Re: Syncing unbound.conf
It worked after appending do-not-query-localhost: no On July 29, 2019 12:44:45 AM GMT+03:00, Flipchan wrote: >Config file > >ns0# cat /var/unbound/etc/unbound.conf > ># $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $ > >server: > interface: 127.0.0.1 > #interface: ::1 > do-ip6: no > > access-control: 0.0.0.0/0 refuse > access-control: 127.0.0.0/8 allow > access-control: 192.168.0.0/16 allow > > access-control: ::0/0 refuse > access-control: ::1 allow > > hide-identity: yes > hide-version: yes > > >remote-control: > control-enable: yes > control-use-cert: no > control-interface: /var/run/unbound.sock > ># Use an upstream forwarder (recursive resolver) for specific zones. ># > >forward-zone: > name: "testing." > forward-addr: 127.0.0.1@5353 # to nsd daemon > >forward-zone: > name: "." # use for ALL queries > forward-addr: 1.1.1.1 > forward-addr: 74.82.42.42 > forward-addr: 2001:470:20::2 > forward-addr: 208.67.222.222 > forward-first: yes > >-- >Sincerely flipchan > >On July 28, 2019 6:21:49 PM GMT+03:00, Flipchan >wrote: >>Thanks for the configs ! >> >>https://jonwillia.ms/2018/09/23/anycast-dns-openbsd >>(github.com/bongozone/kibble) >> >>I have got it to work as only either only working with my internal >zone >>records or working with everything else >> >>Unbound ignores when i put a forward-zone: name: ".testing" when i >have >>another forward-zone: name: "." >> >>Does anyone know how this could be done ? I have nsd running the zone >>records for .testing and it works when i only have the .testing >>forward-zone in the unbound.conf , does anyone know what im doing >wrong >>? >> >> >> >>On July 27, 2019 1:35:55 AM GMT+03:00, Vijay Sankar >> wrote: >>> >>>Quoting Stuart Henderson : >>> No - you wouldn't do it with Unbound which is a *recursive* DNS server, you would use an authoritative one like NSD, PowerDNS, Knot > >> or BIND. All you would do with Unbound is use stub-zone to point it > >> at an authoritative server. -- Sent from a phone, apologies for poor formatting. On 26 July 2019 11:05:44 Flipchan wrote: > Can you link to any guides or pratical howtos on how to pratically > >> > do that with unbound ? > > Thanks > > > On July 25, 2019 9:32:29 PM GMT+03:00, Stuart Henderson > wrote: > On 2019-07-25, Flipchan wrote: > > Greetings everyone, > > Does anyone have a good solution for syncing unbound configuration >>>files? > > > i have the senario where i have two internal LAN's that in two > different offices that need to have the same internal > dns system for the local systems, and there is a lot of changes > being done in the internal zone records so i need > a good way to sync them(the ideal way where to have a similar > solution like mysql's master-master replication). > > Both dns resolvers are running unbound on openbsd 6.5 and right >now >> >>> > the configuration file is synced with ansible. > Does anyone have a good solution on replicating dns >records/configs >> >>> > for unbound. In the future it will be scaled > even more so right now is a good time to implement some >replication >> >>> > for the unbound configs. > > Does anyone have a solution for this? > > There is people changing the config files on both instances so the > >> > ideal way would be a replication real time sync function. > > Anyone got any ideas? > > > Thanks in advance > Ciao > flipchan > > > If multiple sites are updating records in the same internal zone >at >>>various > times, they would probably be better off with a normal > authoritative DNS server > serving that zone (with e.g. stub-zone to point unbound at it), > editing it in > one place, and using normal DNS replication (zone-transfer and >>>notify) > to push the updates. > > > -- > Sent from my Android device with K-9 Mail. Please excuse my >>brevity. >>> >>>I have two locations (foretell.ca and lab.foretell.ca) and for quite >a >> >>> >>>while used NSD and Unbound. But switched to the following approach >>>(however my use case is very simple and my networks are small, but it > >> >>>works well for me) >>> >>>My unbound.conf on four DNS servers have >>> >>>include: "/var/unbound/etc/zonedata" >>> >>>I then set up a simple zonedata file on one server with stuff such >as: >>> >>>local-zone: "foretell.ca." static >>>. >>>. >>>local-zone: "lab.foretell.ca." static >>>. >>>. >>>local-zone: "0.0.10.in-addr.arpa." static >>>. >>>. >>>local-zone: "3.72.10.in-addr.arpa." static >>>. >>>. >>>etc. etc. >>> >>>Changes to zonedata reflect changes at both locations. Then I just >>>have a rsync process running a few times a day that does the >>following: >>> >>>fr1s1.foretell.ca# more dnsupdate.sh >>>rsync -
Re: Syncing unbound.conf
Config file ns0# cat /var/unbound/etc/unbound.conf # $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $ server: interface: 127.0.0.1 #interface: ::1 do-ip6: no access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: 192.168.0.0/16 allow access-control: ::0/0 refuse access-control: ::1 allow hide-identity: yes hide-version: yes remote-control: control-enable: yes control-use-cert: no control-interface: /var/run/unbound.sock # Use an upstream forwarder (recursive resolver) for specific zones. # forward-zone: name: "testing." forward-addr: 127.0.0.1@5353 # to nsd daemon forward-zone: name: "." # use for ALL queries forward-addr: 1.1.1.1 forward-addr: 74.82.42.42 forward-addr: 2001:470:20::2 forward-addr: 208.67.222.222 forward-first: yes -- Sincerely flipchan On July 28, 2019 6:21:49 PM GMT+03:00, Flipchan wrote: >Thanks for the configs ! > >https://jonwillia.ms/2018/09/23/anycast-dns-openbsd >(github.com/bongozone/kibble) > >I have got it to work as only either only working with my internal zone >records or working with everything else > >Unbound ignores when i put a forward-zone: name: ".testing" when i have >another forward-zone: name: "." > >Does anyone know how this could be done ? I have nsd running the zone >records for .testing and it works when i only have the .testing >forward-zone in the unbound.conf , does anyone know what im doing wrong >? > > > >On July 27, 2019 1:35:55 AM GMT+03:00, Vijay Sankar > wrote: >> >>Quoting Stuart Henderson : >> >>> No - you wouldn't do it with Unbound which is a *recursive* DNS >>> server, you would use an authoritative one like NSD, PowerDNS, Knot > >>> or BIND. All you would do with Unbound is use stub-zone to point it > >>> at an authoritative server. >>> >>> -- >>> Sent from a phone, apologies for poor formatting. >>> On 26 July 2019 11:05:44 Flipchan wrote: Can you link to any guides or pratical howtos on how to pratically > do that with unbound ? Thanks On July 25, 2019 9:32:29 PM GMT+03:00, Stuart Henderson wrote: On 2019-07-25, Flipchan wrote: Greetings everyone, Does anyone have a good solution for syncing unbound configuration >>files? i have the senario where i have two internal LAN's that in two different offices that need to have the same internal dns system for the local systems, and there is a lot of changes being done in the internal zone records so i need a good way to sync them(the ideal way where to have a similar solution like mysql's master-master replication). Both dns resolvers are running unbound on openbsd 6.5 and right now > >> the configuration file is synced with ansible. Does anyone have a good solution on replicating dns records/configs > >> for unbound. In the future it will be scaled even more so right now is a good time to implement some replication > >> for the unbound configs. Does anyone have a solution for this? There is people changing the config files on both instances so the > ideal way would be a replication real time sync function. Anyone got any ideas? Thanks in advance Ciao flipchan If multiple sites are updating records in the same internal zone at >>various times, they would probably be better off with a normal authoritative DNS server serving that zone (with e.g. stub-zone to point unbound at it), editing it in one place, and using normal DNS replication (zone-transfer and >>notify) to push the updates. -- Sent from my Android device with K-9 Mail. Please excuse my >brevity. >> >>I have two locations (foretell.ca and lab.foretell.ca) and for quite a > >> >>while used NSD and Unbound. But switched to the following approach >>(however my use case is very simple and my networks are small, but it > >>works well for me) >> >>My unbound.conf on four DNS servers have >> >>include: "/var/unbound/etc/zonedata" >> >>I then set up a simple zonedata file on one server with stuff such as: >> >>local-zone: "foretell.ca." static >>. >>. >>local-zone: "lab.foretell.ca." static >>. >>. >>local-zone: "0.0.10.in-addr.arpa." static >>. >>. >>local-zone: "3.72.10.in-addr.arpa." static >>. >>. >>etc. etc. >> >>Changes to zonedata reflect changes at both locations. Then I just >>have a rsync process running a few times a day that does the >following: >> >>fr1s1.foretell.ca# more dnsupdate.sh >>rsync -av zonedata 10.0.0.1:/var/unbound/etc/ >>rsync -av zonedata 10.0.0.3:/var/unbound/etc/ >>rsync -av zonedata 10.72.3.1:/var/unbound/etc/ >>rsync -av zonedata 10.72.3.3:/var/unbound/etc/ >>ssh 10.0.0.1 /etc/rc.d/unbound restart >>ssh 10.0.0.3 /etc/rc.d/unbound restart >>ssh 10.72.3.1 /etc/rc.d/unbound restar
Re: Syncing unbound.conf
Thanks for the configs ! https://jonwillia.ms/2018/09/23/anycast-dns-openbsd (github.com/bongozone/kibble) I have got it to work as only either only working with my internal zone records or working with everything else Unbound ignores when i put a forward-zone: name: ".testing" when i have another forward-zone: name: "." Does anyone know how this could be done ? I have nsd running the zone records for .testing and it works when i only have the .testing forward-zone in the unbound.conf , does anyone know what im doing wrong ? On July 27, 2019 1:35:55 AM GMT+03:00, Vijay Sankar wrote: > >Quoting Stuart Henderson : > >> No - you wouldn't do it with Unbound which is a *recursive* DNS >> server, you would use an authoritative one like NSD, PowerDNS, Knot >> or BIND. All you would do with Unbound is use stub-zone to point it >> at an authoritative server. >> >> -- >> Sent from a phone, apologies for poor formatting. >> On 26 July 2019 11:05:44 Flipchan wrote: >>> Can you link to any guides or pratical howtos on how to pratically >>> do that with unbound ? >>> >>> Thanks >>> >>> >>> On July 25, 2019 9:32:29 PM GMT+03:00, Stuart Henderson >>> wrote: >>> On 2019-07-25, Flipchan wrote: >>> >>> Greetings everyone, >>> >>> Does anyone have a good solution for syncing unbound configuration >files? >>> >>> >>> i have the senario where i have two internal LAN's that in two >>> different offices that need to have the same internal >>> dns system for the local systems, and there is a lot of changes >>> being done in the internal zone records so i need >>> a good way to sync them(the ideal way where to have a similar >>> solution like mysql's master-master replication). >>> >>> Both dns resolvers are running unbound on openbsd 6.5 and right now > >>> the configuration file is synced with ansible. >>> Does anyone have a good solution on replicating dns records/configs > >>> for unbound. In the future it will be scaled >>> even more so right now is a good time to implement some replication > >>> for the unbound configs. >>> >>> Does anyone have a solution for this? >>> >>> There is people changing the config files on both instances so the >>> ideal way would be a replication real time sync function. >>> >>> Anyone got any ideas? >>> >>> >>> Thanks in advance >>> Ciao >>> flipchan >>> >>> >>> If multiple sites are updating records in the same internal zone at >various >>> times, they would probably be better off with a normal >>> authoritative DNS server >>> serving that zone (with e.g. stub-zone to point unbound at it), >>> editing it in >>> one place, and using normal DNS replication (zone-transfer and >notify) >>> to push the updates. >>> >>> >>> -- >>> Sent from my Android device with K-9 Mail. Please excuse my brevity. > >I have two locations (foretell.ca and lab.foretell.ca) and for quite a > >while used NSD and Unbound. But switched to the following approach >(however my use case is very simple and my networks are small, but it >works well for me) > >My unbound.conf on four DNS servers have > >include: "/var/unbound/etc/zonedata" > >I then set up a simple zonedata file on one server with stuff such as: > >local-zone: "foretell.ca." static >. >. >local-zone: "lab.foretell.ca." static >. >. >local-zone: "0.0.10.in-addr.arpa." static >. >. >local-zone: "3.72.10.in-addr.arpa." static >. >. >etc. etc. > >Changes to zonedata reflect changes at both locations. Then I just >have a rsync process running a few times a day that does the following: > >fr1s1.foretell.ca# more dnsupdate.sh >rsync -av zonedata 10.0.0.1:/var/unbound/etc/ >rsync -av zonedata 10.0.0.3:/var/unbound/etc/ >rsync -av zonedata 10.72.3.1:/var/unbound/etc/ >rsync -av zonedata 10.72.3.3:/var/unbound/etc/ >ssh 10.0.0.1 /etc/rc.d/unbound restart >ssh 10.0.0.3 /etc/rc.d/unbound restart >ssh 10.72.3.1 /etc/rc.d/unbound restart >ssh 10.72.3.3 /etc/rc.d/unbound restart > >Obviously I am not sure if this will scale for your requirements but >mentioning this just in case it helps. > >Vijay > > >-- >ForeTell Technologies Limited >59 Flamingo Avenue >Winnipeg, MB, Canada >R3J 0X6 -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Syncing unbound.conf
Quoting Stuart Henderson : No - you wouldn't do it with Unbound which is a *recursive* DNS server, you would use an authoritative one like NSD, PowerDNS, Knot or BIND. All you would do with Unbound is use stub-zone to point it at an authoritative server. -- Sent from a phone, apologies for poor formatting. On 26 July 2019 11:05:44 Flipchan wrote: Can you link to any guides or pratical howtos on how to pratically do that with unbound ? Thanks On July 25, 2019 9:32:29 PM GMT+03:00, Stuart Henderson wrote: On 2019-07-25, Flipchan wrote: Greetings everyone, Does anyone have a good solution for syncing unbound configuration files? i have the senario where i have two internal LAN's that in two different offices that need to have the same internal dns system for the local systems, and there is a lot of changes being done in the internal zone records so i need a good way to sync them(the ideal way where to have a similar solution like mysql's master-master replication). Both dns resolvers are running unbound on openbsd 6.5 and right now the configuration file is synced with ansible. Does anyone have a good solution on replicating dns records/configs for unbound. In the future it will be scaled even more so right now is a good time to implement some replication for the unbound configs. Does anyone have a solution for this? There is people changing the config files on both instances so the ideal way would be a replication real time sync function. Anyone got any ideas? Thanks in advance Ciao flipchan If multiple sites are updating records in the same internal zone at various times, they would probably be better off with a normal authoritative DNS server serving that zone (with e.g. stub-zone to point unbound at it), editing it in one place, and using normal DNS replication (zone-transfer and notify) to push the updates. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. I have two locations (foretell.ca and lab.foretell.ca) and for quite a while used NSD and Unbound. But switched to the following approach (however my use case is very simple and my networks are small, but it works well for me) My unbound.conf on four DNS servers have include: "/var/unbound/etc/zonedata" I then set up a simple zonedata file on one server with stuff such as: local-zone: "foretell.ca." static . . local-zone: "lab.foretell.ca." static . . local-zone: "0.0.10.in-addr.arpa." static . . local-zone: "3.72.10.in-addr.arpa." static . . etc. etc. Changes to zonedata reflect changes at both locations. Then I just have a rsync process running a few times a day that does the following: fr1s1.foretell.ca# more dnsupdate.sh rsync -av zonedata 10.0.0.1:/var/unbound/etc/ rsync -av zonedata 10.0.0.3:/var/unbound/etc/ rsync -av zonedata 10.72.3.1:/var/unbound/etc/ rsync -av zonedata 10.72.3.3:/var/unbound/etc/ ssh 10.0.0.1 /etc/rc.d/unbound restart ssh 10.0.0.3 /etc/rc.d/unbound restart ssh 10.72.3.1 /etc/rc.d/unbound restart ssh 10.72.3.3 /etc/rc.d/unbound restart Obviously I am not sure if this will scale for your requirements but mentioning this just in case it helps. Vijay -- ForeTell Technologies Limited 59 Flamingo Avenue Winnipeg, MB, Canada R3J 0X6
Re: Syncing unbound.conf
No - you wouldn't do it with Unbound which is a *recursive* DNS server, you would use an authoritative one like NSD, PowerDNS, Knot or BIND. All you would do with Unbound is use stub-zone to point it at an authoritative server. -- Sent from a phone, apologies for poor formatting. On 26 July 2019 11:05:44 Flipchan wrote: Can you link to any guides or pratical howtos on how to pratically do that with unbound ? Thanks On July 25, 2019 9:32:29 PM GMT+03:00, Stuart Henderson wrote: On 2019-07-25, Flipchan wrote: Greetings everyone, Does anyone have a good solution for syncing unbound configuration files? i have the senario where i have two internal LAN's that in two different offices that need to have the same internal dns system for the local systems, and there is a lot of changes being done in the internal zone records so i need a good way to sync them(the ideal way where to have a similar solution like mysql's master-master replication). Both dns resolvers are running unbound on openbsd 6.5 and right now the configuration file is synced with ansible. Does anyone have a good solution on replicating dns records/configs for unbound. In the future it will be scaled even more so right now is a good time to implement some replication for the unbound configs. Does anyone have a solution for this? There is people changing the config files on both instances so the ideal way would be a replication real time sync function. Anyone got any ideas? Thanks in advance Ciao flipchan If multiple sites are updating records in the same internal zone at various times, they would probably be better off with a normal authoritative DNS server serving that zone (with e.g. stub-zone to point unbound at it), editing it in one place, and using normal DNS replication (zone-transfer and notify) to push the updates. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Syncing unbound.conf
Can you link to any guides or pratical howtos on how to pratically do that with unbound ? Thanks On July 25, 2019 9:32:29 PM GMT+03:00, Stuart Henderson wrote: >On 2019-07-25, Flipchan wrote: >> Greetings everyone, >> >> Does anyone have a good solution for syncing unbound configuration >files? >> >> >> i have the senario where i have two internal LAN's that in two >different offices that need to have the same internal >> dns system for the local systems, and there is a lot of changes being >done in the internal zone records so i need >> a good way to sync them(the ideal way where to have a similar >solution like mysql's master-master replication). >> >> Both dns resolvers are running unbound on openbsd 6.5 and right now >the configuration file is synced with ansible. >> Does anyone have a good solution on replicating dns records/configs >for unbound. In the future it will be scaled >> even more so right now is a good time to implement some replication >for the unbound configs. >> >> Does anyone have a solution for this? >> >> There is people changing the config files on both instances so the >ideal way would be a replication real time sync function. >> >> Anyone got any ideas? >> >> >> Thanks in advance >> Ciao >> flipchan >> > >If multiple sites are updating records in the same internal zone at >various >times, they would probably be better off with a normal authoritative >DNS server >serving that zone (with e.g. stub-zone to point unbound at it), editing >it in >one place, and using normal DNS replication (zone-transfer and notify) >to push the updates. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Syncing unbound.conf
On 2019-07-25, Flipchan wrote: > Greetings everyone, > > Does anyone have a good solution for syncing unbound configuration files? > > > i have the senario where i have two internal LAN's that in two different > offices that need to have the same internal > dns system for the local systems, and there is a lot of changes being done in > the internal zone records so i need > a good way to sync them(the ideal way where to have a similar solution like > mysql's master-master replication). > > Both dns resolvers are running unbound on openbsd 6.5 and right now the > configuration file is synced with ansible. > Does anyone have a good solution on replicating dns records/configs for > unbound. In the future it will be scaled > even more so right now is a good time to implement some replication for the > unbound configs. > > Does anyone have a solution for this? > > There is people changing the config files on both instances so the ideal way > would be a replication real time sync function. > > Anyone got any ideas? > > > Thanks in advance > Ciao > flipchan > If multiple sites are updating records in the same internal zone at various times, they would probably be better off with a normal authoritative DNS server serving that zone (with e.g. stub-zone to point unbound at it), editing it in one place, and using normal DNS replication (zone-transfer and notify) to push the updates.
Re: Syncing unbound.conf
Hi Flipchan, I am using rdist(1) for it: https://chargen.one/obsdams/rdist-1-when-ansible-is-too-much Mischa > On 25 Jul 2019, at 13:55, Flipchan wrote: > > Greetings everyone, > > Does anyone have a good solution for syncing unbound configuration files? > > > i have the senario where i have two internal LAN's that in two different > offices that need to have the same internal > dns system for the local systems, and there is a lot of changes being done in > the internal zone records so i need > a good way to sync them(the ideal way where to have a similar solution like > mysql's master-master replication). > > Both dns resolvers are running unbound on openbsd 6.5 and right now the > configuration file is synced with ansible. > Does anyone have a good solution on replicating dns records/configs for > unbound. In the future it will be scaled > even more so right now is a good time to implement some replication for the > unbound configs. > > Does anyone have a solution for this? > > There is people changing the config files on both instances so the ideal way > would be a replication real time sync function. > > Anyone got any ideas? > > > Thanks in advance > Ciao > flipchan
Syncing unbound.conf
Greetings everyone, Does anyone have a good solution for syncing unbound configuration files? i have the senario where i have two internal LAN's that in two different offices that need to have the same internal dns system for the local systems, and there is a lot of changes being done in the internal zone records so i need a good way to sync them(the ideal way where to have a similar solution like mysql's master-master replication). Both dns resolvers are running unbound on openbsd 6.5 and right now the configuration file is synced with ansible. Does anyone have a good solution on replicating dns records/configs for unbound. In the future it will be scaled even more so right now is a good time to implement some replication for the unbound configs. Does anyone have a solution for this? There is people changing the config files on both instances so the ideal way would be a replication real time sync function. Anyone got any ideas? Thanks in advance Ciao flipchan
