2009/3/27 W.C.A. Wijngaards <wou...@nlnetlabs.nl>: > This is because you bound the second unbound only to 127.0.0.1 and from > there it cannot sendmsg back to client. > use interface: 0.0.0.0 > or interface-automatic: yes > > Don't forget to pf so only internal network can reach port 54 directly, > and give your second unbound access-control for your internal network.
I was already using interface-automatic: port: 54 interface: 127.0.0.1 interface-automatic: yes Now I changed interface to 0.0.0.0, ::0, disabled interface-automatic, changed redirect from 127.0.0.1 to public ip and it works, thanks. I have another strange problem, unbound is freezing and not answering queries. It happened two times. I can not restart it. It just prints info: service stopped (unbound 1.2.1) and I have to send KILL signal to it. It happens often when I restart unbound. top shows it's in umtxn state: 10784 59 4 47 0 539M 479M umtxn 0 2:20 0.00% unbound > Unbound tries to disable ipv4 to ipv6 mapping. But this still happened. > It tries to send back, but the OS doesn't like it. This should not > happen with the default config, this is for your first unbound? What is > its config? > For this also, interface-automatic: yes may solve it (it actually > enables the mapping and uses it...). Or some config changes. Or > disable ipv4toipv6-mapping-by-default with some FreeBSD sysctl; unbound > tries to set a socket option but the kernel does not seem to honor it. I'll check ipv6 options. I use interface-automatic, without it unbound reply with another ip address: ;; reply from unexpected source: 91.198.156.20#53, expected 91.198.156.8#53 yes, this is my firs unbound :) out setup is (average 1-2K qps): interface bce0: 91.198.156.20, alias 91.198.156.8 interface bce1: only ipv6 address unbound-1.2.1 libevent-1.4.9 unbound config is: server: extended-statistics: no num-threads: 4 interface: 0.0.0.0 interface: ::0 interface-automatic: yes outgoing-range: 8192 outgoing-num-tcp: 64 incoming-num-tcp: 64 msg-cache-size: 512m msg-cache-slabs: 8 num-queries-per-thread: 8192 rrset-cache-size: 1g rrset-cache-slabs: 8 cache-max-ttl: 86400 infra-lame-ttl: 1800 infra-cache-slabs: 8 infra-cache-numhosts: 16384 infra-cache-lame-size: 16k access-control: 0.0.0.0/0 allow access-control: ::0/0 allow chroot: "" use-syslog: yes pidfile: "/var/run/unbound.pid" hide-identity: yes hide-version: yes key-cache-slabs: 8 neg-cache-size: 256m remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 953 -- regards, Artis Caune <----. CCNA | BSDA <----|==================== <----' didii FreeBSD _______________________________________________ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users