On 2012-03-18 at 09:14 +0000, Sabahattin Gucukoglu wrote: > Running Unbound 1.4.16, I cannot put "interface: fe80::…" into unbound.conf. > It warns on startup that there's no IPv6 support. Yet, outgoing interface is > default (::) and the default ::1 bind works. Finally, just setting it to > "::0" to listen on all works, and that's what I've had to do, just using > access control to limit it. > > So what's happening? I'd love to only accept queries from the local link, > and retrieve DNS data from v6-reachable name servers. Your help appreciated.
At a guess (because I haven't explored this area with unbound): remember that link-level addresses are per-interface and need a scope in order to be interpreted. A convention on KAME-derived systems is that you can attach the interface name to the address as the scope, with %intf at the end of the address. Here you'll see how I can't even ping an IP address attached to an interface on the same machine generating the pings, until I provide a scope for interpretation. % ping6 -n fe80::2e0:81ff:fe5c:8ea9 ping6: UDP connect: Network is unreachable % ping6 -n fe80::2e0:81ff:fe5c:8ea9%bge0 PING6(56=40+8+8 bytes) fe80::2e0:81ff:fe5c:8ea9%bge0 --> fe80::2e0:81ff:fe5c:8ea9%bge0 16 bytes from fe80::2e0:81ff:fe5c:8ea9%bge0, icmp_seq=0 hlim=64 time=0.072 ms ^C -Phil _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
