unbound not working

Hello

I followed very simple steps to setup unbound but that is not working. My FreeBSD version is 11.0-RELEASE-p12.

At first this was the resolv.conf before unbound started:

Code:
$ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 8.8.8.8
nameserver 8.8.4.4

I start the unbound by service:

Code:
$ service local_unbound start
Performing initial setup.
Extracting forwarders from /etc/resolv.conf.
/var/unbound/forward.conf created
/var/unbound/lan-zones.conf created
/var/unbound/control.conf created
/var/unbound/unbound.conf created
/etc/resolvconf.conf created
original /etc/resolv.conf saved as /etc/resolv.conf.20170919.121929
Starting local_unbound.

The service running well, but that is not working.

Code:
$ ping google.com
ping: cannot resolve google.com: Host name lookup failure

I am not sure if that is some problem from DNSSEC:

Code:
$ drill -S freebsd.org           
;; Number of trusted keys: 1
;; Chasing: freebsd.org. A


DNSSEC Trust tree:
freebsd.org. (A)
|---freebsd.org. (DNSKEY keytag: 63768 alg: 8 flags: 256)
No trusted keys found in tree: first error was: No DNSSEC public key(s)
;; Chase failed.

please help.
 
Unbound does not work out of the box without further configuration. See unbound.conf(5).
Do not try DNSSEC before you had configured a working Unbound first.

Check with # sockstat -l | grep unbound if and where Unbound is listening. Each clients /etc/resolv.conf needs to match this or DHCP needs to be configured to use this address that is to be configured in unbound.conf.

Thanks, I studied the man page but I can't see anything wrong from the default configurations. The DNS server was configured properly in forward.conf:

Code:
$ cat forward.conf 
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
forward-zone:
        name: .
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4


the sockstat reports:

Code:
$ sudo sockstat -l | grep unbound
unbound  unbound    70191 3  udp6   ::1:53                *:*
unbound  unbound    70191 4  tcp6   ::1:53                *:*
unbound  unbound    70191 5  udp4   127.0.0.1:53          *:*
unbound  unbound    70191 6  tcp4   127.0.0.1:53          *:*
unbound  unbound    70191 7  stream /var/run/local_unbound.ctl

And I am testing the google.com could not be resolved even in FreeBSD server itself.
 
The problem should be from DNSSEC, in case I use this in unbound.conf:

Code:
module-config:                  "iterator"

Which is working fine.

But I still have problem to make it working with DNSSEC. I have created root.hints and the root.key generated by unbound itself, but in drill -S seems not successful:

Code:
$ drill -S freebsd.org @8.8.8.8
;; Number of trusted keys: 1
;; Chasing: freebsd.org. A


DNSSEC Trust tree:
freebsd.org. (A)
|---freebsd.org. (DNSKEY keytag: 63768 alg: 8 flags: 256)
No trusted keys found in tree: first error was: No DNSSEC public key(s)
;; Chase failed.

Is there anything I could try to get DNSSEC working?
 
Back
Top