Just what the doctor order - one step closer - Thanks Bruce Bruce Hayward, MTS Allstream Inc., (c) 204-792-9174 (p) 204-958-1983 (e) bruce.hayward at mtsallstream.com -----Original Message----- From: unbound-users-bounces at NLnetLabs.nl [mailto:unbound-users-bounces at NLnetLabs.nl] On Behalf Of W.C.A. Wijngaards Sent: August 19, 2010 1:59 AM To: unbound-users at unbound.net Subject: Re: [Unbound-users] Failure using an address in unbound.conf -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Bruce, Haw, I do not know if this helps for you, but there is an interface option specifically made for anycast; interface-automatic: yes That acts like '0.0.0.0' (and ::0) but uses (weird) socket options. This makes it pick up new interfaces when they are created (without need for config edits and restart) or deleted. (This option is portable to FreeBSD, Solaris, Linux, but probably won't work on other OSes). Best regards, Wouter On 08/19/2010 08:03 AM, Haw Loeung wrote: > Hi Bruce, > > On Thu, 19 Aug 2010 02:35:07 am Hayward, Bruce wrote: > <snip> >> >> When removing the Virtual from the unbound.conf and using 0.0.0.0, it >> works against the physical (but does not resolve against the >> logical/virtuals) >> >> Ideas? >> > > I think we ran into this same problem a couple of years back when > switching from BIND to Unbound on our resolvers (also using anycast > addresses). > > We fixed this by adding "interface" options. For example, one of our > servers has the following interface options defined: > > interface: 127.0.0.1 > interface: 18.104.22.168 > interface: 22.214.171.124 > interface: 126.96.36.199 > > From memory, I think the reason why it fails to resolve against the > logical/virtuals is to do with it using the wrong source IP when > replying to the client. > > Hope this helps. > > > Regards, > > Haw > > > > > _______________________________________________ > Unbound-users mailing list > Unbound-users at unbound.net > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxs1i4ACgkQkDLqNwOhpPhPqwCcD100CPbuxfsrdrNPPLhsIALq 9CYAoI57N4r/7KbxXAqx183lu28C6zl0 =zk8a -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list Unbound-users at unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users Is it really necessary to print this email? MTS ALLSTREAM INC. CONFIDENTIALITY WARNING: This email message is confidential and intended only for the named recipient(s). If you are not the intended recipient, or an agent responsible for delivering it to the intended recipient, or if this message has been sent to you in error, you are hereby notified that any review, use, dissemination, distribution or copying of this message or its contents is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete the original message. If there is an agreement attached with this message, such agreement will not be binding until it is signed by all parties named therein.