On Nov 17, 2015, at 12:45 PM, Steve Yates wrote:
> Paul Mather wrote on Thu, Nov 12 2015 at 1:38 pm:
>
>> Unfortunately, with this configuration, unbound does not listen on the
>> IP aliases: it only listens on the primary IP addresses of LAN,
>> INTERNAL, and localhost.
>
> I don't have quite the same configuration, but with a CARP shared LAN
> IP, it listens on that alias. Did you check your firewall log/rules?
I don't believe it is an issue of firewall/log rules. Unbound is simply not
listening on those interfaces, as shown by a "sockstat -4l":
USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
[[...]]
unbound unbound1123 10 udp4 10.5.5.1:53 *:*
unbound unbound1123 11 tcp4 10.5.5.1:53 *:*
unbound unbound1123 12 udp4 10.0.0.7:53 *:*
unbound unbound1123 13 tcp4 10.0.0.7:53 *:*
unbound unbound1123 14 udp4 127.0.0.1:53 *:*
unbound unbound1123 16 tcp4 127.0.0.1:53 *:*
unbound unbound1123 19 tcp4 127.0.0.1:953 *:*
[[...]]
Those IP addresses correspond to the primary addresses of LAN, INTERNAL, and
localhost. Missing are entries listening on the IP aliases, 10.0.0.1 and
10.0.0.14.
Also, even though I also have 10.0.0.14 and 10.0.0.1 checked in the DNS
Resolver settings, they are not included in the active
/var/unbound/unbound.conf file:
[[...]]
# Interface IP(s) to bind to
interface: 10.5.5.1
interface: 10.0.0.7
interface: 127.0.0.1
interface: ::1
[[...]]
Only the primary addresses of the network NICs are included.
If I add "interface:" lines myself to this file and stop and start unbound from
the command line then unbound listens correctly on the IP aliases, too. For
some reason, they are not making it into the unbound.conf file from the GUI
settings page for DNS Resolver.
Cheers,
Paul.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold