Unbound on ipv6

johnpoz

So ran through the setup on the welcome message.  Ran smooth as silk, had to toggle the default gateway on the wanipv6 I setup – but other than working great, dhcp works -- pointed dns to the HE.net dns, and hands that out great.

But running unbound and would like clients to use that, but when I tell unbound to use the lan, and wanipv6 interface created via the welcome thread instructions - unbound dies.

Any tricks here?  I have to run so will look at closer later - but shouldn't I be able to get unbound to listen on both ipv4 and ipv6 addresses?  But it seems to die when I do that, and get this error in the system log

Mar 6 18:22:43 php: /pkg_edit.php: The command '/usr/local/sbin/unbound-control start' returned exit code '1', the output was '/usr/local/etc/unbound/unbound.conf:32: error: stray '"' /usr/local/etc/unbound/unbound.conf:32: error: stray '"' read /usr/local/etc/unbound/unbound.conf failed: 2 errors in configuration file [1299457363] unbound[19270:0] fatal error: Could not read config file: /usr/local/etc/unbound/unbound.conf'

johnpoz

Ok I manually edit the config for unbound to do ipv6 queries, and listening on ipv6 address and allow queries from my ipv6 local network and seems to be working.  Would be better to do from gui though.

tebeve

Hey John,

What exactly did you edit in your unbound config to get this to work?
Does it stick for you after reboot or are you manually reediting each time?

johnpoz

I have not tried a reboot that I recall, but here is what I edited.

interface: ::0
do-ip6: yes
access-control: 2001:470:snipped:b85::/64 allow

; <<>> DiG 9.7.1-P2 <<>> @2001:470:snipped:b85::1 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16642
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.        583225  IN      CNAME  www.l.google.com.
www.l.google.com.      300    IN      A      74.125.225.20
www.l.google.com.      300    IN      A      74.125.225.19
www.l.google.com.      300    IN      A      74.125.225.18
www.l.google.com.      300    IN      A      74.125.225.17
www.l.google.com.      300    IN      A      74.125.225.16

;; Query time: 86 msec
;; SERVER: 2001:470:snipped:b85::1#53(2001:470:snipped:b85::1)
;; WHEN: Thu Mar 10 17:08:52 2011
;; MSG SIZE  rcvd: 132

2001:470:snipped:b85::1 is the ipv6 address on lan interface of my pfsense box

When I get home will try a reboot.

tebeve

oh man, i totally missed access-control… duh.

thanks John!

wagonza

Thanks @johnpoz - i'll look into adding proper IPv6 support in the next couple of days.

tebeve

@wagonza:

Thanks @johnpoz - i'll look into adding proper IPv6 support in the next couple of days.

That would be awesome! Thank you!

iFloris

Wagonza, is there any news on the 'proper' support in unbound?

wagonza

@iFloris:

Wagonza, is there any news on the 'proper' support in unbound?

Yeah finally! Just update to the latest package. It will automatically setup to listen on the interfaces that have v6 configured and setup the appropriate ACLs for that interface.
I still need to do work on the ACLs page to specify other networks but for now this support should suffice.

Let me know if you have any problems - either respond here, DM me or catch me on twitter (@wagonza).

tebeve

fan-freakin-tastic! Thanks Wagonza!

iFloris

Thanks Wagonza, very nice and useful!