Date: Wed, 19 Aug 2015 13:03:31 +0200 From: Damien Fleuriot <ml@my.gd> To: nightrecon@hotmail.com Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: unbound setup questions Message-ID: <CAE63ME5LnY52g4TJXVKYmPitkvFW_cyV=%2B6AoSRtVXME=XcsZg@mail.gmail.com> In-Reply-To: <mr0gtu$gi$1@ger.gmane.org> References: <CAL2OafxjzF1ZR_qyP8V0=tD%2BqHdfb7rohiH02UrrO5%2Bceyf7rw@mail.gmail.com> <mr0gtu$gi$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 August 2015 at 01:59, Michael Powell <nightrecon@hotmail.com> wrote: > Antoine Kallab wrote: > > > Hi all, > > > > I can't seem to get unbound to resolve DNS requests coming from any > > machine other than localhost. I am not sure what I'm doing wrong, and > > would appreciate some guidance. > > > > The other computer that's asking for resolution has an IP address of > > 10.33.2.2/24. > > It can ping Internet IP addresses, it just can't resolve domain names. > > Its address, DNS, and gateway settings are all being handled by the > > DHCP server also running on my BSD server. > > > > (It felt impolite dumping all of my files in to an E-Mail, so I put > > them on Pastebin. Hope that's okay) > > > > Here's my /var/unbound/unbound.conf: > > http://pastebin.com/ZKqsn5dV > > > > The relevant sections of my /etc/rc.conf that deal with setting > > addresses for the NICs: > > http://pastebin.com/n5RxzePF > > > > Here is my /usr/local/etc/dhcpd.conf: > > http://pastebin.com/CQydK4MC > > > > I double and triple checked to make sure my firewall wasn't getting in > the > > way. But just in case, here's my /etc/pf.conf: > > http://pastebin.com/Ews1t9QN > > > > I just began looking at replacing Bind since after last portupgrade to the > latest and greatest broke the named chroot environment which has served me > well for so long. Waiting to see if it is going to be fixed, or if bind is > going to be ignored from now on. Hedging my bets with a plan B. > > The unbound that ships with the OS is really only designed to be a resolver > for the local machine, at least as far as I know at this point in my meager > research. If you need services more like you may have been accustomed to > with Bind you may wish to take a look at the unbound in the ports tree: > /usr/ports/dns/unound. Didn't know about this one until some wise chap on > irc hit me with the clue bat. > > -Mike > > I have to disagree here. Been using local_unbound as a forwarding resolver for client hosts and it works just fine. Find below the configuration. /etc/rc.conf : local_unbound_enable="YES" /var/unbound.conf : interface: 127.0.0.1 interface: 10.104.40.254 interface: 10.104.41.254 interface: 10.104.42.254 interface: 10.104.43.254 interface: 10.104.44.254 interface: 10.104.45.254 interface: 10.104.46.254 interface: 10.104.48.254 access-control: 10.104.0.0/16 allow access-control: 127.0.0.1/32 allow /var/unbound/forward.conf forward-zone: name: . forward-addr: 195.[snip] forward-addr: 195.[snip] Note that I've had to specifically put each of my interfaces in the config otherwise I ran into problems. The .254 interfaces are CARPs and if I use "interface : 0.0.0.0" , Unbound receives the query on its CARP and replies via its physical address, which the client rejects.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE63ME5LnY52g4TJXVKYmPitkvFW_cyV=%2B6AoSRtVXME=XcsZg>