[Unbound-users] BINDs views in unbound

2009-03-26 Thread Artis Caune 
Hi,

we run public cache servers for our customers and our internal servers.
we are using binds views (internal/external) to hide unroutable
resource records from public in some zones.


I can achieve bind views functionality in unbound with two unbound daemons:

- firs unbound daemon is listening on all interfaces and has no
local-zone/local-data entries.

- second unbound is listening on localhost and different port:
server:
port: 54
interface: 127.0.0.1
local-zone: myzone.lv transparent
include: /usr/local/etc/unbound/zone-myzone.lv

- redirect internal hosts to localhost (FreeBSD pf):
table int-dns const { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, ... }
rdr pass proto udp from int-dns to port 53 - 127.0.0.1 port 54
rdr pass proto tcp from int-dns to port 53 - 127.0.0.1 port 54

If query comes from our internal servers, it is redirected to second
unbound instance where it checks local-data and if no entry is found,
it is resolved as usual.
If query comes from public hosts, they don't see our rfc1918 records.

Is this kind of setup okay? Maybe it can be done with one unbound daemon?




-- 
regards,
Artis Caune

. CCNA | BSDA
|
' didii FreeBSD
___
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

[Unbound-users] Unbound 1.2.1 / Sun Studio 12 / Solaris 10 x64.

2009-03-26 Thread Simon-Bernard Drolet 

Hi all,

Just joined the unbound/ldns/nsd wagon and I've got a test nsd running...

Now, after looking at some recursor solution, I'm willing to use unbound 
after seeing some perf numbers in the Alternative DNS Servers book.


I've compiled nsd with Sun Studio 12 on Solaris 10 10/08 x64.

I'm trying to do the same with unbound...

Here is what I'm doing:

 gzcat ldns-1.5.1.tar.gz | tar xvf -

 gzcat unbound-1.2.1.tar.gz | tar xvf -

 cd ldns-1.5.1
 CC='cc -xc99' CFLAGS=-O LDFLAGS='-lsocket -lnsl' \
 ./configure \
   --prefix=/opt/unbound \
   --mandir=/opt/unbound/man
 gmake
 gmake install

 cd drill
 LDFLAGS=-R/opt/unbound/lib \
 ./configure \
   --prefix=/opt/unbound \
   --mandir=/opt/unbound/man
 make
 make install


I did some small test with drill, it works... for now.

Then, unbound:

 cd ../../unbound-1.2.1
 CC='cc -xc99' CFLAGS=-O LDFLAGS='-lsocket -lnsl' \
 ./configure \
   --prefix=/opt/unbound \
   --libexecdir=/opt/unbound/lib \
   --sysconfdir=/etc/unbound \
   --sharedstatedir=/var/unbound \
   --localstatedir=/var/unbound \
   --with-conf-file=/etc/unbound/unbound.conf \
   --with-run-dir=/var/unbound \
   --with-pidfile=/var/run/unbound.pid \
   --with-username=unbound \
   --with-pthreads \
   --with-ldns=../ldns-1.5.1

gmake
gmake install

 All of this works without errors.

Now, when I try to run unbound...

# /opt/unbound/sbin/unbound
[1238082757] unbound[24462:0] warning: increased limit(open files) from 
256 to 312

[1238082757] unbound[24462:0] debug: creating udp4 socket 127.0.0.1 53
[1238082757] unbound[24462:0] debug: creating tcp4 socket 127.0.0.1 53
[1238082757] unbound[24462:0] debug: switching log to syslog
# echo $?
0
#

But if I check, it's not running...

And then, looking into syslog:

Mar 26 11:53:51 gn-msi02 unbound: [ID 993594 daemon.warning] [24511:0] 
warning: did not exit gracefully last time (24508)
Mar 26 11:53:51 gn-msi02 unbound: [ID 993594 daemon.error] [24512:0] 
error: error parsing local-data 'localhost. 10800 IN SOA localhost. 
nobody.invalid. 1 3600 1200

604800 10800': Syntax error, value expected
Mar 26 11:53:51 gn-msi02 unbound: [ID 993594 daemon.error] [24512:0] 
error: bad local-data: localhost. 10800 IN SOA localhost. 
nobody.invalid. 1 3600 1200 604800 10

800
Mar 26 11:53:51 gn-msi02 unbound: [ID 993594 daemon.error] [24512:0] 
error: out of memory adding default zone
Mar 26 11:53:51 gn-msi02 unbound: [ID 993594 daemon.crit] [24512:0] 
fatal error: Could not set up local zones


Any help on this ??? Any pointers ???

As a side note, if I compile using the built-in Solaris 10 gcc, it does 
work...


Simon.

--
Simon-Bernard Drolet, SPecialiste X Inc., 514.247.6741.
SBDroletatgmail(dot)com, Sun Solaris Contractor
Certified Sun Technical Instructor, Sun Certified System Admin (2.5,7,8,9,10)
Sun Certified Network Admin (2.5,7,8,9,10) and Security Admin for Solaris 9,10.

___
Unbound-users mailing list
Unbound-users@unbound.net
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users