Hello guys, I need some help about understanding how to do what I need with unbound.
My setup is basically is 2 IPVS (heartbeat + ldirectord) with gate(not masquerade) to 4 servers each. So I need to setup the IPVS on the servers in their loopbacks so I can use the IP to reply. No arp allowed, forward allowed as needed. This setup works w/ Named/Bind. The queries are replied by the IP requested (on the loopback as he's the IPVS) But w/ unbound the request address is the IPVS but the reply comes from the real IP on the interface, resulting in: dig google.com @IPVS ;; reply from unexpected source: REALSERVER#53, expected IPVS# Searching the archives, from oldest to newest I found this: http://www.unbound.net/pipermail/unbound-users/2008-January/000003.html And this: http://www.unbound.net/pipermail/unbound-users/2012-June/002404.html I can't bind to 0.0.0.0 cause bind is running on the other interfaces. This is why I have to use the IPs on the config w/ multiple interface statements. They are both near what I have atm but not the same. I get this behavior on 1.4.21-r2 (from Gentoo portage) If I made any mistake in the config let me know: erver: verbosity: 1 interface: REALIP interface: IPVS1 interface: IPVS2 port: 53 cache-min-ttl: 300 cache-max-ttl: 86400 infra-host-ttl: 900 infra-cache-slabs: 8 infra-cache-numhosts: 100000 do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes access-control: MYNETWORK.0/24 allow username: "unbound" directory: "/etc/unbound" logfile: "logs/unbound.log" use-syslog: no log-queries: yes pidfile: "/var/run/unbound.pid" hide-identity: yes hide-version: yes identity: "" version: "" harden-short-bufsize: no harden-large-queries: no harden-glue: yes harden-dnssec-stripped: yes harden-below-nxdomain: no harden-referral-path: no use-caps-for-id: yes prefetch: yes prefetch-key: yes rrset-roundrobin: yes minimal-responses: yes key-cache-size: 512m key-cache-slabs: 8 neg-cache-size: 8m include: "/etc/unbound/local-zone.conf" python: remote-control: -- [ ]'s Filipe Cifali Stangler
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
