Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Oct 2015 22:48:13 +0200
From:      Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net>
To:        FreeBSD questions <freebsd-questions@freebsd.org>
Cc:        =?UTF-8?Q?Trond_Endrest=c3=b8l?= <Trond.Endrestol@fagskolen.gjovik.no>
Subject:   Re: IPv6 only Jails cannot connect to the outside world
Message-ID:  <562BEE8D.1010606@kulturflatrate.net>
In-Reply-To: <alpine.BSF.2.20.1510061204000.8676@mail.fig.ol.no>
References:  <5611AFCA.4010909@kulturflatrate.net> <CA%2BtpaK0fyqEvc3kWMfhD9teogTG8euWfqEn1szmUhYXQ5e_UCg@mail.gmail.com> <5611CA44.4030602@radel.com> <56123260.1010901@kulturflatrate.net> <56127D73.5040001@hiwaay.net> <5612E192.6040404@kulturflatrate.net> <alpine.BSF.2.20.1510061137280.8676@mail.fig.ol.no> <56139A43.9010904@kulturflatrate.net> <alpine.BSF.2.20.1510061204000.8676@mail.fig.ol.no>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 06/10/15 12:15, Trond Endrestøl wrote:
> local_unbound is in base, if you prefer to limit the number of 
> installed ports in each jail.
> 
> Just add local_unbound_enable="YES" to each jail's /etc/rc.conf.
> 
> Start the local_unbound service, and let it create its files in 
> /var/unbound. Stop the unbound service.
> 
> Edit /var/unbound/forward.conf to your heart's content. Add as many 
> "forward-addr:" statements as you need below "name: .". See 
> unbound.conf(5) for more information.
> 
> You might want to verify the settings in /etc/resolv.conf and 
> /etc/resolvconf.conf.
> 
> Start the unbound service, and check the resolver using host, 
> ping{,6}, traceroute{,6} ...
> 
> Once you get one jail running as desired, just copy the configuration 
> files, save /etc/rc.conf, to the other jails.

I finally took a closer look on this.

Unfortunately, I was not able to set this up within the jails but what I
did was installing dns/unbound on the host and set it as IPv4 and IPv6
name server in each jail in `/etc/resolv.conf`.

Is there a good reason why not to do this and prefer the local_unbound
version in each jail as described by Trond (thanks again)? Maybe because
of security concerns?

-- 
Niklaas

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?562BEE8D.1010606>