Maintained by: NLnet Labs

[Unbound-users] BINDs views in unbound

Artis Caune
Fri Mar 27 12:34:22 CET 2009


2009/3/27 W.C.A. Wijngaards <wouter at nlnetlabs.nl>:
> This is because you bound the second unbound only to 127.0.0.1 and from
> there it cannot sendmsg back to client.
> use  interface: 0.0.0.0
> or interface-automatic: yes
>
> Don't forget to pf so only internal network can reach port 54 directly,
> and give your second unbound access-control for your internal network.

I was already using interface-automatic:
    port: 54
    interface: 127.0.0.1
    interface-automatic: yes

Now I changed interface to 0.0.0.0, ::0, disabled interface-automatic,
changed redirect from 127.0.0.1 to public ip and it works, thanks.

I have another strange problem, unbound is freezing and not answering
queries. It happened two times. I can not restart it.
It just prints
    info: service stopped (unbound 1.2.1)
and I have to send KILL signal to it.
It happens often when I restart unbound. top shows it's in umtxn state:

10784     59      4  47    0   539M   479M umtxn  0   2:20  0.00% unbound



> Unbound tries to disable ipv4 to ipv6 mapping.  But this still happened.
>  It tries to send back, but the OS doesn't like it.  This should not
> happen with the default config, this is for your first unbound? What is
> its config?
> For this also, interface-automatic: yes  may solve it (it actually
> enables the mapping and uses it...).  Or some config changes.  Or
> disable ipv4toipv6-mapping-by-default with some FreeBSD sysctl; unbound
> tries to set a socket option but the kernel does not seem to honor it.

I'll check ipv6 options.

I use interface-automatic, without it unbound reply with another ip address:

;; reply from unexpected source: 91.198.156.20#53, expected 91.198.156.8#53


yes, this is my firs unbound :)

out setup is (average 1-2K qps):
interface bce0: 91.198.156.20, alias 91.198.156.8
interface bce1: only ipv6 address

unbound-1.2.1
libevent-1.4.9


unbound config is:

server:
    extended-statistics: no
    num-threads: 4
    interface: 0.0.0.0
    interface: ::0
    interface-automatic: yes
    outgoing-range: 8192
    outgoing-num-tcp: 64
    incoming-num-tcp: 64
    msg-cache-size: 512m
    msg-cache-slabs: 8
    num-queries-per-thread: 8192
    rrset-cache-size: 1g
    rrset-cache-slabs: 8
    cache-max-ttl: 86400
    infra-lame-ttl: 1800
    infra-cache-slabs: 8
    infra-cache-numhosts: 16384
    infra-cache-lame-size: 16k
    access-control: 0.0.0.0/0 allow
    access-control: ::0/0 allow
    chroot: ""
    use-syslog: yes
    pidfile: "/var/run/unbound.pid"
    hide-identity: yes
    hide-version: yes
    key-cache-slabs: 8
    neg-cache-size: 256m

remote-control:
    control-enable: yes
    control-interface: 127.0.0.1
    control-port: 953




-- 
regards,
Artis Caune

<----. CCNA | BSDA
<----|====================
<----' didii FreeBSD