Re: nsd Will Not Start At Boot

Wed, 08 Jul 2020 05:41:49 -0700 

G'day Ken,

On Tue, 7 Jul 2020 19:28:23 +0000 Ken Hendrickson wrote:
> 
> I have NSD working now, serving up my local DNS names.
> Unbound is still not working.
> 
> I have a hunch, but cannot find it in the man pages,
> that somehow they have to talk to each other. Is this true?


Depends on what you want unbound & NSD to do!


To have NSD be a zone's authoritative server on a server's public
address, with unbound being the recursive resolver on the same server's
private address & proxying NSD's zones to the LAN, this sort of
configuration could help get you going:-


# /var/unbound/etc/unbound.conf

server:
        interface: 127.0.0.1                                        
        interface: 192.168.some.thing
        # If you have NSD listening on all 53 ports,
        # unbound can't also listen on all 53 ports!
        # Limit your interfaces.

        do-ip6: no

        access-control: ::0/0 refuse
        access-control: 0.0.0.0/0 refuse
        access-control: 127.0.0.0/8 allow
        access-control: 192.168.blah.0/24 allow

        # private networks:
        private-address: 10.0.0.0/8
        private-address: 100.64.0.0/10
        private-address: 172.16.0.0/12
        private-address: 192.0.0.0/29
        private-address: 192.168.0.0/16
        private-address: 198.18.0.0/15
        # example source code & documentation:
        private-address: 192.0.2.0/24
        private-address: 198.51.100.0/24
        private-address: 203.0.113.0/24
        # subnet, autoconfiguration between two hosts on a single link:
        private-address: 169.254.0.0/16
        # reserved for multicast assignments:
        private-address: 224.0.0.0/4
        # reserved for future use:
        private-address: 240.0.0.0/4

        private-domain: 'internal'
        # or localdomain, or private, or home.ARPA

        do-not-query-localhost: no

        local-zone: 'blah.168.192.in-addr.ARPA' typetransparent 


remote-control:
        control-enable: yes
        control-use-cert: no
        control-interface: /var/run/unbound.sock


stub-zone:
        name: 'internal'
        stub-addr: 127.0.0.1@42 # <--- NSD needs to be listening here
        # Port 42 is defunct,
        # so use it for NSD to serve zones on the loopback to unbound.

stub-zone:
        name: 'blah.168.192.in-addr.ARPA'
        stub-addr: 127.0.0.1@42

stub-zone:
        name:'Britvault.Co.UK'
        stub-addr: 127.0.0.1@42

stub-zone:
        ....



Cheers,
Craig.

Reply via email to