Re: Failure to get unbound to talk to nsd on the same server (Solved)

Hi all, thanks for all the suggestions. However it turned out that all I needed to do was to add domain-insecure: "my.domain" to unbound.conf so that unbound would ignore the lack of DNSSEC of my internal domain. I have not paid much attention to DNSSEC until now, but it seems I may need to.

Re: Failure to get unbound to talk to nsd on the same server

Hi, Haven't followed the whole thread and by just looking at the topic, I have a similar setup (carped as well) for caching DNS. 2 servers, 2 carped IPs. This is how it works: unbound.conf: interface: 127.0.0.1 port: 53 outgoing-interface: ext_ip access-control: local_networks

Re: Failure to get unbound to talk to nsd on the same server

Hiya Johan, On Tue, 11 Oct 2016 23:50:20 +0200 Johan Mellberg wrote: > There is something weird here that I don't quite see/understand so I > very much appreciate the input so far. DNS is fun to run! The skilled OpenBSD devs have given us well set up separated daemons. Paul, I & others have

Re: Failure to get unbound to talk to nsd on the same server

So as to how it flies, here's my line of thought: Unbound should serve my network including the dns server machine itself with DNS, hence the external IP address in resolv.conf. dig and nslookup run on the dns server itself both use this with no problem and the rest of my network seems happy as

Re: Failure to get unbound to talk to nsd on the same server

(Resending to list) Yes, I thought of and tried that too with similar lack of success. But as I could see from the tcpdump (see reply to Raimo's mail) NSD responds so it's probably an Unbound issue. The forward-zone directive can be used but it expects the forward-addr to be able to provide

Re: Failure to get unbound to talk to nsd on the same server

On 2016-10-11, Raimo Niskanen wrote: > And -l Port to dig selects a non-default port. N.B. dig in OpenBSD base doesn't support this.

Re: Failure to get unbound to talk to nsd on the same server

Thanks. Here's the output of the various dig commands and the tcpdump where relevant. pf is unchanged and there is no difference whether disabled with pfctl -d or not. The tcpdump is interesting since apparently the query reached NSD and it replies - but Unbound does not see/accept it (?). Could

Re: Failure to get unbound to talk to nsd on the same server

Hi Johan, On Mon, 10 Oct 2016 23:42:16 +0200 Johan Mellberg wrote: > I have tried multiple combinations of ports and interface bindings and > I suspect that I am missing something simple here. Currently I have > set NSD to listen on 127.0.0.1 and Unbound listens on 192.168.x.91 - > so there

Re: Failure to get unbound to talk to nsd on the same server

I run a similar setup, NSD serving my local zones (on ::1@54) and unbound querying those local zones there. Comparing your config with mine, I didn't spot an obvious explanation for why it wouldn't work for you, but I do note that your unbound isn't configured to listen on 127.0.0.1, whilst your

Re: Failure to get unbound to talk to nsd on the same server

Try to use forward-zone instead of stub-zone in unbound.conf forward-zone: name: “abc.com" forward-addr: 127.0.0.1 > On 10 okt. 2016, at 23:42, Johan Mellberg wrote: > > Hi all, > > I am setting up a fresh OpenBSD 6.0 server in a KVM VM to serve my >

Re: Failure to get unbound to talk to nsd on the same server

Please give more details on which dig commands you used on which machine(s) and paste their exact results. Otherwise hard to tell since your setup seems about right. Does pf get in your way? And -l Port to dig selects a non-default port. Anything interesting in your system logs on the DNS

Failure to get unbound to talk to nsd on the same server

Hi all, I am setting up a fresh OpenBSD 6.0 server in a KVM VM to serve my home network with DNS. I have a custom zone (only for LAN use) set up and previously used BIND successfully (but that VM crashed and its disk was hosed...) both as authoritative and caching/resolving. So now I am trying