Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound on ipv6

    Scheduled Pinned Locked Moved IPv6
    11 Posts 4 Posters 11.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      So ran through the setup on the welcome message.  Ran smooth as silk, had to toggle the default gateway on the wanipv6 I setup – but other than working great, dhcp works -- pointed dns to the HE.net dns, and hands that out great.

      But running unbound and would like clients to use that, but when I tell unbound to use the lan, and wanipv6 interface created via the welcome thread instructions - unbound dies.

      Any tricks here?  I have to run so will look at closer later - but shouldn't I be able to get unbound to listen on both ipv4 and ipv6 addresses?  But it seems to die when I do that, and get this error in the system log

      Mar 6 18:22:43 php: /pkg_edit.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '/usr/local/etc/unbound/unbound.conf:32: error: stray '"' /usr/local/etc/unbound/unbound.conf:32: error: stray '"' read /usr/local/etc/unbound/unbound.conf failed: 2 errors in configuration file [1299457363] unbound[19270:0] fatal error: Could not read config file: /usr/local/etc/unbound/unbound.conf'

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Ok I manually edit the config for unbound to do ipv6 queries, and listening on ipv6 address and allow queries from my ipv6 local network and seems to be working.  Would be better to do from gui though.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • T
          tebeve
          last edited by

          Hey John,

          What exactly did you edit in your unbound config to get this to work?
          Does it stick for you after reboot or are you manually reediting each time?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            I have not tried a reboot that I recall, but here is what I edited.

            interface: ::0
            do-ip6: yes
            access-control: 2001:470:snipped:b85::/64 allow

            ; <<>> DiG 9.7.1-P2 <<>> @2001:470:snipped:b85::1 www.google.com
            ; (1 server found)
            ;; global options: +cmd
            ;; Got answer:
            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16642
            ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

            ;; QUESTION SECTION:
            ;www.google.com.                        IN      A

            ;; ANSWER SECTION:
            www.google.com.        583225  IN      CNAME  www.l.google.com.
            www.l.google.com.      300    IN      A      74.125.225.20
            www.l.google.com.      300    IN      A      74.125.225.19
            www.l.google.com.      300    IN      A      74.125.225.18
            www.l.google.com.      300    IN      A      74.125.225.17
            www.l.google.com.      300    IN      A      74.125.225.16

            ;; Query time: 86 msec
            ;; SERVER: 2001:470:snipped:b85::1#53(2001:470:snipped:b85::1)
            ;; WHEN: Thu Mar 10 17:08:52 2011
            ;; MSG SIZE  rcvd: 132

            2001:470:snipped:b85::1 is the ipv6 address on lan interface of my pfsense box

            When I get home will try a reboot.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              tebeve
              last edited by

              oh man, i totally missed access-control… duh.

              thanks John!

              1 Reply Last reply Reply Quote 0
              • W
                wagonza
                last edited by

                Thanks @johnpoz - i'll look into adding proper IPv6 support in the next couple of days.

                Follow me on twitter http://twitter.com/wagonza
                http://www.thepackethub.co.za

                1 Reply Last reply Reply Quote 0
                • T
                  tebeve
                  last edited by

                  @wagonza:

                  Thanks @johnpoz - i'll look into adding proper IPv6 support in the next couple of days.

                  That would be awesome! Thank you!

                  1 Reply Last reply Reply Quote 0
                  • I
                    iFloris
                    last edited by

                    Wagonza, is there any news on the 'proper' support in unbound?

                    one layer of information
                    removed

                    1 Reply Last reply Reply Quote 0
                    • W
                      wagonza
                      last edited by

                      @iFloris:

                      Wagonza, is there any news on the 'proper' support in unbound?

                      Yeah finally! Just update to the latest package. It will automatically setup to listen on the interfaces that have v6 configured and setup the appropriate ACLs for that interface.
                      I still need to do work on the ACLs page to specify other networks but for now this support should suffice.

                      Let me know if you have any problems - either respond here, DM me or catch me on twitter (@wagonza).

                      Follow me on twitter http://twitter.com/wagonza
                      http://www.thepackethub.co.za

                      1 Reply Last reply Reply Quote 0
                      • T
                        tebeve
                        last edited by

                        fan-freakin-tastic! Thanks Wagonza!

                        1 Reply Last reply Reply Quote 0
                        • I
                          iFloris
                          last edited by

                          Thanks Wagonza, very nice and useful!

                          one layer of information
                          removed

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.