From owner-freebsd-jail@FreeBSD.ORG Thu Aug 14 16:52:20 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 21C6AECD for ; Thu, 14 Aug 2014 16:52:20 +0000 (UTC) Received: from hub.org (hub.org [200.46.208.146]) by mx1.freebsd.org (Postfix) with ESMTP id E4EE220B0 for ; Thu, 14 Aug 2014 16:52:19 +0000 (UTC) Received: from maia.hub.org (unknown [200.46.151.188]) by hub.org (Postfix) with ESMTP id 506661984A03; Thu, 14 Aug 2014 13:52:18 -0300 (ADT) Received: from hub.org ([200.46.208.146]) by maia.hub.org (mx1.hub.org [200.46.151.188]) (amavisd-maia, port 10024) with ESMTP id 86625-05; Thu, 14 Aug 2014 16:52:18 +0000 (UTC) Received: from [10.5.250.137] (remote.ilcs.sd63.bc.ca [142.31.148.2]) by hub.org (Postfix) with ESMTPA id A63C01984A02; Thu, 14 Aug 2014 13:52:17 -0300 (ADT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: FreeBSD 10 + unbound + jail == nothing resolves From: Marc Fournier In-Reply-To: <78D774FA-EE8E-4A67-A600-504E5B47BB12@verweg.com> Date: Thu, 14 Aug 2014 09:52:28 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <78D774FA-EE8E-4A67-A600-504E5B47BB12@verweg.com> To: Ruben van Staveren X-Mailer: Apple Mail (2.1878.6) Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2014 16:52:20 -0000 Damn, missed the /var/log/debug.log file =85 had been monitoring = /var/log/messsages =85 in /var/log/debug.log, I get: Aug 14 17:45:36 97381 unbound: [98857:0] debug: refused query from ip4 = 200.46.208.99 port 61092 (len 16) Aug 14 17:45:36 97381 unbound: [98857:0] debug: refuse[53:0] = 124D0100000100000000000102363602373202333802353007696E2D616464720461727061= 00000C0001000029FFFF000000000000 before and after disabling DNSSEC =85 got it, had to add: access-control: 200.46.208.99/32 allow now it resolves fine =85=20 thx On Aug 14, 2014, at 08:17 , Ruben van Staveren wrote: >=20 > Marc, >=20 > can you try to disable DNSSEC?=20 >=20 > http://www.unbound.net/documentation/howto_turnoff_dnssec.html >=20 > (and add val-log-level: 2) >=20 > it might be that your upstream nameserver botches DNSSEC reply. To = keep DNSSEC, uncomment inclusion of the generated forwarder = configuration and have unbound query the root nameservers itself. >=20 > Cheers, > Ruben >=20 >=20 > On 14 Aug 2014, at 8:48, Marc Fournier wrote: >=20 >>=20 >> Before I give up and just install bind (which I=92d really like to = avoid doing, but it did work out of the box) =85 has anyone gotten this = to run? >>=20 >> I=92ve searched Google, and can find next to nothing =85 but I have = to be missing something obvious, else I would expect to find loads =85 = or nobody is acutally doing this =85 >>=20 >> I tried the simple:=20 >>=20 >> add local_unbound_enable=3D=93YES=94 to rc.conf >> start up the service >>=20 >> it modifies my /etc/resolv.conf, starts up, but when I try to = =91drill=92 a domain, I get nothing back =85 checked /var/log/messages, = only thing I see is what appears to be the start up: >>=20 >> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 0: = validator >> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 1: = iterator >>=20 >>=20 >> I=92ve even tried running from the command line with =91-d -vv=92, = and all I get is: >>=20 >> /var/unbound # /usr/sbin/unbound -c/var/unbound/unbound.conf -d -vv >> [1407997717] unbound[45554:0] notice: Start of unbound 1.4.20. >> [1407997717] unbound[45554:0] debug: switching log to syslog >>=20 >> I have it running on the host server, and it responsed perfectly well = =85 I=92ve tried changing the =91namserver=92 setting in = /etc/resolv.conf to be the IP of the jail, vs localhost =85 as well as = setting =91interfaces=92 in /var/unbound/unbound.conf =85 no difference = =85 >>=20 >> Help? >>=20 >>=20 >>=20 >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org" >>=20 >=20