Unbound on ipv6

johnpoz

Ok I manually edit the config for unbound to do ipv6 queries, and listening on ipv6 address and allow queries from my ipv6 local network and seems to be working.  Would be better to do from gui though.

tebeve

Hey John,

What exactly did you edit in your unbound config to get this to work?
Does it stick for you after reboot or are you manually reediting each time?

johnpoz

I have not tried a reboot that I recall, but here is what I edited.

interface: ::0
do-ip6: yes
access-control: 2001:470:snipped:b85::/64 allow

; <<>> DiG 9.7.1-P2 <<>> @2001:470:snipped:b85::1 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16642
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.        583225  IN      CNAME  www.l.google.com.
www.l.google.com.      300    IN      A      74.125.225.20
www.l.google.com.      300    IN      A      74.125.225.19
www.l.google.com.      300    IN      A      74.125.225.18
www.l.google.com.      300    IN      A      74.125.225.17
www.l.google.com.      300    IN      A      74.125.225.16

;; Query time: 86 msec
;; SERVER: 2001:470:snipped:b85::1#53(2001:470:snipped:b85::1)
;; WHEN: Thu Mar 10 17:08:52 2011
;; MSG SIZE  rcvd: 132

2001:470:snipped:b85::1 is the ipv6 address on lan interface of my pfsense box

When I get home will try a reboot.

tebeve

oh man, i totally missed access-control… duh.

thanks John!

wagonza

Thanks @johnpoz - i'll look into adding proper IPv6 support in the next couple of days.

tebeve

@wagonza:

Thanks @johnpoz - i'll look into adding proper IPv6 support in the next couple of days.

That would be awesome! Thank you!

iFloris

Wagonza, is there any news on the 'proper' support in unbound?

wagonza

@iFloris:

Wagonza, is there any news on the 'proper' support in unbound?

Yeah finally! Just update to the latest package. It will automatically setup to listen on the interfaces that have v6 configured and setup the appropriate ACLs for that interface.
I still need to do work on the ACLs page to specify other networks but for now this support should suffice.

Let me know if you have any problems - either respond here, DM me or catch me on twitter (@wagonza).

tebeve

fan-freakin-tastic! Thanks Wagonza!

iFloris

Thanks Wagonza, very nice and useful!