unbound refuses queries on ULA IPv6 Alias
-
Hi,
I've configured an additional ULA IPV6 subnet in my DHCPv6 Server and configured an ULA address as IP Alias for my pfsense. The unbound server is configured to listen on all interfaces except of the WAN-ones. It is correctly identifying the IP Alias as a listening address:
[22.05-RELEASE][admin@fw-unitymedia.fufnet.local]/: cat /var/unbound/unbound.conf ########################## # Unbound Configuration ########################## [....] # Interface IP(s) to bind to interface: 192.168.10.253 [....] interface: fdcf:0:0:10::253 interface: 127.0.0.1 interface: ::1 [....]and it listens to the address too:
[22.05-RELEASE][admin@fw-unitymedia.fufnet.local]/: netstat -6 -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp6 0 0 ::1.53 *.* LISTEN tcp6 0 0 fdcf:0:0:10::253.53 *.* LISTEN tcp6 0 0 fe80::208:a2ff:f.53 *.* LISTEN tcp6 0 0 fe80::1:1%mvneta.53 *.* LISTEN tcp6 0 0 fe80::208:a2ff:f.53 *.* LISTEN [....]but it does not allow to query. The simple solution is to add the ULA Network to the access lists, as it is not added by default
[22.05-RELEASE][admin@fw-unitymedia.fufnet.local]/: cat /var/unbound/access_lists.conf access-control: 127.0.0.1/32 allow_snoop [...] access-control: ::1/128 allow #WireGuard access-control: 10.42.0.0/24 allow #FUFNET access-control: fdcf:0:0:10::/64 allowThis is an easy way to get the problem solved and this is even possible via the gui. But the question remains: as the pfsense is adding the normal IPv6 addresses of the interface automatically to the access_lists.conf and as it is recognizing the ip alias as a valid listening address - shouldn't it add the ip alias also automatically to this config file?
regards,
Christian