Unbound requests: IPv6 features enabled and update to 1.4.10
-
finally! IPv6 support is added. I removed the IPv6 checkbox as there was no point for it (unless someone says otherwise). So it will automatically set Unbound to listen on the v6 address and answer for v6 dns queries. It will also setup the relevant ACLs for the v6 clients. The only thing left to do is the ACL section in case you want to add other v6 networks but for now it should be fine.
By the way those munin graphs are cool, it has been on my to do list for awhile now. As I have mentioned before, the devs want to replace dnsmasq with unbound which I'll be working on in the v6 branch - so expect to see some work there and the addition of graphs similar to the below.
Otherwise let me know if you have any problems.
-
Well just updated the package, when really smooth this time. And yup working on ipv6 without any need to modify any config.
Looking forward to having some built in RRD graphs in the future though, munin is working - but much rather have it part of the distro vs having to add stuff.
-
Failed again for me, reinstalling seems to get forwarding mode enabled even though i had it disabled. Unchecking and hitting save has no effect, always remains enabled. Deleted package, then downloaded the backup config file and edited it to remove all Unbound entries and then restored the config, reinstalled Unbound but same thing, forwarding mode remains enabled.
-
@onhel:
Failed again for me, reinstalling seems to get forwarding mode enabled even though i had it disabled. Unchecking and hitting save has no effect, always remains enabled. Deleted package, then downloaded the backup config file and edited it to remove all Unbound entries and then restored the config, reinstalled Unbound but same thing, forwarding mode remains enabled.
You mean the DNS Forwarder i.e. dnsmasq remains enabled?
-
No, the enable forwarding mode in the Unbound settings page. That check box will not go unchecked.
-
Yes, same issue on mainstream 2.0 RC3 Unbound 1.4.10_02 either with Firefox or Chrome (Iron)
Those boxes stay checked :- Enable DNSSEC
- Enable forwarding mode
- Private Address support
- TXT Comment Support
-
@GLR:
Yes, same issue on mainstream 2.0 RC3 Unbound 1.4.10_02 either with Firefox or Chrome (Iron)
Those boxes stay checked :- Enable DNSSEC
- Enable forwarding mode
- Private Address support
- TXT Comment Support
So you can uncheck the box - but after you click save it is still checked? Or you cant uncheck the box at all?
-
Yeah I just checked on the forwarding one.. I do not want it to doing forwarding requests. I should look up on its own, I uncheck the box click save and then box is still checked. Seems I might have to change it in the config by hand for now.
Ok I just took a look at the config and I don't see forwarding setup.. So not sure why the check mark is set on the web gui interface for unbound?
I also verified by doing a few packet captures on the wan to see where dns was going.. And did not see any packets to what I have setup for pfsense to use in general 4.2.2.2
09:01:43.491932 IP 24.13.xxx.xxx.48910 > 192.5.6.30.53: UDP, length 55
09:01:43.564438 IP 192.5.6.30.53 > 24.13.xxx.xxx.48910: UDP, length 382
09:01:43.565179 IP 24.13.xxx.xxx.15487 > 216.69.185.26.53: UDP, length 55
09:01:43.565470 IP 24.13.xxx.xxx.7590 > 216.69.185.35.53: UDP, length 51
09:01:43.565709 IP 24.13.xxx.xxx.25867 > 216.69.185.35.53: UDP, length 51
09:01:43.603711 IP 216.69.185.26.53 > 24.13.xxx.xxx.15487: UDP, length 126
09:01:43.604282 IP 24.13.xxx.xxx.50531 > 216.69.185.26.53: UDP, length 51192.5.6.30 = a.gtld-servers.net.
And then others are clearly dns servers themselves – so clearly its not forwarding to the 4.2.2.2 address I have setup in general.. But odd why the check mark in the gui is stuck in place.
-
Ok i just managed to replicate the problem. Let me investigate why…
-
Ok there was a change in pfSense a few days ago, I have reverted that change so upgrade to the next snap (which will probably be only available tomorrow). This will fix these checkboxes from been enabled when they shouldn't be. In the meantime, you can uncheck them and save. Unbound will still operate correctly in the background with the options you selected.
-
Do you have link to the commit, guess I could look it up but wondering when it will merge with the ipv6 line. So I can run just run a gitsync
-
gitsynced and reinstalled package, all is good now, thank you.
-
Do you have link to the commit, guess I could look it up but wondering when it will merge with the ipv6 line. So I can run just run a gitsync
https://github.com/bsdperimeter/pfsense/commit/91c31339104f424dad3de75f815697994b68a7c3
-
Thanks for that, I ran a gitsync and now that forwarder is unchecked. I also show RC3 now ;)
-
Yeah the IPv6 branch was updated yesterday. Also note there was a bug in the interface handling on the latest Unbound package, which I have just fixed and bumped the version number. It wouldn't have affected you unless you were selecting multiple interfaces.
