Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound package - enable forwarding still no-op

    Scheduled Pinned Locked Moved pfSense Packages
    18 Posts 2 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by

      As mentioned here 2+ years ago, the "Enable forwarding mode" button is simply not working at all.

      
      $ unbound-control forward
      off (using root hints)
      
      $ unbound-control list_forwards
      $
      
      

      ???

      1 Reply Last reply Reply Quote 0
      • W
        wagonza
        last edited by

        But 'list_forwards' lists the forward zones in use.

        The 'Enable forwarding mode' grabs the name servers from your config in 'General Setup'.

        Works for me:

        [2.1-RELEASE][admin@pfSense.localdomain]/root(5): unbound-control forward
        off (using root hints)
        

        then enabling the checkbox:

        
        [2.1-RELEASE][admin@pfSense.localdomain]/root(6): unbound-control forward
        10.27.50.1 127.0.0.1
        
        

        Follow me on twitter http://twitter.com/wagonza
        http://www.thepackethub.co.za

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          As said, this plain does not work here on any box unless configured manually, i.e., like

          forward-zone:; name: "."; forward-addr: 8.8.8.8; forward-addr: 8.8.4.4;

          (And yeah, I did check the generated unboud.conf file, no mention of any forwarding there when using the checkbox.)

          1 Reply Last reply Reply Quote 0
          • W
            wagonza
            last edited by

            It doesn't add a forward-zone configuration section. The checkbox just forces it to execute:

            
            unbound-control forward nameserver_1 nameserver_2 ...
            
            

            Do you have any DNS servers configured in 'General Setup'?

            Follow me on twitter http://twitter.com/wagonza
            http://www.thepackethub.co.za

            1 Reply Last reply Reply Quote 0
            • W
              wagonza
              last edited by

              @wagonza:

              It doesn't add a forward-zone configuration section. The checkbox just forces it to execute:

              
              unbound-control forward nameserver_1 nameserver_2 ...
              
              

              I suppose I could change it so that it does add a forward-zone section…

              Follow me on twitter http://twitter.com/wagonza
              http://www.thepackethub.co.za

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                Yes, I do have  DNS servers configured in 'General Setup'. Regardless, the only result is this, i.e., ticking the checkbox and clicking Save does not produce any action here.

                
                $ unbound-control forward
                off (using root hints)
                
                

                Now,

                
                $ unbound-control forward 8.8.8.8 8.8.4.4
                ok
                $ unbound-control forward
                8.8.4.4 8.8.8.8
                
                

                Afraid the code is somehow broken. Otherwise yeah, using the config file sounds like a whole lot less confusing and more reliable way to do this.

                1 Reply Last reply Reply Quote 0
                • W
                  wagonza
                  last edited by

                  Ok odd.

                  Anyway I have modified it to add forward-zone configuration syntax

                  
                  [2.1-RELEASE][admin@pfSense.localdomain]/root(79): unbound-control forward
                  127.0.0.1 10.27.50.1
                  [2.1-RELEASE][admin@pfSense.localdomain]/root(80): unbound-control list_forwards
                  . IN forward: 127.0.0.1 10.27.50.1
                  [2.1-RELEASE][admin@pfSense.localdomain]/root(81):
                  
                  

                  I have bumped the version as well. Let me know if it works for you.

                  Follow me on twitter http://twitter.com/wagonza
                  http://www.thepackethub.co.za

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    @wagonza:

                    Let me know if it works for you.

                    OK, it does not. However, I guess we are getting somewhere, since it turns out now why it did not work in the first place with previous package version, the list of DNS servers turns out to be empty.

                    
                    $ unbound-control forward
                    
                    $  unbound-control list_forwards
                    . IN forward:
                    
                    

                    Huh… Call me confused. Have you tested this with 2.1.1 prerelease version? I guess something got changed there?

                    1 Reply Last reply Reply Quote 0
                    • W
                      wagonza
                      last edited by

                      Whats the contents of /etc/resolv.conf?

                      I added a safety belt to avoid adding an empty forward configuration.

                      Follow me on twitter http://twitter.com/wagonza
                      http://www.thepackethub.co.za

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        @wagonza:

                        Whats the contents of /etc/resolv.conf?

                        
                        domain testdomain.local
                        nameserver 127.0.0.1
                        nameserver 217.31.204.130
                        nameserver 193.29.206.206
                        
                        
                        1 Reply Last reply Reply Quote 0
                        • W
                          wagonza
                          last edited by

                          Ok i think i found the problem. Do you have any /var/etc/nameserver_* files which might have be empty?

                          Follow me on twitter http://twitter.com/wagonza
                          http://www.thepackethub.co.za

                          1 Reply Last reply Reply Quote 0
                          • D
                            doktornotor Banned
                            last edited by

                            @wagonza:

                            Ok i think i found the problem. Do you have any /var/etc/nameserver_* files which might have be empty?

                            Hmmm, afraid no such thing there.

                            
                            $ ls -la /var/etc/nameserver_*
                            ls: No match.
                            
                            
                            1 Reply Last reply Reply Quote 0
                            • W
                              wagonza
                              last edited by

                              Weird. The name servers are returned by either of two functions get_dns_servers() or get_nameservers(). The latter is if the DNS servers are overridden by DHCP. So I would assume yours is handled by get_dns_servers() - which reads the contents of resolv.conf and returns the values.

                              If you go to 'Diagnostics -> Command prompt' and execute the following PHP code, it should return the name servers you listed.

                              
                              print_r(get_dns_servers());
                              
                              

                              Follow me on twitter http://twitter.com/wagonza
                              http://www.thepackethub.co.za

                              1 Reply Last reply Reply Quote 0
                              • D
                                doktornotor Banned
                                last edited by

                                @wagonza:

                                If you go to 'Diagnostics -> Command prompt' and execute the following PHP code, it should return the name servers you listed.

                                
                                print_r(get_dns_servers());
                                
                                

                                Yes, that works…

                                
                                Array
                                (
                                    [0] => 127.0.0.1
                                    [1] => 217.31.204.130
                                    [2] => 193.29.206.206
                                )
                                
                                
                                1 Reply Last reply Reply Quote 0
                                • W
                                  wagonza
                                  last edited by

                                  Ok so thats right - i pushed a patch which swopped some logic around so if you can just reinstall the package and let me know if its any better.

                                  Follow me on twitter http://twitter.com/wagonza
                                  http://www.thepackethub.co.za

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    doktornotor Banned
                                    last edited by

                                    @wagonza:

                                    i pushed a patch which swopped some logic around so if you can just reinstall the package and let me know if its any better.

                                    Excellent… all good now!  8)

                                    1 Reply Last reply Reply Quote 0
                                    • W
                                      wagonza
                                      last edited by

                                      Brilliant - thanks for the help in trouble shooting.

                                      Follow me on twitter http://twitter.com/wagonza
                                      http://www.thepackethub.co.za

                                      1 Reply Last reply Reply Quote 0
                                      • D
                                        doktornotor Banned
                                        last edited by

                                        Thanks a lot for quick fix!

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.