From owner-freebsd-questions@freebsd.org Wed Aug 19 00:00:15 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E28DB9BC359 for ; Wed, 19 Aug 2015 00:00:15 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A18D01C38 for ; Wed, 19 Aug 2015 00:00:15 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1ZRqnW-0000PE-4e for freebsd-questions@freebsd.org; Wed, 19 Aug 2015 02:00:06 +0200 Received: from pool-72-66-1-32.washdc.fios.verizon.net ([72.66.1.32]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 19 Aug 2015 02:00:06 +0200 Received: from nightrecon by pool-72-66-1-32.washdc.fios.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 19 Aug 2015 02:00:06 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Subject: Re: unbound setup questions Date: Tue, 18 Aug 2015 19:59:39 -0400 Lines: 46 Message-ID: References: Reply-To: nightrecon@hotmail.com Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-72-66-1-32.washdc.fios.verizon.net X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Aug 2015 00:00:16 -0000 Antoine Kallab wrote: > Hi all, > > I can't seem to get unbound to resolve DNS requests coming from any > machine other than localhost. I am not sure what I'm doing wrong, and > would appreciate some guidance. > > The other computer that's asking for resolution has an IP address of > 10.33.2.2/24. > It can ping Internet IP addresses, it just can't resolve domain names. > Its address, DNS, and gateway settings are all being handled by the > DHCP server also running on my BSD server. > > (It felt impolite dumping all of my files in to an E-Mail, so I put > them on Pastebin. Hope that's okay) > > Here's my /var/unbound/unbound.conf: > http://pastebin.com/ZKqsn5dV > > The relevant sections of my /etc/rc.conf that deal with setting > addresses for the NICs: > http://pastebin.com/n5RxzePF > > Here is my /usr/local/etc/dhcpd.conf: > http://pastebin.com/CQydK4MC > > I double and triple checked to make sure my firewall wasn't getting in the > way. But just in case, here's my /etc/pf.conf: > http://pastebin.com/Ews1t9QN > I just began looking at replacing Bind since after last portupgrade to the latest and greatest broke the named chroot environment which has served me well for so long. Waiting to see if it is going to be fixed, or if bind is going to be ignored from now on. Hedging my bets with a plan B. The unbound that ships with the OS is really only designed to be a resolver for the local machine, at least as far as I know at this point in my meager research. If you need services more like you may have been accustomed to with Bind you may wish to take a look at the unbound in the ports tree: /usr/ports/dns/unound. Didn't know about this one until some wise chap on irc hit me with the clue bat. -Mike