ping
mnathani: pong
Does anyone have experience with configuring Unbound on FreeBSD?  I've run into a problem with setting up forwarding for .lan, the TLD I use for LANs
whats the error
There is no error as yet, I haven't got that far.  To begin with, the path for Unbound config files seems to be unstable.  Both /etc/unbound (/var/unbound) and /usr/local/etc/unbound exist
From https://calomel.org/unbound_dns.html I read "Then place the following unbound.conf in place of your copy; i.e on the OpenBSD install the config file is located in /var/unbound/etc/unbound.conf , on FreeBSD 10.0 and earlier /usr/local/etc/unbound/unbound.conf and FreeBSD 10.1 /etc/unbound/unbound.conf"
I'm working with 10.2, with Unbound from ports, and it indeed seems to be the case that /var/unbound is where the conf files are expected to be, with /usr/local/etc/unbound containing only unbound.conf.sample (old cruft yet to be jettisoned I can only assume)
i would use /usr/local/etc/unbound/unbound.conf
i think /var/blah is the unbound that comes with the base OS
check out /etc/rc.d/local_unbound
all port configs usually go in /usr/local/etc
calomel is a bad site
openbsd uses /var/unbound
freebsd 9 uses /usr/local/etc
mjp_: That's what's strange about the /var/unbound location.  In /etc/rc.d/local_unbound there is ": ${local_unbound_workdir:=/var/unbound}"
mjp_: I was careful to not select local_unbound to be installed by bsdinstalled, and I then installed it after the fact as a port
whats strange about that?
That it's not /usr/local/etc/unbound :-)
https://www.freebsd.org/doc/handbook/dirstructure.html
mjp_: Yes and?
I've figured out the problem.  I was mixing up local_unbound_enable and unbound_enable in rc.conf.  It was a dumb mistake
Which command will allow me to see where unbound is retrieving records from?  (I want to verify selective forwarding is working correctly)
https://www.unbound.net/documentation/unbound-control.html
i have various freebsd's handy here
unbound-control is assuming local_unbound, as `unbound-control stats` references an error "error: Could not open /var/unbound/unbound.conf: No such file or directory", despite the man page for unbound-control stating regarding the -c option "If not given the default config file /usr/local/etc/unbound/unbound.conf is used."  which doesn't make sense to me
i have /var/unbound/conf.d/ on freebsd 10.1
mercutio: You must have installed local_unbound with the OS in bsdinstall, correct?
and /var/unbound on freebsd 10
and nothing at all on freebsd 9.1
this is whatever arp is providing
maybe it's the default
arp isn't normally providing freebsd 10.1 due to some bugginess though
there should be 10.2 out soon though
i would use tcpdump to find out where unbound is directing stuff
I'm running 10.2
unbound is part of base since 10.0, the installer just gives you the option to enable it
mercutio: I thought of that, however I'd like to figure out why the unbound-control utility is getting weird
what's being weird about it?
i love unbound-control :)
It's trying to open and use /var/unbound/unbound.conf when that isn't where my unbound.conf is located [as I'm not using local_unbound, but rather ports unbound]
why don't you use base unbound?
I'd like the latitude to upgrade it more frequently
if you're already on 10.2 you'll probably be on 11 soon
but yeah i suppose that's a reason
If by soon you mean one year from now
that's soon to me
I can dig that
it's not something i rush to update
`unbound-checkconf /usr/local/etc/unbound/unbound.conf` is returning "[1440997658] unbound-checkconf[806:0] fatal error: config file /usr/local/etc/unbound/unbound.conf is not inside chroot /var/unbound"
which unbound
I wish ports Unbound wasn't mixed up with local Unbound
usr/sbin/unbound
you should have /usr/local/sbin/unbound
if it's from ports
I do.  Ok I think I understand.  With local_unbound being bundled with base, it's imposing itself on pathing despite not being enabled
are you starting with /usr/local/etc/rc.d/unbound start
command="/usr/local/sbin/unbound"
rc.conf contains `unbound_enable=YES` so I would assume so
because that's specifiying /usr/local exactly
try starting manually with that
With which?
is local_unbound_enable="NO" ?
No
with /usr/local/etc/rc.d/unbound start
It isn't in rc.conf
it may be in /etc/defaults/rc.conf
Done
I'm sure ports Unbound is what's being started up as the forward zone entry I made to /usr/local/etc/unbound/unbound.conf took effect
i don't have 10.2 in front of me, i don't know if defaults changed.
it maybe that unbound-checkconf isn't pathed specifically
The bundled unbound is definitely taking path precedence
for unbound-checkconf specifically?
Correct
 `unbound-checkconf /usr/local/etc/unbound/unbound.conf`  suggests it's following path
i need gmake etc
hmm the rc.d has specific /usr/local/sbin/unbound-checkconf for me
with unbound 1.4.22_4
I can't tell for certain using unbound-control lookup, but I think all lookups are going to the forward
http://pastebin.com/GFrvLyaq
The man page for unbound.conf is not clear to me on how exactly `forward-first` works.  Can someone clarify it for me?
think it tries forward, and if that fails it falls back on going normal
from what i understand you want forward-zone:
 name: "localdomain"
forward-addr: 192.168.1.4
or something like that
so that *.localdomain gets directed to 192.168.1.4
That's essentially what I have, and it's working well
should be fine then
What I'm trying to do is verify that example.com will not be forwarded
I woule assume not, however with unbound-control lookup google.com giving me no useful information, it's not easy to tell
only the domain in the naem gets forwarded
and subdomains of such
I verified that that is indeed the operation by adding a faux record for microsoft.com 1.2.3.4, `host microsoft.com`, and it returns the correct IP vs the placeholder
Thanks mercutio
Faux record to the forward zone name server, that is.  Pardon the ambiguity