Unbound only resolve internal.

wanttotree

New Member


Messages: 2

Hi,
Post #1
I want to setup unbound to do all authoritative, validating, recursive caching DNS without forwarding to any 3rd party dns server like google or cloudfare, but i have a problem to fix.

Installed unbound 1.8.3 on freebsd 12 and got it running and kinda working. Freebsd itself can request dns to resolve. Ping, update and upgrade can be made through unbound that i installed flawlessly.

The problem now, it wont answer external request from my devices like my mac and my android phone.
Already done these to conf;

Interface: 0.0.0.0

Access list: 127.0.0.0/8
Access list: 10.0.0.0/24 <--- my internal ip on the router.

Pointed root.hints and .key folder path correctly. They are all in the same folder where unbound.conf anyway. Which is in "/usr/local/etc/unbound/".

I made all the config using root btw, thought that might be the problem, but my unbound can resolve internally perfectly. Anyone have any idea im missing?

Its driving me crazy because i have another setup that works. Which is the one im currently using on my debian server, installed through apt install instead. 100% working with the exact same setup as the one on freebsd. The only downside is its quite an old version which is 1.6.x.

Anyway, thanx for reading my post. Hope u guys can help me out with this. Please let me know what i should point out. Cheers.
 

Jeckt

Member

Reaction score: 17
Messages: 71

Have you tested the queries from the server itself? If you use drill @127.0.0.1 freebsd.org it might give you more information. Also perhaps try forwarding all traffic to google (a dns resolver you know exists and is working) to see if the traffic is going through.

#forward-zone:
# name: "."
# forward-addr: 8.8.8.8
 

KBK

New Member

Reaction score: 2
Messages: 6

Hello
what about file permissions?

FreeBSD:
drwxr-xr-x 2 unbound unbound 512B Jun 22 2018 conf.d
-rw-r--r-- 1 root unbound 192B Jul 6 17:39 control.conf
-rw-r--r-- 1 root unbound 189B Aug 18 06:14 lan-zones.conf
-rw-r--r-- 1 user wheel 3.2K Jan 30 2018 root.hints
-rw-r--r-- 1 unbound unbound 1.2K Jul 6 17:31 root.key
-rw-r--r-- 1 user user 210K Aug 31 19:35 unbound_add_servers
-rw-r--r-- 1 root unbound 3.9K Oct 29 19:37 unbound.conf
-rw-r--r-- 1 unbound unbound 9.6M Dec 29 09:02 unbound.log
-rw-r--r-- 1 unbound unbound 6B Dec 29 07:41 unbound.pid

Debian:
-rw------- 1 unbound unbound 3315 Jan 30 2018 root.hints
-rw-r--r-- 1 unbound unbound 1252 Sep 27 14:21 root.key
-rw------- 1 root root 4074 Oct 2 06:44 unbound.conf
drwxr-xr-x 2 root root 4096 Sep 27 17:22 unbound.conf.d
-rw------- 1 unbound unbound 848793 Oct 2 06:48 unbound.log
-rw-r--r-- 1 unbound unbound 5 Sep 27 14:57 unbound.pid
-rw------- 1 user user 214655 Aug 31 22:35 unbound_ad_servers
-rw------- 1 root root 2459 Sep 27 16:47 unbound_control.key
-rw-r----- 1 root root 1330 Sep 27 16:47 unbound_control.pem
-rw------- 1 root root 2459 Sep 27 16:47 unbound_server.key
-rw-r----- 1 root root 1318 Sep 27 16:47 unbound_server.pem

There are some differences and no unbond howto stress this point.
Hope this help and Happy New Year to all.
KBK
 
OP
OP
W

wanttotree

New Member


Messages: 2

Thank you for the reply guys. I have checked permission on root.key. yes its on user unbound.
I also tested forwarding and it didnt work at first. My solution was to reinstall freebsd fresh and reinstall unbound 1.8.3. turns out it was one little devil in my config file which is "so-rcvbuf". I set it at 32mb and it just wouldnt work at all. I set it back to 1mb instead and viola. Although i had to add one line of config at a time and restart and see if there are any fault untill i found one! Only figured to try that after a week of late night sleep lol.

The only reason i stick with a set of config was because im running an older unbound 1.6.0 on debian which works properly even with "so-rcvbuf: 32mb" in the config. Didnt know that was the ONE thing i had wrong in the conf file.

Anyways thanx again for the advice, it was my own fault in the first place.
 
Top