Hello unbound-users:
I have Unbound 1.4.19 running on Ubuntu 13.04 server on my LAN (private
address) that I wish to use as a local caching recursive DNS server (not
attempting DNSSEC). The reason I have set up Unbound is to provide caching for
DNSCrypt-Proxy which is also running on this same machine. By capturing the
traffic at the router level I can verify that when I do a lookup from this same
Ubuntu machine it is correctly going through DNSCrypt-Proxy because there is no
port 53 activity, it runs over port 443 to the OpenDNS server as expected.
The problem arises when another computer on the LAN tries to do a lookup using
the Unbound computer -- the traffic then uses standard port 53 and does a full
lookup starting with a TLD.
The appearance is that the local machine respects the forward-zone setting
(forwards all to DNSCrypt-Proxy on 127.0.0.2) but the lookups for other
machines on the LAN are not respecting the forward-zone setting.
I'm running unbound version 1.4.19 on Ubuntu 13.04 server. Thank you for your
help.
-Casey
my unbound.conf
server:
verbosity: 1
statistics-cumulative: yes
interface: 127.0.0.1
interface: 10.0.1.13
outgoing-interface: 10.0.1.13
msg-cache-size: 8m
rrset-cache-size: 16m
access-control: 10.0.1.0/24 allow
username: "unbound"
logfile: "/var/log/unbound.log"
use-syslog: no
log-time-ascii: yes
private-domain: "home.lan"
prefetch: yes
module-config: "iterator"
auto-trust-anchor-file: "/etc/unbound/root.key"
dlv-anchor-file: "dlv.isc.org.key"
domain-insecure: "home.lan"
local-zone: "home.lan." static
local-data: "pfsense.home.lan. IN A 10.0.0.1"
local-data-ptr: "10.0.0.1 pfsense.home.lan"
python:
remote-control:
stub-zone:
name: "home.lan"
stub-addr: 10.0.1.1
stub-prime: no
stub-first: no
forward-zone:
name: "."
forward-addr: 127.0.0.2 # forward all to 127.0.0.2 where DNSCrypt is
running!
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
