Unbound not listening on pfSense's virtual IP
Disclaimer: I've already posted for this particular problem in another topic that started for a multi-WAN setup DNS issue. But the following question is really apart.
In my setup my pfSense server has IP 192.168.0.42/24 but a virtual IP (menu Firewall: Virtual IP Address) of type "IP alias" (on Interface "LAN") makes him available via 192.168.0.254/24 (I'm considering this IP as my gateway IP and then I'm free to use whatever server I want as long as it responds to 192.168.0.254/24.
But Unbound package (v1.4.22), when asked to listen on "Network interface" LAN and loopback seems ignore this virtual IP.
I can successfully contact Unbound on 192.168.0.42:
nslookup www.pfsense.org 192.168.0.42
But it fails on 192.168.0.254:
nslookup www.pfsense.org 192.168.0.254
;; connection timed out; no servers could be reached
Menu Services: Unbound DNS Forwarder: Status: Unbound configuration:
[...] # Interface IP(s) to bind to interface: 192.168.0.42 interface: 127.0.0.1 interface: ::1 [...]
[2.1.2-RELEASE][email@example.com]/(36): netstat -n | grep 53 udp6 0 0 ::1.53 *.* udp4 0 0 127.0.0.1.53 *.* udp4 0 0 192.168.0.42.53 *.* c8e86ec8 stream 0 0 c8e3f53c 0 0 0 /var/run/check_reload_status
Is there a way to add the "interface: 192.168.0.254" Unbound directive (GUI or CLI)? Tried to add it in "Services: Unbound DNS Forwarder: Advanced Settings: Custom Options" but Unbound then fails to start…
If this is not supported by this package nor the pfSense UI could I set up some "iptables" redirection to route incoming traffic from 192.168.0.42:53 to 192.168.0.254:53?
wagonza last edited by
I can look into it - it should allow binding to VIPs. In 2.2. Unbound is been used in the base and its allowed there.
I however still need to do upgrade code to handle people who have 2.1 unbound packages installed.
I'm on pfSense 2.1.2 (update to 2.1.3 planned for very soon).
You are saying Unbound on pfSense 2.2 does takes into account Virtual IPs but hasn't been ported to 2.1 yet?
wagonza last edited by
yup thats correct baring in mind that 2.2 is alpha…
I get 2.2 is not production-ready ;)
Meanwhile is there a way (either via Web GUI or SSH) to change (eg. add "interface: 192.168.0.254" line) to Unbound configuration file?
I've browsed into pfSense file system but could not find the configuration file Unbound program actually uses.
Other possible solution: an iptable-like rule to re-route traffic from 192.168.0.42:53 to 192.168.0.254:53. Does it even exists on pfSense?