Unbound not listening on pfSense's virtual IP
-
Disclaimer: I've already posted for this particular problem in another topic that started for a multi-WAN setup DNS issue. But the following question is really apart.
In my setup my pfSense server has IP 192.168.0.42/24 but a virtual IP (menu Firewall: Virtual IP Address) of type "IP alias" (on Interface "LAN") makes him available via 192.168.0.254/24 (I'm considering this IP as my gateway IP and then I'm free to use whatever server I want as long as it responds to 192.168.0.254/24.
But Unbound package (v1.4.22), when asked to listen on "Network interface" LAN and loopback seems ignore this virtual IP.
I can successfully contact Unbound on 192.168.0.42:
nslookup www.pfsense.org 192.168.0.42
Server: 192.168.0.42
Address: 192.168.0.42#53Non-authoritative answer:
Name: www.pfsense.org
Address: 208.123.73.69But it fails on 192.168.0.254:
nslookup www.pfsense.org 192.168.0.254
;; connection timed out; no servers could be reachedGUI and
netstatconfirms it:
Menu Services: Unbound DNS Forwarder: Status: Unbound configuration:[...] # Interface IP(s) to bind to interface: 192.168.0.42 interface: 127.0.0.1 interface: ::1 [...][2.1.2-RELEASE][admin@router.example.com]/(36): netstat -n | grep 53 udp6 0 0 ::1.53 *.* udp4 0 0 127.0.0.1.53 *.* udp4 0 0 192.168.0.42.53 *.* c8e86ec8 stream 0 0 c8e3f53c 0 0 0 /var/run/check_reload_statusIs there a way to add the "interface: 192.168.0.254" Unbound directive (GUI or CLI)? Tried to add it in "Services: Unbound DNS Forwarder: Advanced Settings: Custom Options" but Unbound then fails to start…
If this is not supported by this package nor the pfSense UI could I set up some "iptables" redirection to route incoming traffic from 192.168.0.42:53 to 192.168.0.254:53? -
I can look into it - it should allow binding to VIPs. In 2.2. Unbound is been used in the base and its allowed there.
I however still need to do upgrade code to handle people who have 2.1 unbound packages installed. -
I'm on pfSense 2.1.2 (update to 2.1.3 planned for very soon).
You are saying Unbound on pfSense 2.2 does takes into account Virtual IPs but hasn't been ported to 2.1 yet? -
yup thats correct baring in mind that 2.2 is alpha…
-
I get 2.2 is not production-ready ;)
Meanwhile is there a way (either via Web GUI or SSH) to change (eg. add "interface: 192.168.0.254" line) to Unbound configuration file?
I've browsed into pfSense file system but could not find the configuration file Unbound program actually uses.Other possible solution: an iptable-like rule to re-route traffic from 192.168.0.42:53 to 192.168.0.254:53. Does it even exists on pfSense?