Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unbound not listening on pfSense's virtual IP

    Scheduled Pinned Locked Moved
    DHCP and DNS
    2
    5
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CDuv
      last edited by

      Disclaimer: I've already posted for this particular problem in another topic that started for a multi-WAN setup DNS issue. But the following question is really apart.

      In my setup my pfSense server has IP 192.168.0.42/24 but a virtual IP (menu Firewall: Virtual IP Address) of type "IP alias" (on Interface "LAN") makes him available via 192.168.0.254/24 (I'm considering this IP as my gateway IP and then I'm free to use whatever server I want as long as it responds to 192.168.0.254/24.

      But Unbound package (v1.4.22), when asked to listen on "Network interface" LAN and loopback seems ignore this virtual IP.

      I can successfully contact Unbound on 192.168.0.42:

      nslookup www.pfsense.org 192.168.0.42
      Server:        192.168.0.42
      Address:        192.168.0.42#53

      Non-authoritative answer:
      Name:  www.pfsense.org
      Address: 208.123.73.69

      But it fails on 192.168.0.254:

      nslookup www.pfsense.org 192.168.0.254
      ;; connection timed out; no servers could be reached

      GUI and netstat confirms it:
      Menu Services: Unbound DNS Forwarder: Status: Unbound configuration:

      [...]
# Interface IP(s) to bind to
interface: 192.168.0.42
interface: 127.0.0.1
interface: ::1
[...]

      [2.1.2-RELEASE][admin@router.example.com]/(36): netstat -n | grep 53
udp6       0      0 ::1.53                 *.*
udp4       0      0 127.0.0.1.53           *.*
udp4       0      0 192.168.0.42.53        *.*
c8e86ec8 stream      0      0 c8e3f53c        0        0        0 /var/run/check_reload_status

      Is there a way to add the "interface: 192.168.0.254" Unbound directive (GUI or CLI)? Tried to add it in "Services: Unbound DNS Forwarder: Advanced Settings: Custom Options" but Unbound then fails to start…
      If this is not supported by this package nor the pfSense UI could I set up some "iptables" redirection to route incoming traffic from 192.168.0.42:53 to 192.168.0.254:53?

      1 Reply Last reply Reply Quote 0
      • W
        wagonza
        last edited by

        I can look into it - it should allow binding to VIPs. In 2.2. Unbound is been used in the base and its allowed there.
        I however still need to do upgrade code to handle people who have 2.1 unbound packages installed.

        Follow me on twitter http://twitter.com/wagonza
        http://www.thepackethub.co.za

        1 Reply Last reply Reply Quote 0
        • C
          CDuv
          last edited by

          I'm on pfSense 2.1.2 (update to 2.1.3 planned for very soon).
          You are saying Unbound on pfSense 2.2 does takes into account Virtual IPs but hasn't been ported to 2.1 yet?

          1 Reply Last reply Reply Quote 0
          • W
            wagonza
            last edited by

            yup thats correct baring in mind that 2.2 is alpha…

            Follow me on twitter http://twitter.com/wagonza
            http://www.thepackethub.co.za

            1 Reply Last reply Reply Quote 0
            • C
              CDuv
              last edited by

              I get 2.2 is not production-ready ;)

              Meanwhile is there a way (either via Web GUI or SSH) to change (eg. add "interface: 192.168.0.254" line) to Unbound configuration file?
              I've browsed into pfSense file system but could not find the configuration file Unbound program actually uses.

              Other possible solution: an iptable-like rule to re-route traffic from 192.168.0.42:53 to 192.168.0.254:53. Does it even exists on pfSense?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post