Date: Thu, 14 Aug 2014 09:52:28 -0700 From: Marc Fournier <scrappy@hub.org> To: Ruben van Staveren <ruben@verweg.com> Cc: freebsd-jail@freebsd.org Subject: Re: FreeBSD 10 + unbound + jail == nothing resolves Message-ID: <FA76D42A-089E-40CD-87D0-58595B3CF593@hub.org> In-Reply-To: <78D774FA-EE8E-4A67-A600-504E5B47BB12@verweg.com> References: <C299EE65-AE3C-4713-938C-3C5B5D817163@hub.org> <78D774FA-EE8E-4A67-A600-504E5B47BB12@verweg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Damn, missed the /var/log/debug.log file =85 had been monitoring = /var/log/messsages =85 in /var/log/debug.log, I get: Aug 14 17:45:36 97381 unbound: [98857:0] debug: refused query from ip4 = 200.46.208.99 port 61092 (len 16) Aug 14 17:45:36 97381 unbound: [98857:0] debug: refuse[53:0] = 124D0100000100000000000102363602373202333802353007696E2D616464720461727061= 00000C0001000029FFFF000000000000 before and after disabling DNSSEC =85 got it, had to add: access-control: 200.46.208.99/32 allow now it resolves fine =85=20 thx On Aug 14, 2014, at 08:17 , Ruben van Staveren <ruben@verweg.com> wrote: >=20 > Marc, >=20 > can you try to disable DNSSEC?=20 >=20 > http://www.unbound.net/documentation/howto_turnoff_dnssec.html >=20 > (and add val-log-level: 2) >=20 > it might be that your upstream nameserver botches DNSSEC reply. To = keep DNSSEC, uncomment inclusion of the generated forwarder = configuration and have unbound query the root nameservers itself. >=20 > Cheers, > Ruben >=20 >=20 > On 14 Aug 2014, at 8:48, Marc Fournier <scrappy@hub.org> wrote: >=20 >>=20 >> Before I give up and just install bind (which I=92d really like to = avoid doing, but it did work out of the box) =85 has anyone gotten this = to run? >>=20 >> I=92ve searched Google, and can find next to nothing =85 but I have = to be missing something obvious, else I would expect to find loads =85 = or nobody is acutally doing this =85 >>=20 >> I tried the simple:=20 >>=20 >> add local_unbound_enable=3D=93YES=94 to rc.conf >> start up the service >>=20 >> it modifies my /etc/resolv.conf, starts up, but when I try to = =91drill=92 a domain, I get nothing back =85 checked /var/log/messages, = only thing I see is what appears to be the start up: >>=20 >> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 0: = validator >> Aug 14 07:19:02 97381 unbound: [44840:0] notice: init module 1: = iterator >>=20 >>=20 >> I=92ve even tried running from the command line with =91-d -vv=92, = and all I get is: >>=20 >> /var/unbound # /usr/sbin/unbound -c/var/unbound/unbound.conf -d -vv >> [1407997717] unbound[45554:0] notice: Start of unbound 1.4.20. >> [1407997717] unbound[45554:0] debug: switching log to syslog >>=20 >> I have it running on the host server, and it responsed perfectly well = =85 I=92ve tried changing the =91namserver=92 setting in = /etc/resolv.conf to be the IP of the jail, vs localhost =85 as well as = setting =91interfaces=92 in /var/unbound/unbound.conf =85 no difference = =85 >>=20 >> Help? >>=20 >>=20 >>=20 >> _______________________________________________ >> freebsd-jail@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-jail >> To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org" >>=20 >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FA76D42A-089E-40CD-87D0-58595B3CF593>