Solved This file was generated by local-unbound-setup

[japoc]

Hello,

I run a server who was automatically set up by OVH.
The /etc/rc.conf contains the line

local_unbound_enable="YES"

There is no unbound_enable="YES" in the /etc/rc.conf, and the unbound service is not running.

(Edit: Well, actually, I don't know.

# service unbound status
Cannot 'status' unbound. Set unbound_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.

however

# ps aux | grep [NOPARSE][u][/NOPARSE]nbound
unbound 851 0.0 0.5 26028 9192 - Is 17:18 0:00.05 /usr/sbin/unbound -c /var/unbound/unbound.conf

)

The local_unbound service, on the other hand appears to be running.

I'd like to modify some settings for local_unbound, to allow the name server currently listening at 127.0.0.1 to also listen on 192.168.0.1 which is the address of the lo1 cloned interface (for my jails).
However, I don't see any config file anywhere that would allow me to change anything.
In all the config files that seem to be related to local_unbound, including the /var/unbound/unbound.conf file, I can read the line:

# This file was generated by local-unbound-setup.
# Modifications will be overwritten.

So what can I do?

Thanks for your help

 

[japoc]

I think I found the way to customize the set up.
I have to use the -C option of the local-unbound-setup script to pass a custom directory of custom conf files that will be added to the configuration generated by local-unbound-setup.

# local-unbound-setup -C /path/to/my/custom/directory/

I'll try that after dinner.
These changes would probably disappear after reboot, though.

 

[japoc]

It seems I managed to solve this by doing the following:

# mkdir /path/to/my-local-unbound-directory/

then create a /path/to/my-local-unbound-directory/unbound.conf file with the following content:

server:
    access-control: 192.168.0.0/24 allow
    access-control: 127.0.0.0/8 allow
    interface: 192.168.0.1
    interface: 127.0.0.1

Then run

local-unbound-setup -C /path/to/my-local-unbound-directory/

After that

# host -t A yahoo.com
yahoo.com has address 98.139.183.24
yahoo.com has address 206.190.36.45
yahoo.com has address 98.138.253.109

continues to work from the host, and now works also from inside the jail.
So I guess this shows that name resolution is now working from inside the jail.

 

[SirDice]

Note there is a difference between local_unbound (/usr/sbin/unbound; part of the base OS) and unbound (/usr/local/sbin/unbound; the port dns/unbound). You seem to be confusing those two.

 

[japoc]

Yes, I see there are two distinct services that could be activated, either unbound or local_unbound. Thanks for pointing out that the binaries, though both called unbound, are actually distinct too. I didn't know that.

This problem is solved to me now. I'm still stuck with this one, though: https://forums.freebsd.org/threads/61107/