Unbound integration in 2.1….
-
i see that unbound is supposedly being integrated into 2.1 from the reading ive done
around the forum.i see the binaries are in /usr/local/sbin
do we know when we should see the GUI in place?
in the meantime ive cobbled together a config file and it passes the unbound-checkconf.
and im gonna tinker some more in the command line and see if i can get it running -
Hi SunCatalyst,
I've been asking the same thing for a while. It looks like the integration effort is almost done. The binaries are there and if you run "find" on your pfsense box you can locate a handful of urls that allow you to actually configure the service if you edit the address in the address bar. The only things that appear to be missing are the pages to allow you to configure host & domain overrides and actually listing it in the services menu.
That said, it's been like this since April when there were a few commits that added the files in the snaps currently, but the effort seems to have stalled since then.
-Will
-
Hi Will,
ill have to poke around and see if i can find them.
i found the binaries… that was easy.im just after the Caching DNS server part as most of what we use with it are mainly the same set
of websites. -
Hi SunCatalyst,
Try putting "/services_unbound.php" on the end of your pfsense box url to get to the config page. "/services_unbound_advanced.php" and "/services_unbound_acls.php" are the other pages that are there.
Let me know how it work out. I'd imagine the pfsense guys might be interested as well if they plan on actually enabling\finishing this to ship in 2.1.
-Will
-
i did find it. i just havent had time to mess with it YET. but its on my agenda this week.
-
php pages can be reached by manually adding them they are missing from menu but its broken any how as after setup it has errors
php: /services_unbound.php: The command '/usr/local/sbin/unbound -c /var/unbound/etc/unbound.conf' returned exit code '1', the output was '/var/unbound/etc/unbound.conf:17: error: number expected /var/unbound/etc/unbound.conf:17: error: unknown keyword 'no' /var/unbound/etc/unbound.conf:34: error: number expected /var/unbound/etc/unbound.conf:47: error: expected yes or no. /var/unbound/etc/unbound.conf:51: error: number expected /var/unbound/etc/unbound.conf:51: error: unknown keyword 'yes' /var/unbound/etc/unbound.conf:79: error: cannot open include file '/var/unbound/etc/remotecontrol.conf': No such file or directory read /var/unbound/etc/unbound.conf failed: 7 errors in configuration file [1341748271] unbound[38573:0] fatal error: Could not read config file: /var/unbound/etc/unbound.conf'
-
i spent some time tonight on this.
things wrong so far ive found:
config file getting written wrong with missing stuff (i hand fixed mine)
get root.hints file and place it in /var/unbound/etc/
add user unbound
run /usr/local/sbin/unbound-checkconf /var/unbound/etc/unbound.conf to make sure there
are no errors left.then start unbound from the CLI with "/usr/local/sbin/unbound -c /var/unbound/etc/unbound.conf"
so theres coding/bug fixes left to be done to make it work from the GUI.
-
so are we expecting to see unbound integrated for when 2.1 ships or should i just roll ALL our systems back
to 2.0.1 so we can have unbound support? -
Unbound will not be integrated for 2.1, ran out of time. Whatever you're doing to make it work on 2.0.1 will work the same on 2.1 though.
-
Hi guys,
Well that's a bummer that Unbound won't make it into 2.1….
It looks like it's almost all there (last time I looked) in 2.1 already, and just needed a few more things to be added to get it into the GUI. I know this was one of the things I was looking forward to in 2.1.
I don't think SunCatalyst plans on using 2.1 because there is no Unbound support, not that they have figured out how to make it work.
-Will
-
This tutorial works pretty well in pfSense 2.1 i386:
http://www.prado.it/2012/04/23/how-to-configure-unbound-with-dnssec-validation-on-freebsd-9-0/
-
we had 40-50 routers running 2.1-snapshots in production here.
my boss had me ask the question one last time to figure out what
we were doing.i had talked my boss into getting approval (and we did) to donate $100k
to the pfsense project…. unfornately when my boss realized that we wont
see integration of unbound into 2.1 , he pulled the plug on sending the check he was about
to mail and ordered ALL brand new cisco hardward to replace the pfsense boxes that have
been rock solid.very unfornate day for me as we are starting to config'ing Cisco routers and replacing
all pfsense boxes..... this isnt the most fun replacing stuff that will require 4 peices of hardware
to do what pfsense did with one peice of hardware....at home i will continue to run pfsense on my cable internet setup 40Mbit/15Mbit which is very
stable. -
You realize that with 100k you could easily have ordered commercial support or posted a bounty, unless of course the 100k was in Zimbabwean dollars.
-
NO troubles finding programmers to do that for 100K…...
I dont understand your boss! He needs a good lesson in how to run a business...
-
@SunCatalyst:
we had 40-50 routers running 2.1-snapshots in production here.
my boss had me ask the question one last time to figure out what
we were doing.i had talked my boss into getting approval (and we did) to donate $100k
to the pfsense project…. unfornately when my boss realized that we wont
see integration of unbound into 2.1 , he pulled the plug on sending the check he was about
to mail and ordered ALL brand new cisco hardward to replace the pfsense boxes that have
been rock solid.LOL and I thought I had heard (read) it all !!!