[00:06] *** gizmoguy has joined #arpnetworks
[00:32] *** Seji has quit IRC (Read error: Connection reset by peer)
[00:33] *** Seji has joined #arpnetworks
[10:28] *** m0unds_ has joined #arpnetworks
[13:40] <mnathani> ping
[13:40] *** mnathani_ has quit IRC ()
[13:40] *** mnathani_ has joined #arpnetworks
[19:31] *** mnathani_ has quit IRC (Ping timeout: 272 seconds)
[19:49] *** mnathani_ has joined #arpnetworks
[20:29] <kellytk> mnathani: pong
[20:59] <kellytk> Does anyone have experience with configuring Unbound on FreeBSD?  I've run into a problem with setting up forwarding for .lan, the TLD I use for LANs
[21:03] <mjp_> whats the error
[21:06] <kellytk> There is no error as yet, I haven't got that far.  To begin with, the path for Unbound config files seems to be unstable.  Both /etc/unbound (/var/unbound) and /usr/local/etc/unbound exist
[21:08] <kellytk> From https://calomel.org/unbound_dns.html I read "Then place the following unbound.conf in place of your copy; i.e on the OpenBSD install the config file is located in /var/unbound/etc/unbound.conf , on FreeBSD 10.0 and earlier /usr/local/etc/unbound/unbound.conf and FreeBSD 10.1 /etc/unbound/unbound.conf"
[21:09] <kellytk> I'm working with 10.2, with Unbound from ports, and it indeed seems to be the case that /var/unbound is where the conf files are expected to be, with /usr/local/etc/unbound containing only unbound.conf.sample (old cruft yet to be jettisoned I can only assume)
[21:30] <mjp_> i would use /usr/local/etc/unbound/unbound.conf
[21:33] <mjp_> i think /var/blah is the unbound that comes with the base OS
[21:34] <mjp_> check out /etc/rc.d/local_unbound
[21:34] <mjp_> all port configs usually go in /usr/local/etc
[21:36] <mercutio> calomel is a bad site
[21:36] <mercutio> openbsd uses /var/unbound
[21:37] <mercutio> freebsd 9 uses /usr/local/etc
[21:38] <kellytk> mjp_: That's what's strange about the /var/unbound location.  In /etc/rc.d/local_unbound there is ": ${local_unbound_workdir:=/var/unbound}"
[21:39] <kellytk> mjp_: I was careful to not select local_unbound to be installed by bsdinstalled, and I then installed it after the fact as a port
[21:40] <mjp_> whats strange about that?
[21:41] <kellytk> That it's not /usr/local/etc/unbound :-)
[21:41] <mjp_> https://www.freebsd.org/doc/handbook/dirstructure.html
[21:43] <kellytk> mjp_: Yes and?
[22:04] <kellytk> I've figured out the problem.  I was mixing up local_unbound_enable and unbound_enable in rc.conf.  It was a dumb mistake
[22:11] <kellytk> Which command will allow me to see where unbound is retrieving records from?  (I want to verify selective forwarding is working correctly)
[22:19] <mjp_> https://www.unbound.net/documentation/unbound-control.html
[22:22] <mercutio> i have various freebsd's handy here
[22:22] * mercutio takes al ook
[22:22] <kellytk> unbound-control is assuming local_unbound, as `unbound-control stats` references an error "error: Could not open /var/unbound/unbound.conf: No such file or directory", despite the man page for unbound-control stating regarding the -c option "If not given the default config file /usr/local/etc/unbound/unbound.conf is used."  which doesn't make sense to me
[22:23] <mercutio> i have /var/unbound/conf.d/ on freebsd 10.1
[22:23] <kellytk> mercutio: You must have installed local_unbound with the OS in bsdinstall, correct?
[22:23] <mercutio> and /var/unbound on freebsd 10
[22:23] <mercutio> and nothing at all on freebsd 9.1
[22:24] <mercutio> this is whatever arp is providing
[22:24] <mercutio> maybe it's the default
[22:24] <mercutio> arp isn't normally providing freebsd 10.1 due to some bugginess though
[22:24] <mercutio> there should be 10.2 out soon though
[22:25] <mercutio> i would use tcpdump to find out where unbound is directing stuff
[22:25] <kellytk> I'm running 10.2
[22:25] <mjp_> unbound is part of base since 10.0, the installer just gives you the option to enable it
[22:26] <kellytk> mercutio: I thought of that, however I'd like to figure out why the unbound-control utility is getting weird
[22:26] <mercutio> what's being weird about it?
[22:26] <mercutio> i love unbound-control :)
[22:26] <kellytk> It's trying to open and use /var/unbound/unbound.conf when that isn't where my unbound.conf is located [as I'm not using local_unbound, but rather ports unbound]
[22:27] <mercutio> why don't you use base unbound?
[22:29] <kellytk> I'd like the latitude to upgrade it more frequently
[22:31] <mercutio> if you're already on 10.2 you'll probably be on 11 soon
[22:31] <mercutio> but yeah i suppose that's a reason
[22:31] <kellytk> If by soon you mean one year from now
[22:31] <mercutio> that's soon to me
[22:32] <kellytk> I can dig that
[22:32] <mercutio> it's not something i rush to update
[22:34] <kellytk> `unbound-checkconf /usr/local/etc/unbound/unbound.conf` is returning "[1440997658] unbound-checkconf[806:0] fatal error: config file /usr/local/etc/unbound/unbound.conf is not inside chroot /var/unbound"
[22:34] <mercutio> which unbound
[22:34] <kellytk> I wish ports Unbound wasn't mixed up with local Unbound
[22:35] <kellytk> usr/sbin/unbound
[22:35] <mercutio> you should have /usr/local/sbin/unbound
[22:35] <mercutio> if it's from ports
[22:36] <kellytk> I do.  Ok I think I understand.  With local_unbound being bundled with base, it's imposing itself on pathing despite not being enabled
[22:36] <mercutio> are you starting with /usr/local/etc/rc.d/unbound start
[22:36] <mercutio> command="/usr/local/sbin/unbound"
[22:36] <kellytk> rc.conf contains `unbound_enable=YES` so I would assume so
[22:36] <mercutio> because that's specifiying /usr/local exactly
[22:37] <mercutio> try starting manually with that
[22:37] <kellytk> With which?
[22:37] <mercutio> is local_unbound_enable="NO" ?
[22:38] <kellytk> No
[22:38] <mercutio> with /usr/local/etc/rc.d/unbound start
[22:38] <kellytk> It isn't in rc.conf
[22:38] <mercutio> it may be in /etc/defaults/rc.conf
[22:38] <kellytk> Done
[22:38] <kellytk> I'm sure ports Unbound is what's being started up as the forward zone entry I made to /usr/local/etc/unbound/unbound.conf took effect
[22:38] <mercutio> i don't have 10.2 in front of me, i don't know if defaults changed.
[22:39] <mercutio> it maybe that unbound-checkconf isn't pathed specifically
[22:40] <kellytk> The bundled unbound is definitely taking path precedence
[22:40] <mercutio> for unbound-checkconf specifically?
[22:40] <kellytk> Correct
[22:41] <mercutio>  `unbound-checkconf /usr/local/etc/unbound/unbound.conf`  suggests it's following path
[22:41] <mercutio> i need gmake etc
[22:49] <mercutio> hmm the rc.d has specific /usr/local/sbin/unbound-checkconf for me
[22:49] <mercutio> with unbound 1.4.22_4
[22:59] <kellytk> I can't tell for certain using unbound-control lookup, but I think all lookups are going to the forward
[23:00] <kellytk> http://pastebin.com/GFrvLyaq
[23:05] <kellytk> The man page for unbound.conf is not clear to me on how exactly `forward-first` works.  Can someone clarify it for me?
[23:05] <mercutio> think it tries forward, and if that fails it falls back on going normal
[23:06] <mercutio> from what i understand you want forward-zone:
[23:06] <mercutio>  name: "localdomain"
[23:06] <mercutio> forward-addr: 192.168.1.4
[23:06] <mercutio> or something like that
[23:06] <mercutio> so that *.localdomain gets directed to 192.168.1.4
[23:06] <kellytk> That's essentially what I have, and it's working well
[23:06] <mercutio> should be fine then
[23:07] <kellytk> What I'm trying to do is verify that example.com will not be forwarded
[23:09] <kellytk> I woule assume not, however with unbound-control lookup google.com giving me no useful information, it's not easy to tell
[23:10] <mercutio> only the domain in the naem gets forwarded
[23:10] <mercutio> and subdomains of such
[23:12] <kellytk> I verified that that is indeed the operation by adding a faux record for microsoft.com 1.2.3.4, `host microsoft.com`, and it returns the correct IP vs the placeholder
[23:12] <kellytk> Thanks mercutio
[23:13] <kellytk> Faux record to the forward zone name server, that is.  Pardon the ambiguity