Unbound on ipv6


  • Rebel Alliance Global Moderator

    So ran through the setup on the welcome message.  Ran smooth as silk, had to toggle the default gateway on the wanipv6 I setup – but other than working great, dhcp works -- pointed dns to the HE.net dns, and hands that out great.

    But running unbound and would like clients to use that, but when I tell unbound to use the lan, and wanipv6 interface created via the welcome thread instructions - unbound dies.

    Any tricks here?  I have to run so will look at closer later - but shouldn't I be able to get unbound to listen on both ipv4 and ipv6 addresses?  But it seems to die when I do that, and get this error in the system log

    Mar 6 18:22:43 php: /pkg_edit.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '/usr/local/etc/unbound/unbound.conf:32: error: stray '"' /usr/local/etc/unbound/unbound.conf:32: error: stray '"' read /usr/local/etc/unbound/unbound.conf failed: 2 errors in configuration file [1299457363] unbound[19270:0] fatal error: Could not read config file: /usr/local/etc/unbound/unbound.conf'


  • Rebel Alliance Global Moderator

    Ok I manually edit the config for unbound to do ipv6 queries, and listening on ipv6 address and allow queries from my ipv6 local network and seems to be working.  Would be better to do from gui though.



  • Hey John,

    What exactly did you edit in your unbound config to get this to work?
    Does it stick for you after reboot or are you manually reediting each time?


  • Rebel Alliance Global Moderator

    I have not tried a reboot that I recall, but here is what I edited.

    interface: ::0
    do-ip6: yes
    access-control: 2001:470:snipped:b85::/64 allow

    ; <<>> DiG 9.7.1-P2 <<>> @2001:470:snipped:b85::1 www.google.com
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16642
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;www.google.com.                        IN      A

    ;; ANSWER SECTION:
    www.google.com.        583225  IN      CNAME  www.l.google.com.
    www.l.google.com.      300    IN      A      74.125.225.20
    www.l.google.com.      300    IN      A      74.125.225.19
    www.l.google.com.      300    IN      A      74.125.225.18
    www.l.google.com.      300    IN      A      74.125.225.17
    www.l.google.com.      300    IN      A      74.125.225.16

    ;; Query time: 86 msec
    ;; SERVER: 2001:470:snipped:b85::1#53(2001:470:snipped:b85::1)
    ;; WHEN: Thu Mar 10 17:08:52 2011
    ;; MSG SIZE  rcvd: 132

    2001:470:snipped:b85::1 is the ipv6 address on lan interface of my pfsense box

    When I get home will try a reboot.



  • oh man, i totally missed access-control… duh.

    thanks John!



  • Thanks @johnpoz - i'll look into adding proper IPv6 support in the next couple of days.



  • @wagonza:

    Thanks @johnpoz - i'll look into adding proper IPv6 support in the next couple of days.

    That would be awesome! Thank you!



  • Wagonza, is there any news on the 'proper' support in unbound?



  • @iFloris:

    Wagonza, is there any news on the 'proper' support in unbound?

    Yeah finally! Just update to the latest package. It will automatically setup to listen on the interfaces that have v6 configured and setup the appropriate ACLs for that interface.
    I still need to do work on the ACLs page to specify other networks but for now this support should suffice.

    Let me know if you have any problems - either respond here, DM me or catch me on twitter (@wagonza).



  • fan-freakin-tastic! Thanks Wagonza!



  • Thanks Wagonza, very nice and useful!


Locked