Maintained by: NLnet Labs

[Unbound-users] Failure using an address in unbound.conf

W.C.A. Wijngaards
Thu Aug 19 08:58:54 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Bruce, Haw,

I do not know if this helps for you, but there is an interface option
specifically made for anycast;

interface-automatic: yes

That acts like '0.0.0.0' (and ::0) but uses (weird) socket options.
This makes it pick up new interfaces when they are created (without need
for config edits and restart) or deleted.  (This option is portable to
FreeBSD, Solaris, Linux, but probably won't work on other OSes).

Best regards,
   Wouter

On 08/19/2010 08:03 AM, Haw Loeung wrote:
> Hi Bruce,
> 
> On Thu, 19 Aug 2010 02:35:07 am Hayward, Bruce wrote:
> <snip>
>>
>> When removing the Virtual from the unbound.conf and using 0.0.0.0, it
>> works against the physical (but does not resolve against the
>> logical/virtuals)
>>
>> Ideas?
>>
> 
> I think we ran into this same problem a couple of years back when 
> switching from BIND to Unbound on our resolvers (also using anycast 
> addresses).
> 
> We fixed this by adding "interface" options. For example, one of our 
> servers has the following interface options defined:
> 
> interface: 127.0.0.1
> interface: 203.26.24.44
> interface: 203.12.160.35
> interface: 203.87.88.1
> 
> From memory, I think the reason why it fails to resolve against the 
> logical/virtuals is to do with it using the wrong source IP when 
> replying to the client.
> 
> Hope this helps.
> 
> 
> Regards,
> 
> Haw
> 
> 
> 
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxs1i4ACgkQkDLqNwOhpPhPqwCcD100CPbuxfsrdrNPPLhsIALq
9CYAoI57N4r/7KbxXAqx183lu28C6zl0
=zk8a
-----END PGP SIGNATURE-----