FreeBSD 10 + unbound + jail == nothing resolves

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

FreeBSD 10 + unbound + jail == nothing resolves

Marc Fournier-4

Before I give up and just install bind (which I’d really like to avoid doing, but it did work out of the box) … has anyone gotten this to run?

I’ve searched Google, and can find next to nothing  … but I have to be missing something obvious, else I would expect to find loads … or nobody is acutally doing this …

I tried the simple:

add local_unbound_enable=“YES” to rc.conf
start up the service

it modifies my /etc/resolv.conf, starts  up, but when I try to ‘drill’ a domain, I get nothing back … checked /var/log/messages, only thing I see is what appears to be the start up:

Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 0: validator
Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 1: iterator


I’ve even tried running from the command line with ‘-d -vv’, and all I get is:

/var/unbound # /usr/sbin/unbound -c/var/unbound/unbound.conf -d -vv
[1407997717] unbound[45554:0] notice: Start of unbound 1.4.20.
[1407997717] unbound[45554:0] debug: switching log to syslog

I have it running on the host server, and it responsed perfectly well … I’ve tried changing the ‘namserver’ setting in /etc/resolv.conf to be the IP of the jail, vs localhost … as well as setting ‘interfaces’ in /var/unbound/unbound.conf … no difference …

Help?



_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: FreeBSD 10 + unbound + jail == nothing resolves

Ruben van Staveren

Marc,

can you try to disable DNSSEC?

http://www.unbound.net/documentation/howto_turnoff_dnssec.html

(and add val-log-level: 2)

it might be that your upstream nameserver botches DNSSEC reply. To keep DNSSEC, uncomment inclusion of the generated forwarder configuration and have unbound query the root nameservers itself.

Cheers,
        Ruben
 

On 14 Aug 2014, at 8:48, Marc Fournier <[hidden email]> wrote:

>
> Before I give up and just install bind (which I’d really like to avoid doing, but it did work out of the box) … has anyone gotten this to run?
>
> I’ve searched Google, and can find next to nothing  … but I have to be missing something obvious, else I would expect to find loads … or nobody is acutally doing this …
>
> I tried the simple:
>
> add local_unbound_enable=“YES” to rc.conf
> start up the service
>
> it modifies my /etc/resolv.conf, starts  up, but when I try to ‘drill’ a domain, I get nothing back … checked /var/log/messages, only thing I see is what appears to be the start up:
>
> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 0: validator
> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 1: iterator
>
>
> I’ve even tried running from the command line with ‘-d -vv’, and all I get is:
>
> /var/unbound # /usr/sbin/unbound -c/var/unbound/unbound.conf -d -vv
> [1407997717] unbound[45554:0] notice: Start of unbound 1.4.20.
> [1407997717] unbound[45554:0] debug: switching log to syslog
>
> I have it running on the host server, and it responsed perfectly well … I’ve tried changing the ‘namserver’ setting in /etc/resolv.conf to be the IP of the jail, vs localhost … as well as setting ‘interfaces’ in /var/unbound/unbound.conf … no difference …
>
> Help?
>
>
>
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "[hidden email]"
>


signature.asc (210 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: FreeBSD 10 + unbound + jail == nothing resolves

Marc Fournier-4

Damn, missed the /var/log/debug.log file … had been monitoring /var/log/messsages … in /var/log/debug.log, I get:

Aug 14 17:45:36 97381 unbound: [98857:0] debug: refused query from ip4 200.46.208.99 port 61092 (len 16)
Aug 14 17:45:36 97381 unbound: [98857:0] debug: refuse[53:0] 124D0100000100000000000102363602373202333802353007696E2D61646472046172706100000C0001000029FFFF000000000000

before and after disabling DNSSEC … got it, had to add:

access-control: 200.46.208.99/32 allow

now it resolves fine …

thx

On Aug 14, 2014, at 08:17 , Ruben van Staveren <[hidden email]> wrote:

>
> Marc,
>
> can you try to disable DNSSEC?
>
> http://www.unbound.net/documentation/howto_turnoff_dnssec.html
>
> (and add val-log-level: 2)
>
> it might be that your upstream nameserver botches DNSSEC reply. To keep DNSSEC, uncomment inclusion of the generated forwarder configuration and have unbound query the root nameservers itself.
>
> Cheers,
> Ruben
>
>
> On 14 Aug 2014, at 8:48, Marc Fournier <[hidden email]> wrote:
>
>>
>> Before I give up and just install bind (which I’d really like to avoid doing, but it did work out of the box) … has anyone gotten this to run?
>>
>> I’ve searched Google, and can find next to nothing  … but I have to be missing something obvious, else I would expect to find loads … or nobody is acutally doing this …
>>
>> I tried the simple:
>>
>> add local_unbound_enable=“YES” to rc.conf
>> start up the service
>>
>> it modifies my /etc/resolv.conf, starts  up, but when I try to ‘drill’ a domain, I get nothing back … checked /var/log/messages, only thing I see is what appears to be the start up:
>>
>> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 0: validator
>> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 1: iterator
>>
>>
>> I’ve even tried running from the command line with ‘-d -vv’, and all I get is:
>>
>> /var/unbound # /usr/sbin/unbound -c/var/unbound/unbound.conf -d -vv
>> [1407997717] unbound[45554:0] notice: Start of unbound 1.4.20.
>> [1407997717] unbound[45554:0] debug: switching log to syslog
>>
>> I have it running on the host server, and it responsed perfectly well … I’ve tried changing the ‘namserver’ setting in /etc/resolv.conf to be the IP of the jail, vs localhost … as well as setting ‘interfaces’ in /var/unbound/unbound.conf … no difference …
>>
>> Help?
>>
>>
>>
>> _______________________________________________
>> [hidden email] mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
>> To unsubscribe, send any mail to "[hidden email]"
>>
>

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"