Thanks for the configs ! https://jonwillia.ms/2018/09/23/anycast-dns-openbsd (github.com/bongozone/kibble)
I have got it to work as only either only working with my internal zone records or working with everything else Unbound ignores when i put a forward-zone: name: ".testing" when i have another forward-zone: name: "." Does anyone know how this could be done ? I have nsd running the zone records for .testing and it works when i only have the .testing forward-zone in the unbound.conf , does anyone know what im doing wrong ? On July 27, 2019 1:35:55 AM GMT+03:00, Vijay Sankar <vsan...@foretell.ca> wrote: > >Quoting Stuart Henderson <s...@spacehopper.org>: > >> No - you wouldn't do it with Unbound which is a *recursive* DNS >> server, you would use an authoritative one like NSD, PowerDNS, Knot >> or BIND. All you would do with Unbound is use stub-zone to point it >> at an authoritative server. >> >> -- >> Sent from a phone, apologies for poor formatting. >> On 26 July 2019 11:05:44 Flipchan <flipc...@riseup.net> wrote: >>> Can you link to any guides or pratical howtos on how to pratically >>> do that with unbound ? >>> >>> Thanks >>> >>> >>> On July 25, 2019 9:32:29 PM GMT+03:00, Stuart Henderson >>> <s...@spacehopper.org> wrote: >>> On 2019-07-25, Flipchan <flipc...@riseup.net> wrote: >>> >>> Greetings everyone, >>> >>> Does anyone have a good solution for syncing unbound configuration >files? >>> >>> >>> i have the senario where i have two internal LAN's that in two >>> different offices that need to have the same internal >>> dns system for the local systems, and there is a lot of changes >>> being done in the internal zone records so i need >>> a good way to sync them(the ideal way where to have a similar >>> solution like mysql's master-master replication). >>> >>> Both dns resolvers are running unbound on openbsd 6.5 and right now > >>> the configuration file is synced with ansible. >>> Does anyone have a good solution on replicating dns records/configs > >>> for unbound. In the future it will be scaled >>> even more so right now is a good time to implement some replication > >>> for the unbound configs. >>> >>> Does anyone have a solution for this? >>> >>> There is people changing the config files on both instances so the >>> ideal way would be a replication real time sync function. >>> >>> Anyone got any ideas? >>> >>> >>> Thanks in advance >>> Ciao >>> flipchan >>> >>> >>> If multiple sites are updating records in the same internal zone at >various >>> times, they would probably be better off with a normal >>> authoritative DNS server >>> serving that zone (with e.g. stub-zone to point unbound at it), >>> editing it in >>> one place, and using normal DNS replication (zone-transfer and >notify) >>> to push the updates. >>> >>> >>> -- >>> Sent from my Android device with K-9 Mail. Please excuse my brevity. > >I have two locations (foretell.ca and lab.foretell.ca) and for quite a > >while used NSD and Unbound. But switched to the following approach >(however my use case is very simple and my networks are small, but it >works well for me) > >My unbound.conf on four DNS servers have > >include: "/var/unbound/etc/zonedata" > >I then set up a simple zonedata file on one server with stuff such as: > >local-zone: "foretell.ca." static >. >. >local-zone: "lab.foretell.ca." static >. >. >local-zone: "0.0.10.in-addr.arpa." static >. >. >local-zone: "3.72.10.in-addr.arpa." static >. >. >etc. etc. > >Changes to zonedata reflect changes at both locations. Then I just >have a rsync process running a few times a day that does the following: > >fr1s1.foretell.ca# more dnsupdate.sh >rsync -av zonedata 10.0.0.1:/var/unbound/etc/ >rsync -av zonedata 10.0.0.3:/var/unbound/etc/ >rsync -av zonedata 10.72.3.1:/var/unbound/etc/ >rsync -av zonedata 10.72.3.3:/var/unbound/etc/ >ssh 10.0.0.1 /etc/rc.d/unbound restart >ssh 10.0.0.3 /etc/rc.d/unbound restart >ssh 10.72.3.1 /etc/rc.d/unbound restart >ssh 10.72.3.3 /etc/rc.d/unbound restart > >Obviously I am not sure if this will scale for your requirements but >mentioning this just in case it helps. > >Vijay > > >-- >ForeTell Technologies Limited >59 Flamingo Avenue >Winnipeg, MB, Canada >R3J 0X6 -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
