***: Seji has quit IRC (Read error: Connection reset by peer)
Seji has joined #arpnetworks
m0unds_ has joined #arpnetworks mnathani: ping ***: mnathani_ has quit IRC ()
mnathani_ has joined #arpnetworks
mnathani_ has quit IRC (Ping timeout: 272 seconds)
mnathani_ has joined #arpnetworks kellytk: mnathani: pong
Does anyone have experience with configuring Unbound on FreeBSD? I've run into a problem with setting up forwarding for .lan, the TLD I use for LANs mjp_: whats the error kellytk: There is no error as yet, I haven't got that far. To begin with, the path for Unbound config files seems to be unstable. Both /etc/unbound (/var/unbound) and /usr/local/etc/unbound exist
From https://calomel.org/unbound_dns.html I read "Then place the following unbound.conf in place of your copy; i.e on the OpenBSD install the config file is located in /var/unbound/etc/unbound.conf , on FreeBSD 10.0 and earlier /usr/local/etc/unbound/unbound.conf and FreeBSD 10.1 /etc/unbound/unbound.conf"
I'm working with 10.2, with Unbound from ports, and it indeed seems to be the case that /var/unbound is where the conf files are expected to be, with /usr/local/etc/unbound containing only unbound.conf.sample (old cruft yet to be jettisoned I can only assume) mjp_: i would use /usr/local/etc/unbound/unbound.conf
i think /var/blah is the unbound that comes with the base OS
check out /etc/rc.d/local_unbound
all port configs usually go in /usr/local/etc mercutio: calomel is a bad site
openbsd uses /var/unbound
freebsd 9 uses /usr/local/etc kellytk: mjp_: That's what's strange about the /var/unbound location. In /etc/rc.d/local_unbound there is ": ${local_unbound_workdir:=/var/unbound}"
mjp_: I was careful to not select local_unbound to be installed by bsdinstalled, and I then installed it after the fact as a port mjp_: whats strange about that? kellytk: That it's not /usr/local/etc/unbound :-) mjp_: https://www.freebsd.org/doc/handbook/dirstructure.html kellytk: mjp_: Yes and?
I've figured out the problem. I was mixing up local_unbound_enable and unbound_enable in rc.conf. It was a dumb mistake
Which command will allow me to see where unbound is retrieving records from? (I want to verify selective forwarding is working correctly) mjp_: https://www.unbound.net/documentation/unbound-control.html mercutio: i have various freebsd's handy here -: mercutio takes al ook kellytk: unbound-control is assuming local_unbound, as `unbound-control stats` references an error "error: Could not open /var/unbound/unbound.conf: No such file or directory", despite the man page for unbound-control stating regarding the -c option "If not given the default config file /usr/local/etc/unbound/unbound.conf is used." which doesn't make sense to me mercutio: i have /var/unbound/conf.d/ on freebsd 10.1 kellytk: mercutio: You must have installed local_unbound with the OS in bsdinstall, correct? mercutio: and /var/unbound on freebsd 10
and nothing at all on freebsd 9.1
this is whatever arp is providing
maybe it's the default
arp isn't normally providing freebsd 10.1 due to some bugginess though
there should be 10.2 out soon though
i would use tcpdump to find out where unbound is directing stuff kellytk: I'm running 10.2 mjp_: unbound is part of base since 10.0, the installer just gives you the option to enable it kellytk: mercutio: I thought of that, however I'd like to figure out why the unbound-control utility is getting weird mercutio: what's being weird about it?
i love unbound-control :) kellytk: It's trying to open and use /var/unbound/unbound.conf when that isn't where my unbound.conf is located [as I'm not using local_unbound, but rather ports unbound] mercutio: why don't you use base unbound? kellytk: I'd like the latitude to upgrade it more frequently mercutio: if you're already on 10.2 you'll probably be on 11 soon
but yeah i suppose that's a reason kellytk: If by soon you mean one year from now mercutio: that's soon to me kellytk: I can dig that mercutio: it's not something i rush to update kellytk: `unbound-checkconf /usr/local/etc/unbound/unbound.conf` is returning "[1440997658] unbound-checkconf[806:0] fatal error: config file /usr/local/etc/unbound/unbound.conf is not inside chroot /var/unbound" mercutio: which unbound kellytk: I wish ports Unbound wasn't mixed up with local Unbound
usr/sbin/unbound mercutio: you should have /usr/local/sbin/unbound
if it's from ports kellytk: I do. Ok I think I understand. With local_unbound being bundled with base, it's imposing itself on pathing despite not being enabled mercutio: are you starting with /usr/local/etc/rc.d/unbound start
command="/usr/local/sbin/unbound" kellytk: rc.conf contains `unbound_enable=YES` so I would assume so mercutio: because that's specifiying /usr/local exactly
try starting manually with that kellytk: With which? mercutio: is local_unbound_enable="NO" ? kellytk: No mercutio: with /usr/local/etc/rc.d/unbound start kellytk: It isn't in rc.conf mercutio: it may be in /etc/defaults/rc.conf kellytk: Done
I'm sure ports Unbound is what's being started up as the forward zone entry I made to /usr/local/etc/unbound/unbound.conf took effect mercutio: i don't have 10.2 in front of me, i don't know if defaults changed.
it maybe that unbound-checkconf isn't pathed specifically kellytk: The bundled unbound is definitely taking path precedence mercutio: for unbound-checkconf specifically? kellytk: Correct mercutio: `unbound-checkconf /usr/local/etc/unbound/unbound.conf` suggests it's following path
i need gmake etc
hmm the rc.d has specific /usr/local/sbin/unbound-checkconf for me
with unbound 1.4.22_4 kellytk: I can't tell for certain using unbound-control lookup, but I think all lookups are going to the forward
http://pastebin.com/GFrvLyaq
The man page for unbound.conf is not clear to me on how exactly `forward-first` works. Can someone clarify it for me? mercutio: think it tries forward, and if that fails it falls back on going normal
from what i understand you want forward-zone:
name: "localdomain"
forward-addr: 192.168.1.4
or something like that
so that *.localdomain gets directed to 192.168.1.4 kellytk: That's essentially what I have, and it's working well mercutio: should be fine then kellytk: What I'm trying to do is verify that example.com will not be forwarded
I woule assume not, however with unbound-control lookup google.com giving me no useful information, it's not easy to tell mercutio: only the domain in the naem gets forwarded
and subdomains of such kellytk: I verified that that is indeed the operation by adding a faux record for microsoft.com 1.2.3.4, `host microsoft.com`, and it returns the correct IP vs the placeholder
Thanks mercutio
Faux record to the forward zone name server, that is. Pardon the ambiguity