Maintained by: NLnet Labs

[Unbound-users] New member, maybe old question?

Filipe Cifali
Tue Jun 3 17:34:45 CEST 2014


Hello guys, I need some help about understanding how to do what I need with
unbound.

My setup is basically is 2 IPVS (heartbeat + ldirectord) with gate(not
masquerade) to 4 servers each.

So I need to setup the IPVS on the servers in their loopbacks so I can use
the IP to reply.

No arp allowed, forward allowed as needed.

This setup works w/ Named/Bind. The queries are replied by the IP requested
(on the loopback as he's the IPVS)

But w/ unbound the request address is the IPVS but the reply comes from the
real IP on the interface, resulting in:

dig google.com @IPVS
;; reply from unexpected source: REALSERVER#53, expected IPVS#

Searching the archives, from oldest to newest I found this:

http://www.unbound.net/pipermail/unbound-users/2008-January/000003.html

And this:

http://www.unbound.net/pipermail/unbound-users/2012-June/002404.html

I can't bind to 0.0.0.0 cause bind is running on the other interfaces. This
is why I have to use the IPs on the config w/ multiple interface
statements.

They are both near what I have atm but not the same.

I get this behavior on 1.4.21-r2 (from Gentoo portage)

If I made any mistake in the config let me know:

erver:
verbosity: 1
interface: REALIP
interface: IPVS1
interface: IPVS2
port: 53
cache-min-ttl: 300
cache-max-ttl: 86400
infra-host-ttl: 900
infra-cache-slabs: 8
infra-cache-numhosts: 100000
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
access-control: MYNETWORK.0/24 allow
username: "unbound"
directory: "/etc/unbound"
logfile: "logs/unbound.log"
use-syslog: no
log-queries: yes
pidfile: "/var/run/unbound.pid"
hide-identity: yes
hide-version: yes
identity: ""
version: ""
harden-short-bufsize: no
harden-large-queries: no
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: no
harden-referral-path: no
use-caps-for-id: yes
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
key-cache-size: 512m
key-cache-slabs: 8
neg-cache-size: 8m
include: "/etc/unbound/local-zone.conf"
python:
remote-control:

-- 
[ ]'s

Filipe Cifali Stangler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140603/94077831/attachment.html>