↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When | |
---|---|---|---|
*** | gizmoguy has joined #arpnetworks | [00:06] | |
...... (idle for 26mn) | |||
Seji has quit IRC (Read error: Connection reset by peer)
Seji has joined #arpnetworks | [00:32] | ||
........................................................................................................................ (idle for 9h55mn) | |||
m0unds_ has joined #arpnetworks | [10:28] | ||
....................................... (idle for 3h12mn) | |||
mnathani | ping | [13:40] | |
*** | mnathani_ has quit IRC ()
mnathani_ has joined #arpnetworks | [13:40] | |
....................................................................... (idle for 5h51mn) | |||
mnathani_ has quit IRC (Ping timeout: 272 seconds) | [19:31] | ||
.... (idle for 18mn) | |||
mnathani_ has joined #arpnetworks | [19:49] | ||
......... (idle for 40mn) | |||
kellytk | mnathani: pong | [20:29] | |
....... (idle for 30mn) | |||
Does anyone have experience with configuring Unbound on FreeBSD? I've run into a problem with setting up forwarding for .lan, the TLD I use for LANs | [20:59] | ||
mjp_ | whats the error | [21:03] | |
kellytk | There is no error as yet, I haven't got that far. To begin with, the path for Unbound config files seems to be unstable. Both /etc/unbound (/var/unbound) and /usr/local/etc/unbound exist
From https://calomel.org/unbound_dns.html I read "Then place the following unbound.conf in place of your copy; i.e on the OpenBSD install the config file is located in /var/unbound/etc/unbound.conf , on FreeBSD 10.0 and earlier /usr/local/etc/unbound/unbound.conf and FreeBSD 10.1 /etc/unbound/unbound.conf" I'm working with 10.2, with Unbound from ports, and it indeed seems to be the case that /var/unbound is where the conf files are expected to be, with /usr/local/etc/unbound containing only unbound.conf.sample (old cruft yet to be jettisoned I can only assume) | [21:06] | |
..... (idle for 21mn) | |||
mjp_ | i would use /usr/local/etc/unbound/unbound.conf
i think /var/blah is the unbound that comes with the base OS check out /etc/rc.d/local_unbound all port configs usually go in /usr/local/etc | [21:30] | |
mercutio | calomel is a bad site
openbsd uses /var/unbound freebsd 9 uses /usr/local/etc | [21:36] | |
kellytk | mjp_: That's what's strange about the /var/unbound location. In /etc/rc.d/local_unbound there is ": ${local_unbound_workdir:=/var/unbound}"
mjp_: I was careful to not select local_unbound to be installed by bsdinstalled, and I then installed it after the fact as a port | [21:38] | |
mjp_ | whats strange about that? | [21:40] | |
kellytk | That it's not /usr/local/etc/unbound :-) | [21:41] | |
mjp_ | https://www.freebsd.org/doc/handbook/dirstructure.html | [21:41] | |
kellytk | mjp_: Yes and? | [21:43] | |
..... (idle for 21mn) | |||
I've figured out the problem. I was mixing up local_unbound_enable and unbound_enable in rc.conf. It was a dumb mistake | [22:04] | ||
Which command will allow me to see where unbound is retrieving records from? (I want to verify selective forwarding is working correctly) | [22:11] | ||
mjp_ | https://www.unbound.net/documentation/unbound-control.html | [22:19] | |
mercutio | i have various freebsd's handy here
mercutio takes al ook | [22:22] | |
kellytk | unbound-control is assuming local_unbound, as `unbound-control stats` references an error "error: Could not open /var/unbound/unbound.conf: No such file or directory", despite the man page for unbound-control stating regarding the -c option "If not given the default config file /usr/local/etc/unbound/unbound.conf is used." which doesn't make sense to me | [22:22] | |
mercutio | i have /var/unbound/conf.d/ on freebsd 10.1 | [22:23] | |
kellytk | mercutio: You must have installed local_unbound with the OS in bsdinstall, correct? | [22:23] | |
mercutio | and /var/unbound on freebsd 10
and nothing at all on freebsd 9.1 this is whatever arp is providing maybe it's the default arp isn't normally providing freebsd 10.1 due to some bugginess though there should be 10.2 out soon though i would use tcpdump to find out where unbound is directing stuff | [22:23] | |
kellytk | I'm running 10.2 | [22:25] | |
mjp_ | unbound is part of base since 10.0, the installer just gives you the option to enable it | [22:25] | |
kellytk | mercutio: I thought of that, however I'd like to figure out why the unbound-control utility is getting weird | [22:26] | |
mercutio | what's being weird about it?
i love unbound-control :) | [22:26] | |
kellytk | It's trying to open and use /var/unbound/unbound.conf when that isn't where my unbound.conf is located [as I'm not using local_unbound, but rather ports unbound] | [22:26] | |
mercutio | why don't you use base unbound? | [22:27] | |
kellytk | I'd like the latitude to upgrade it more frequently | [22:29] | |
mercutio | if you're already on 10.2 you'll probably be on 11 soon
but yeah i suppose that's a reason | [22:31] | |
kellytk | If by soon you mean one year from now | [22:31] | |
mercutio | that's soon to me | [22:31] | |
kellytk | I can dig that | [22:32] | |
mercutio | it's not something i rush to update | [22:32] | |
kellytk | `unbound-checkconf /usr/local/etc/unbound/unbound.conf` is returning "[1440997658] unbound-checkconf[806:0] fatal error: config file /usr/local/etc/unbound/unbound.conf is not inside chroot /var/unbound" | [22:34] | |
mercutio | which unbound | [22:34] | |
kellytk | I wish ports Unbound wasn't mixed up with local Unbound
usr/sbin/unbound | [22:34] | |
mercutio | you should have /usr/local/sbin/unbound
if it's from ports | [22:35] | |
kellytk | I do. Ok I think I understand. With local_unbound being bundled with base, it's imposing itself on pathing despite not being enabled | [22:36] | |
mercutio | are you starting with /usr/local/etc/rc.d/unbound start
command="/usr/local/sbin/unbound" | [22:36] | |
kellytk | rc.conf contains `unbound_enable=YES` so I would assume so | [22:36] | |
mercutio | because that's specifiying /usr/local exactly
try starting manually with that | [22:36] | |
kellytk | With which? | [22:37] | |
mercutio | is local_unbound_enable="NO" ? | [22:37] | |
kellytk | No | [22:38] | |
mercutio | with /usr/local/etc/rc.d/unbound start | [22:38] | |
kellytk | It isn't in rc.conf | [22:38] | |
mercutio | it may be in /etc/defaults/rc.conf | [22:38] | |
kellytk | Done
I'm sure ports Unbound is what's being started up as the forward zone entry I made to /usr/local/etc/unbound/unbound.conf took effect | [22:38] | |
mercutio | i don't have 10.2 in front of me, i don't know if defaults changed.
it maybe that unbound-checkconf isn't pathed specifically | [22:38] | |
kellytk | The bundled unbound is definitely taking path precedence | [22:40] | |
mercutio | for unbound-checkconf specifically? | [22:40] | |
kellytk | Correct | [22:40] | |
mercutio | `unbound-checkconf /usr/local/etc/unbound/unbound.conf` suggests it's following path
i need gmake etc | [22:41] | |
hmm the rc.d has specific /usr/local/sbin/unbound-checkconf for me
with unbound 1.4.22_4 | [22:49] | ||
kellytk | I can't tell for certain using unbound-control lookup, but I think all lookups are going to the forward
| [22:59] | |
The man page for unbound.conf is not clear to me on how exactly `forward-first` works. Can someone clarify it for me? | [23:05] | ||
mercutio | think it tries forward, and if that fails it falls back on going normal
from what i understand you want forward-zone: name: "localdomain" forward-addr: 192.168.1.4 or something like that so that *.localdomain gets directed to 192.168.1.4 | [23:05] | |
kellytk | That's essentially what I have, and it's working well | [23:06] | |
mercutio | should be fine then | [23:06] | |
kellytk | What I'm trying to do is verify that example.com will not be forwarded
I woule assume not, however with unbound-control lookup google.com giving me no useful information, it's not easy to tell | [23:07] | |
mercutio | only the domain in the naem gets forwarded
and subdomains of such | [23:10] | |
kellytk | I verified that that is indeed the operation by adding a faux record for microsoft.com 1.2.3.4, `host microsoft.com`, and it returns the correct IP vs the placeholder
Thanks mercutio Faux record to the forward zone name server, that is. Pardon the ambiguity | [23:12] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |