Maintained by: NLnet Labs

Unbound non-local bind, no replay from the daemon

Aliaksei Sheshka
Wed Jan 10 22:38:47 CET 2018


Assuming config

        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        verbosity: 9
        #ip-transparent: yes
        #ip-freebind: yes
        access-control: allow

I see unbound listens
udp    UNCONN     0      0
*:*                   users:(("unbound",pid=21765,fd=5))
udp    UNCONN     0      0
*:*                   users:(("unbound",pid=21765,fd=3))

(Also , looks like options ip-transparent: yes and ip-freebind: yes do
nothing withregard of listening non-local IPs on Linux.)

Sysctl as follows:
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.conf.all.forwarding = 1

On my router I have set static routes to and
via, is the IP on the eth0 connected to
the router.
tcpdump show packets arriving on the eth0, but there are no packets
back, looks like they never reach unbound.

My question is how actually to steer DNS traffic to those non-local IPs?
What is missing in this setup?