Hi all,
thanks for all the suggestions. However it turned out that all I needed to do
was to add
domain-insecure: "my.domain"
to unbound.conf so that unbound would ignore the lack of DNSSEC of my internal
domain. I have not paid much attention to DNSSEC until now, but it seems I may
need to.
Hi,
Haven't followed the whole thread and by just looking at the topic,
I have a similar setup (carped as well) for caching DNS.
2 servers, 2 carped IPs.
This is how it works:
unbound.conf:
interface: 127.0.0.1
port: 53
outgoing-interface: ext_ip
access-control: local_networks
Hiya Johan,
On Tue, 11 Oct 2016 23:50:20 +0200 Johan Mellberg wrote:
> There is something weird here that I don't quite see/understand so I
> very much appreciate the input so far.
DNS is fun to run!
The skilled OpenBSD devs have given us well set up separated daemons.
Paul, I & others have
So as to how it flies, here's my line of thought:
Unbound should serve my network including the dns server machine
itself with DNS, hence the external IP address in resolv.conf. dig and
nslookup run on the dns server itself both use this with no problem
and the rest of my network seems happy as
(Resending to list)
Yes, I thought of and tried that too with similar lack of success. But
as I could see from the tcpdump (see reply to Raimo's mail) NSD
responds so it's probably an Unbound issue. The forward-zone directive
can be used but it expects the forward-addr to be able to provide
On 2016-10-11, Raimo Niskanen wrote:
> And -l Port to dig selects a non-default port.
N.B. dig in OpenBSD base doesn't support this.
Thanks.
Here's the output of the various dig commands and the tcpdump where
relevant. pf is unchanged and there is no difference whether disabled
with pfctl -d or not. The tcpdump is interesting since apparently the
query reached NSD and it replies - but Unbound does not see/accept it
(?). Could
Hi Johan,
On Mon, 10 Oct 2016 23:42:16 +0200 Johan Mellberg wrote:
> I have tried multiple combinations of ports and interface bindings and
> I suspect that I am missing something simple here. Currently I have
> set NSD to listen on 127.0.0.1 and Unbound listens on 192.168.x.91 -
> so there
I run a similar setup, NSD serving my local zones (on ::1@54) and
unbound querying those local zones there. Comparing your config with
mine, I didn't spot an obvious explanation for why it wouldn't work
for you, but I do note that your unbound isn't configured to listen on
127.0.0.1, whilst your
Try to use forward-zone instead of stub-zone in unbound.conf
forward-zone:
name: “abc.com"
forward-addr: 127.0.0.1
> On 10 okt. 2016, at 23:42, Johan Mellberg wrote:
>
> Hi all,
>
> I am setting up a fresh OpenBSD 6.0 server in a KVM VM to serve my
>
Please give more details on which dig commands you used on which machine(s)
and paste their exact results. Otherwise hard to tell since your setup
seems about right. Does pf get in your way?
And -l Port to dig selects a non-default port.
Anything interesting in your system logs on the DNS
Hi all,
I am setting up a fresh OpenBSD 6.0 server in a KVM VM to serve my
home network with DNS. I have a custom zone (only for LAN use) set up
and previously used BIND successfully (but that VM crashed and its
disk was hosed...) both as authoritative and caching/resolving.
So now I am trying
12 matches
Mail list logo