Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 01 Nov 2013 18:31:07 +0100
From:      Peter Ulrich Kruppa <ulrich@pukruppa.de>
To:        Vincent Hoffman <vince@unsane.co.uk>, Wei Guo <darcsis@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: How to set up unbound on FreeBSD 10
Message-ID:  <5273E55B.3070705@pukruppa.de>
In-Reply-To: <52738340.4050705@unsane.co.uk>
References:  <5270C384.9040502@pukruppa.de> <5270DDC0.2050603@gmail.com> <5270FCF2.1030209@pukruppa.de> <52738340.4050705@unsane.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help


On 11/01/13 11:32, Vincent Hoffman wrote:
> On 30/10/2013 12:34, Peter Ulrich Kruppa wrote:
>>
>> On 10/30/13 11:21, Wei Guo wrote:
>>> 于 10/30/13, 4:29 PM, Peter Ulrich Kruppa 写道:
>>>> Hi,
>>>>
>>>> as I can see there is a new default dns server shipping with FreeBSD 10:
>>>> unbound.
>>>>
>>>> When I try to set it up as described in
>>>>
>>>> http://blog.des.no/2013/09/local-caching-resolver-in-freebsd-10/
>>>>
>>>> by typing
>>>>
>>>> # echo local_unbound_enable=yes >>/etc/rc.conf
>>>> # service local_unbound start
>>>>
>>>> I am locked out of my internet connection and nobody is served any dns .
>>>> So I guess something must be missing.
>>>> For example: Do I have to mount any devfs ?
>>> I guess you must have the following line in your ppp.conf:
>>>
>>> disable dns
>>>
>>> in order to stop ppp(8) from rewriting your /etc/resolv.conf. And you
>>> to can edit /var/unbound/forward.conf and /var/unbound/unbound.conf
>>> to meet your demands.
>> Thanks, that is a good hint - but it doesn't solve the problem.
>> As soon as I activate unbound I no dns requests from my machine (neither
>> from any other) will be answered.
> Hi,
> I Just tested this on a 10.0-BETA1 machine and am not having any issues.
> after starting local_unbound,  whats the contents of your
> /etc/resolv.conf and the output of sockstat -4 | grep unbound ? for
> reverence mine is:
> root@bsdpkgbuild:~ # cat /etc/resolv.conf
> search mydomain.net
> # nameserver 192.168.11.1
> # nameserver 192.168.11.2
> nameserver 127.0.0.1
> options edns0
> root@bsdpkgbuild:~ # sockstat -4 | grep unbound
> unbound  unbound    11042 6  udp4   127.0.0.1:53          *:*
> unbound  unbound    11042 7  tcp4   127.0.0.1:53          *:*

Hello everybody,

it seems I have found the way to work my setup:
My /etc/resolv.conf must not be changed by unbound. I.e. After starting
local_unbound I remove the lines  nameserver 127.0.0.1 and options edns0
and uncomment the nameserver entries created by ppp.
nameserver 217.237.151.51
nameserver 217.237.149.205

My /var/unbound/forward.conf I leave as it was generated:
forward-zone:
        name: .
        forward-addr: 217.237.151.51
        forward-addr: 217.237.149.205

and in my /var/unbound/unbound.conf I add some lines
server:
        username: unbound
        directory: /var/unbound
        chroot: /var/unbound
        pidfile: /var/run/local_unbound.pid
        auto-trust-anchor-file: /var/unbound/root.key
        interface: 127.0.0.1
        interface: 192.168.10.1
        access-control: 127.0.0.0/8 allow
        access-control: 192.168.10.0/16 allow_snoop

include: /var/unbound/forward.conf


sockstat now gives me four lines:
unbound  unbound    50518 3  udp4   127.0.0.1:53          *:*
unbound  unbound    50518 4  tcp4   127.0.0.1:53          *:*
unbound  unbound    50518 5  udp4   192.168.10.1:53       *:*
unbound  unbound    50518 6  tcp4   192.168.10.1:53       *:*


Thanks for your help and support!

Greetings

Peter


> Vince
> 
>> Greetings
>>
>> Peter
>>>
>>>> My machine has got two nics: one unconfigured to dial in to an ADSL
>>>> connection via DSL bridge and one with IP 192.168.10.1 to my LAN.
>>>>
>>>> With old named/bind all I need to set is
>>>>
>>>>     named_enable="YES"
>>>> in /etc/rc.conf and
>>>>
>>>>          listen-on       { 127.0.0.1;
>>>>                            192.168.10.1;};
>>>> in /var/named/etc/namedb/named.conf
>>>>
>>>>
>>>>
>>>> Thanks for your help
>>>>
>>>> Peter
>>>> _______________________________________________
>>>> freebsd-questions@freebsd.org mailing list
>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>> To unsubscribe, send any mail to
>>>> "freebsd-questions-unsubscribe@freebsd.org"
>>>
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>>
> 
> 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5273E55B.3070705>