duplicate local-zone
I've compiled a blacklist of adtracking sites that I'm trying to block by redirecting to 127.0.0.1. Some example entries: local-zone: "0-act.channel.facebook.com" redirect local-data: "0-act.channel.facebook.com A 127.0.0.1" local-zone: "0-edge-chat.facebook.com" redirect local-data: "0-edge-chat.facebook.com A 127.0.0.1" I've included the file with an include: reference in unbound.conf. But if I run unbound-checkconf, I get warnings about duplicate local-zones, even though I have confirmed there are none in my file. Stranger still, I get warned about a different line number every time I run unbound-checkconf, like so: /usr/local/etc/unbound # unbound-checkconf [1527882258] unbound-checkconf[15369:0] warning: duplicate local-zone [1527882258] unbound-checkconf[15369:0] error: could not enter zone sites redirect [1527882258] unbound-checkconf[15369:0] fatal error: failed local-zone, local-data configuration /usr/local/etc/unbound # unbound-checkconf [1527882261] unbound-checkconf[15370:0] warning: duplicate local-zone [1527882261] unbound-checkconf[15370:0] error: could not enter zone sites redirect [1527882261] unbound-checkconf[15370:0] fatal error: failed local-zone, local-data configuration /usr/local/etc/unbound # unbound-checkconf [1527882263] unbound-checkconf[15371:0] warning: duplicate local-zone [1527882263] unbound-checkconf[15371:0] error: could not enter zone sites redirect [1527882263] unbound-checkconf[15371:0] fatal error: failed local-zone, local-data configuration Any idea what is actually going on here? TIA FONG
Setup client to remote control another Unbound server
I have (the stock*) Unbound running on FreeBSD 10. I have unbound-control setup on the Unbound server itself and am successfully controlling via localhost. But I have another machine connected to the server via a backend connection on the 10.x.x.x private network. I want to run unbound-control on that machine and control the remote (albeit one backend hop away) server. I've been looking at docs and tutorials, and it's not clear what has to be configured where for this scenario. I've run unbound-control on the remote client and it complains that I have no unbound.conf file. But is that file ONLY for the configuration of a server? Would I need to have an unbound.conf file on the client machine? A couple things are not clear to me... Do I run unbound-control-setup on the client machine? I assume I'd have to copy keys to the server? But if so, how do I store them and refer to them without breaking my localhost control for unbound-control on the server itself? I tried adding 'control-interface: ' to the remote-control section of unbound.conf on the server. I interpreted this to be that it should listen for control connections on that interface. But I got: [1463783089] unbound-control[83533:0] error: connect: Connection refused for I suppose I might have some firewall concerns. But before I go off on that tangent, I'd just like to get straight: 1) Do I run unbound-control on the client machine? 2) What should I have in unbound.conf on the client machine (if at all)? 3) What should I have in unbound.conf on the server? 4) What key exchanging and referencing (in config files) do I need to keep control with unbound-control going on both the remote client and localhost? TIA - shot through the heart ooh baby do you know what that's worth and you're to blame ooh heaven is a place on earth darling you give love they say in heaven love comes first a bad name we'll make heaven a place on earth ORBITAL "Halcyon Live"
Can't dig +trace?
I have unbound running and clients using dig seem not to be able to trace? dig +trace www.amiga.com ; DiG 9.6.2-P2 +trace www.amiga.com ;; global options: +cmd ;; Received 12 bytes from MY-UNBOUND-IP#53(MY-UNBOUND-IP) in 0 ms However if I hit Google's lookup servers with the same command from the same client machine, I get the expected response... dig +trace @8.8.8.8 www.amiga.com ; DiG 9.6.2-P2 +trace @8.8.8.8 www.amiga.com ; (1 server found) ;; global options: +cmd . 8647IN NS b.root-servers.net. . 8647IN NS g.root-servers.net. . 8647IN NS c.root-servers.net. . 8647IN NS i.root-servers.net. . 8647IN NS j.root-servers.net. . 8647IN NS h.root-servers.net. . 8647IN NS e.root-servers.net. . 8647IN NS m.root-servers.net. . 8647IN NS f.root-servers.net. . 8647IN NS a.root-servers.net. . 8647IN NS l.root-servers.net. . 8647IN NS k.root-servers.net. . 8647IN NS d.root-servers.net. ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 12 ms com.172800 IN NS h.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. ;; Received 503 bytes from 192.203.230.10#53(e.root-servers.net) in 92 ms amiga.com. 172800 IN NS ns15.domaincontrol.com. amiga.com. 172800 IN NS ns16.domaincontrol.com. ;; Received 115 bytes from 192.12.94.30#53(e.gtld-servers.net) in 126 ms www.amiga.com. 3600IN CNAME amiga.com. amiga.com. 600 IN A 68.115.249.34 amiga.com. 3600IN NS ns16.domaincontrol.com. amiga.com. 3600IN NS ns15.domaincontrol.com. ;; Received 113 bytes from 208.109.255.8#53(ns16.domaincontrol.com) in 24 ms drill -T www.amiga.com seems to do the job these days. I guess I am just mostly curious what about Unbound keeps good ol' dig +trace from working? TIA FONG - shot through the heart ooh baby do you know what that's worth and you're to blame ooh heaven is a place on earth darling you give love they say in heaven love comes first a bad name we'll make heaven a place on earth ORBITAL Halcyon Live