Solved Setup Unbound DNS Server on FreeBSD Bhyve

mehdi

mehdi

I'm trying to set up an unbound DNS server on a bhyve vm.

On host, I have the following configurations, nothing special:
sh: 
root@host > cat /etc/rc.conf

# NETWORK
ifconfig_re0="inet 192.168.0.2/24"
defaultrouter="192.168.0.1"

## ZFS
zfs_enable="YES"

# VM-BHYVE
vm_enable="YES"
vm_dir="zfs:nas-00/bhyve"

root@host > doas vm list
NAME       DATASTORE  LOADER  CPU  MEMORY  VNC  AUTO  STATE
ns-client  default    uefi    1    512m    -    No    Running (13447)
ns1        default    uefi    1    512m    -    No    Running (13428)

I didn't assigned an IP address to my vm-switch as SirDice suggested here:
forums.freebsd.org

Solved - tap interface doesn't seems to receive anything

Hello, I have an issue with tap interface participating the bridge. The ]tap interface doesn't seems to receive anything, but it does send staff. I have recently update the BSD # uname -mrs -> FreeBSD 12.1-RELEASE-p7 amd64 Here is what I done: # bge0 - lan interface # sysctl...
forums.freebsd.org forums.freebsd.org

sh: 
root@host > vm switch list
NAME      TYPE      IFACE        ADDRESS  PRIVATE  MTU  VLAN  PORTS
switch-0  standard  vm-switch-0  -        no       -    -     re0

On the vm named ns1 which is supposed to serve as DNS server, I have the following configuration:
sh: 
root@ns1:~ # cat /etc/rc.conf
hostname="ns1"
ifconfig_vtnet0="inet 192.168.0.101 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
sshd_enable="YES"
unbound_enable="YES"

root@ns1:~ # cat /etc/resolv.conf
nameserver 127.0.0.1

My unbound configuration file:
sh: 
root@ns1:~ # cat /usr/local/etc/unbound/unbound.conf
server:
        interface: 127.0.0.1
        port: 53
        prefer-ip6: no
        access-control: 127.0.0.0/8 allow
        access-control: 192.168.0.0/24 allow
#       root-hints: "/usr/local/etc/unbound/named.root"
#       private-domain: "tannen.internal"
#       auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
forward-zone:
        name: "." 
       forward-addr: 1.1.1.1
        forward-addr: 4.2.2.2
        forward-addr: 8.8.8.8

When I try to see if ns1 resolves the DNS queries from the other bhyve vm ns-client, I get the following error message:
sh: 
root@ns-client:~ # drill freebsd.org @192.168.0.101
Error: error sending query: Could not send or receive, because of network error
ns-client is configured as following:
sh: 
root@ns-client:~ # cat /etc/rc.conf
hostname="ns-client"
ifconfig_vtnet0="inet 192.168.0.103 netmask 255.255.255.0"
defaultrouter="192.168.0.1"

root@ns-client:~ # cat /etc/resolv.conf
nameserver 192.168.0.101

I used tcpdump to see, If ns1 recieves queries from ns-client.

sh: 
root@ns1:~ # tcpdump -ni vtnet0 udp port 53
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vtnet0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:25:16.707868 IP 192.168.0.103.19142 > 192.168.0.101.53: 37527+ A? freebsd.org. (29)
13:25:21.733635 IP 192.168.0.103.40372 > 192.168.0.101.53: 37527+ A? freebsd.org. (29)
13:25:26.804160 IP 192.168.0.103.11454 > 192.168.0.101.53: 37527+ A? freebsd.org. (29)

ns1 recieves queries from the ns-client, but no responces from upstream.

Any Idea, what causes this problem?
 
I solved the issue. sockstat -l -4 showed me that the port 53 was open for only the localhost queries.
This solved it:
sh: 
root@ns1:~ # cat /usr/local/etc/unbound/unbound.conf
server:
        interface: 0.0.0.0
 
I guess, your solution will make your server listen port 53 on your public internet NIC interface as well?

Would that create a security issue?
 
You must log in or register to reply here.
Back
Top