Unbound Forward and ACL issue
-
I just set the verbosity higher. If I find anything interesting I will post it in this thread.
-
Can an option be added to allow the file /var/log/unbound.log to be longer? It appears to truncate too quickly with high verbosity. The truncation is so short that a single problematic lookup spanned at least two truncation lengths.
-
Any particular reason why even with forwarding enabled in the web gui the command "unbound-control forward" outputs "off (using root hints)" and "unbound-control list_forwards" outputs nothing even with 4 servers configured in my general setup? lol
-
Can an option be added to allow the file /var/log/unbound.log to be longer? It appears to truncate too quickly with high verbosity. The truncation is so short that a single problematic lookup spanned at least two truncation lengths.
unfortunately its not an unbound package thing - the size of the log file is determined by the base. I will add a feature request on redmine but not sure whether it will be considered since one has to worry about what the impact would be on the smaller boxes.
-
Any particular reason why even with forwarding enabled in the web gui the command "unbound-control forward" outputs "off (using root hints)" and "unbound-control list_forwards" outputs nothing even with 4 servers configured in my general setup? lol
How do you have your DNS servers configured under System->General Setup? Do you have 'Allow DNS server list to be overridden by DHCP/PPP on WAN' enabled?
-
BTW when I say high verbosity I was using level 5, It provides very good information but I can only get fragments of it at a time (due to the previously stated logging issue)
How do you have your DNS servers configured under System->General Setup? Do you have 'Allow DNS server list to be overridden by DHCP/PPP on WAN' enabled?
At present "Allow DNS server list to be overridden by DHCP/PPP on WAN" and "Do not use the DNS Forwarder as a DNS server for the firewall " are unchecked.
It might be of use to you but I use a two Linksys E2000 routers with DD-WRT on them as wireless bridges for my internet access as the dorm room where I presently live during the week has no wired connections. The lans of each bridge are the wans of my pfsense box. As such pfsense has two wans, both with static, private addresses.
I can make Unbound work as expected by running "unbound-control forward 141.210.62.3 8.8.8.8 4.2.2.2 208.67.222.222" and with the following configuration
Enabled: True (obviously lol)
Network interface: Lan (I don't think this matters much)
Query interfaces: Nothing selected
Enable DNSSEC: false #Appears to cause issues, may be caused by private wan addresses
Enable forwarding: true
Private address support: true
Register DHCP static mappings: true
Txt comment support: false
Cache restoration: false
Enable stats: true
Statistics: enabled
Interval:5 minutes
Extended stats:truehide identity:false
hide version:false
prefetch support:true
prefetch key support:true
harden glue:false
harden dnssec: false
log verbo.: level 1
message cache size: 4MB
Outgoing TCP buff:10
Incomming TCP buff:10
EDNS buff:4096
Queries per thread:1024
jostle:200
Max ttl for RRsets:86400
min ttl for RRsets:0
ttl for host cache:900
ttl for lame:900
hosts to cache:10000
unwanted reply:disabledpresently I have no ACL's and no custom options. Unbound is likely stable with different configurations, this is just what I am presently running.
-
Adding the following to the "Custom Options" area will add the forwarders without the need to run "unbound-control forward 141.210.62.3 8.8.8.8 4.2.2.2 208.67.222.222"
forward-zone:; name: "."; forward-addr: 141.210.62.3; forward-addr: 8.8.8.8; forward-addr: 4.2.2.2; forward-addr: 208.67.220.220;
*I slightly changed the order
Also I noticed that the font size of the Unbound tabs appears to change when your on the acl tab relative to the others.
-
Adding the following to the "Custom Options" area will add the forwarders without the need to run "unbound-control forward 141.210.62.3 8.8.8.8 4.2.2.2 208.67.222.222"
forward-zone:; name: "."; forward-addr: 141.210.62.3; forward-addr: 8.8.8.8; forward-addr: 4.2.2.2; forward-addr: 208.67.220.220;
*I slightly changed the order
Also I noticed that the font size of the Unbound tabs appears to change when your on the acl tab relative to the others.
ahh. must be a bug somewhere, hence the big fonts. I'll check it out.
-
Can you give the latest package a go and let me know how it goes.
-
Just give it a couple of hours before trying - the builder is still in the process of building the package.
-
Just in case you havent tried, the package is available now.