DNS Forwarder IPv6
-
Does IPv6 in PFsense currently support DNS Forwarder service?
-
Does IPv6 in PFsense currently support DNS Forwarder service?
Appears to be working here - I'm not sure if it queried against he.net's v4 or v6 service, I have both setup in my resolver on that machine.
$ dig AAAA www.he.net @2001:470:ffff::3
; <<>> DiG 9.6.0-APPLE-P2 <<>> AAAA www.he.net @2001:470:ffff::3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54600
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
;www.he.net. IN AAAA;; ANSWER SECTION:
www.he.net. 54736 IN CNAME he.net.
he.net. 75516 IN AAAA 2001:470:0:76::2;; Query time: 4372 msec
-
You can even have your machines query pfsense's dns forwarder on pfsense's lan (or whatever interface) v6 address, for even more ipv6-ness.
Unfortunately, this doesn't work with unbound as of yet.
-
Unfortunately, this doesn't work with unbound as of yet.
What doesn't work on unbound? I query unbound on ipv6 address of the lan interface just fine.
; <<>> DiG 9.7.3 <<>> @2001:470:snipped:b85::1 version.bind chaos txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45731
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
;version.bind. CH TXT;; ANSWER SECTION:
version.bind. 0 CH TXT "unbound 1.4.8";; Query time: 3 msec
;; SERVER: 2001:470:snipped:b85::1#53(2001:470:snipped:b85::1)
;; WHEN: Thu May 19 15:44:20 2011
;; MSG SIZE rcvd: 56; <<>> DiG 9.7.3 <<>> @2001:470:snipped:b85::1 www.pfsense.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55611
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0;; QUESTION SECTION:
;www.pfsense.org. IN A;; ANSWER SECTION:
www.pfsense.org. 3600 IN CNAME pfsense.org.
pfsense.org. 3600 IN A 69.64.6.21;; AUTHORITY SECTION:
pfsense.org. 3600 IN NS ns17.domaincontrol.com.
pfsense.org. 3600 IN NS ns18.domaincontrol.com.;; Query time: 308 msec
;; SERVER: 2001:470:snipped:b85::1#53(2001:470:snipped:b85::1)
;; WHEN: Thu May 19 15:45:26 2011
;; MSG SIZE rcvd: 118You have to make a few changes to the unbound config and just restart the service if you disable and reenable it seems to overwrite the config with defaults, etc. It should be able to be enabled in the gui, but it does work.
See this thread
http://forum.pfsense.org/index.php?topic=34018.0 -
What doesn't work on unbound? I query unbound on ipv6 address of the lan interface just fine.
You have to make a few changes to the unbound config and just restart the service if you disable and reenable it seems to overwrite the config with defaults, etc. It should be able to be enabled in the gui, but it does work.
See this thread
http://forum.pfsense.org/index.php?topic=34018.0Thanks johnpoz, I had not checked out unbound's v6 support in a while.
What I keep running into is that unbound will not start (at all) after I have edited its .conf file.There seems to be a lot of complaining to the gist of "/var/tmp/unbound_cache' returned exit code '1' the output was '[1305890153] unbound[14846:0] error: bind: address already in use [1305890153] unbound[14846:0] fatal error: could not open ports'" going on in my system log.
Having insufficient savviness to resolve this situation, I have reinstated dnsforwarder as resolver for my lan.
The other interesting thing I find interesting about this snag is that unbound refuses to start even after reinstalling unbound's package.
To me, that seems to indicate that my lack of savviness has caused a different, but related issue. -
What are you using to edit the conf with? Possible your corrupting it??
I have not had any issues making changes to it and then just restarting the service.
But I just put my changes into the unbound.inc in /usr/local/pkg so that I don't have to worry about restarting it now and allowing my ipv6 network, and binding to the ipv6 address and the do ipv6 setting.
-
At the moment I'm editing the conf with textmate but I have also edited the file with Kod. I'm mounting the filesystem with an implementation of fuse called ExpanDrive so that I can edit and backup the file as if it were a local disk.
The file doesn't seem to be corrupted, as I can read it back in after editing.
Also, it gets reset when saving settings in the webconfigurator, as you noted.
Perhaps there is something else going on, as I had a bunch of calcru went backwards error messages preceding a panic just now.
