopback address *inside* the jail which is the only interface this<br=
>
&gt; service is designed to work with.<br>
&gt;<br>
&gt; Trying to keep things minimal but I think I should be installing<br>
&gt; unbound or named from ports if I want a caching DNS server inside a<br=
>
&gt; jail, rather than abusing local-unbound?<br>
&gt;<br>
&gt; Cheers,<br>
&gt; Steve<br>
&gt;<br>
<br>
</blockquote></div>

--000000000000cb816505d9b3989b--