Unbound recursiv Fallback
Good evening to all unbound users, I am currently trying to setup an unbound server and have a little problem. My goal is to have unbound have a fallback so that I can forward "example.com" to e.g. x.x.x.x. But if x.x.x.x can not figure the name out then have unbound do the "normal" recursiv way. In my understanding I can make this happen with forward-first. My forward-zone looks like this: forward-zone: name: "." forward-addr: 8.8.8.8 forward-first: yes Greetings, Nils Schubert
support for draft-bortzmeyer-dprive-resolver-to-auth
Hello unbound+nsd developers, not sure if you're aware of https://datatracker.ietf.org/doc/draft-bortzmeyer-dprive-resolver-to-auth/ Do have any ideas if it's possible to implement such stuff in future unbound and / or nsd releases? Andreas
Re: unbound binaries execution issue
Hello Paul, Do we have any other public DNS validating servers other that 8.8.8.8 which support DNSSEC? I tried with 8.8.8.8 and the results are always bogus. it looks like 8.8.8.8 is stripping off all the DNSSEC related flags when it send back the reply to my client. Rgds Simon On Wed, Mar 7, 2018 at 1:31 PM, SIMON BABY wrote: > Hello Paul, > > Can i know if I can specify the particular interface as a default gw for > sending query in the code > without explicitly configuring that interface as a gw. I checked in my > system and it fails. In my system I do not have any default gw configured. > So the packets generated within my system are not going outside until > I configure a default gw. > > Rgds > simon > > On Mon, Mar 5, 2018 at 5:24 PM, Paul Wouters wrote: > >> On Mon, 5 Mar 2018, SIMON BABY via Unbound-users wrote: >> >> I get the below error while trying to launch unbound-host or >>> unbound-anchor or any unbound executable in my build env. Can someone help >>> to solve this issue? >>> >>> sbaby@ubuntu:~/workspace/wqar/tmp/work/mips-mv-linux/libunbo >>> und-1.6.8-r0/libunbound/unbound-1.6.8$ ./unbound-host >>> >> >> is "sbaby" a mips machines too? It looks like you are perhaps >> cross-compiling, so in that case the binary cannot be tested >> on the build host. >> >> Or maybe your "mips-mv-linux" is a cross compile using a different >> set of libraries (like a different c library) ? >> >> Paul >> > >
Re: unbound binaries execution issue
Thank you so much Paul. I will try with QUAD9. Rgds Simon On Fri, Mar 9, 2018 at 3:12 PM, Pete Wright wrote: > > > On 03/09/2018 15:04, SIMON BABY via Unbound-users wrote: > >> Hello Paul, >> >> Do we have any other public DNS validating servers other that 8.8.8.8 >> which support DNSSEC? I tried with 8.8.8.8 and the results are always >> bogus. it looks like 8.8.8.8 is stripping off all the >> DNSSEC related flags when it send back the reply to my client. >> >> > I believe the "Quad9" (9.9.9.9) public resolver supports DNSSEC properlly: > https://www.quad9.net/ > > hope this helps, > -pete > > -- > Pete Wright > p...@nomadlogic.org > @nomadlogicLA > >
Re: unbound binaries execution issue
On 03/09/2018 15:04, SIMON BABY via Unbound-users wrote: Hello Paul, Do we have any other public DNS validating servers other that 8.8.8.8 which support DNSSEC? I tried with 8.8.8.8 and the results are always bogus. it looks like 8.8.8.8 is stripping off all the DNSSEC related flags when it send back the reply to my client. I believe the "Quad9" (9.9.9.9) public resolver supports DNSSEC properlly: https://www.quad9.net/ hope this helps, -pete -- Pete Wright p...@nomadlogic.org @nomadlogicLA
Re: unbound binaries execution issue
Hi Pete, Quad9 worked. Thank you for the help. Rgds Simon On Fri, Mar 9, 2018 at 3:12 PM, Pete Wright wrote: > > > On 03/09/2018 15:04, SIMON BABY via Unbound-users wrote: > >> Hello Paul, >> >> Do we have any other public DNS validating servers other that 8.8.8.8 >> which support DNSSEC? I tried with 8.8.8.8 and the results are always >> bogus. it looks like 8.8.8.8 is stripping off all the >> DNSSEC related flags when it send back the reply to my client. >> >> > I believe the "Quad9" (9.9.9.9) public resolver supports DNSSEC properlly: > https://www.quad9.net/ > > hope this helps, > -pete > > -- > Pete Wright > p...@nomadlogic.org > @nomadlogicLA > >
Re: unbound doesn't remove pidfile
From what I can see unbound init script is up-to-date. Do I need to add override for the pidfile in unbound config? Even if I do that and it works, I will still need to update the unbound init script as well so the easiest file to me to update the init script to explicitly remove the pid file after unbound is stopped. I wonder how other people running unbound in a chroot setup on ubuntu/debian is dealing with the issue. root@DFW01-CPS02:/etc/unbound/unbound.conf.d# cat test.conf server: chroot: "/var/lib/unbound" verbosity: 9 do-not-query-localhost: no statistics-cumulative: yes extended-statistics: yes interface: 127.0.0.1 python: remote-control: control-enable: yes root@DFW01-CPS02:/etc/unbound/unbound.conf.d# root@DFW01-CPS02:/etc/unbound/unbound.conf.d# cat /etc/init.d/unbound #!/bin/sh ### BEGIN INIT INFO # Provides: unbound # Required-Start: $network $remote_fs $syslog # Required-Stop: $network $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO NAME="unbound" DESC="DNS server" DAEMON="/usr/sbin/unbound" PIDFILE="/run/unbound.pid" HELPER="/usr/lib/unbound/package-helper" test -x $DAEMON || exit 0 . /lib/lsb/init-functions # Override this variable by editing or creating /etc/default/unbound. DAEMON_OPTS="" if [ -f /etc/default/unbound ]; then . /etc/default/unbound fi case "$1" in start) log_daemon_msg "Starting $DESC" "$NAME" $HELPER chroot_setup $HELPER root_trust_anchor_update 2>&1 | logger -p daemon.info -t unbound-anchor if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then $HELPER resolvconf_start log_end_msg 0 else log_end_msg 1 fi ;; stop) log_daemon_msg "Stopping $DESC" "$NAME" if start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --name $NAME; then $HELPER resolvconf_stop log_end_msg 0 else log_end_msg 1 fi ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$NAME" start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME --retry 5 $HELPER resolvconf_stop if start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --name $NAME --startas $DAEMON -- $DAEMON_OPTS; then $HELPER chroot_setup $HELPER resolvconf_start log_end_msg 0 else log_end_msg 1 fi ;; reload) log_daemon_msg "Reloading $DESC" "$NAME" if start-stop-daemon --stop --pidfile $PIDFILE --signal 1; then $HELPER chroot_setup log_end_msg 0 else log_end_msg 1 fi ;; status) status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|status|reload|force-reload}" >&2 exit 1 ;; esac exit 0 On Wednesday, March 7, 2018, 4:33:37 AM PST, Robert Edmonds via Unbound-users wrote: Shawn Zhou via Unbound-users wrote: > I am running unbound 1.5.8 on ubuntu xenial. unbound doesn't run remove the > pid file after it's stopped. I believe the unbound packaging on Ubuntu xenial is old enough that it still uses the sysv generator to create the service unit. You will probably want to add this fix to your unbound init script, which I don't think was ever backported to xenial (it was originally added in 1.5.9-1): https://salsa.debian.org/dns-team/unbound/commit/1c139abaa0fe58f8d97b64c96da6c3332b1b9e49 -- Robert Edmonds edmo...@debian.org