Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound not responding on all chosen interfaces after reboot

    Scheduled Pinned Locked Moved DHCP and DNS
    25 Posts 6 Posters 4.7k Views 7 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG Offline
      Gertjan @DBMandrake
      last edited by

      @DBMandrake

      Consider also using Unbound ACL rules.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      D 1 Reply Last reply Reply Quote 0
      • D Offline
        DBMandrake @Gertjan
        last edited by DBMandrake

        @Gertjan Much less secure, because unbound still receives and processes the packets and then decides whether they should be ignored or responded to based on its own configuration file.

        If there was ever a problem like a buffer overflow found in unbound it would be vulnerable to attack from clients that are "blocked" by the ACL list but allowed by firewall rules.

        Firewall rules on the other hand are absolute, and do not allow any packets to reach unbound for processing and would prevent such exploitation. So if you're going to bind to all interfaces (as in this workaround) why not just set access to unbound using firewall rules. I would not rely on unbounds own ACL's except to allow remote subnets which are normally denied by default. I would not rely on it as a means of blocking.

        GertjanG 1 Reply Last reply Reply Quote 1
        • GertjanG Offline
          Gertjan @DBMandrake
          last edited by

          @DBMandrake

          Now that's what I call 'considering' 👍

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • R Offline
            robotox
            last edited by

            Thank you for bringing the thread back to life!
            But in my case, the problem being with Outgoing Interfaces, rules won't apply to the firewall.

            1 Reply Last reply Reply Quote 0
            • R Offline
              robotox
              last edited by

              Now testing the SG-2100 with 23.05.1 for the similar setup but with multiple Wireguards instead of multiple OpenVPNs.
              Unbound starts correctly.
              I am guessing that Wireguard is faster than OpenVPN starting at boot.
              Thanks again.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.