UI bug? -- when using resolver -and- forwarder

dirkx

Ok - so not sure what the difference is. Images of the config below. And I am trying to start the forwarder on just that VLAN108 which is explictly not in the list of bound interfaces of the resolver (for IPv4 and v6).

Screenshot 2022-08-15 at 10.23.23.png Screenshot 2022-08-15 at 10.18.50.png

johnpoz

@dirkx what are you wanting to do with a vlan that is not bound to a physical interface.. How would do anything?

If you have a vlan106 and its not bound to a physical interface - what is its point?

dirkx

No sorry - misunderstanding - it is bound to igb1 -- which is also a normal, non-tagged interface.

So on igb1 we have LAN - with a DNS resolver on 10.44.0.1/24 and try to run the wordwarder on igb1.VLAN108 on 192.168.108.1/24.

And it is config of the latter than the UI rejects.

johnpoz

@dirkx

Forwarder states
"If an interface has both IPv4 and IPv6 IPs, both are used"
"The default behavior is to respond to queries on every available IPv4 and IPv6 address."

You have unbound bound to IPv6 link local..

dirkx

Right - which is neede. But that is only unbound; the forwarder is not. Or is that the issue - that neither can be bound to IPv6 link local ?

johnpoz

@dirkx if forwarder doesn't allow you to pick not to be on IPv6, and you have unbound bound to IPv6 then yeah you have a problem.

I don't have unbound bound to any IPv6 addresses. On the interfaces I tested with. Nor do I have any IPv6 on those interfaces.

dirkx

Ok - clear & many thanks.

So need to figure out a way around that - as we need to answer on link local to keep the routing happy. Which should be do-able as the forwarder can simply forward that too.

johnpoz

@dirkx I just tried binding test to linklocal, but it has no real IPv6 address and test came up on forwarder.

johnpoz

@dirkx can you not just have forwarder listen on a different port, and use a port forward on your vlan to send 53 traffic to the port listens on say 5353?

Uglybrian

Off subject question for john.

Hi John, On your interface assignments in post 4. You have a interface labeled ns 1 vpn. If you don't mind could you elaborate what it is for? Is it some service you subscribe to, or a remote name server you have on a VPS? I'm just curious.

johnpoz

@uglybrian just a vps I run - I have a client vpn connection to it that I use for testing vpn connections mostly for here, i don't have any traffic routed through it normally.

Uglybrian

Thank you John