Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 7 Dec 2013 06:03:11 -0800 (PST)
From:      Beeblebrox <>
Subject:   Unbound in jail
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
I'd like to try running unbound in a jail. Since chrooting will be
irrelevant, I have set in unbound.conf (chroot: ""). Config file passes
sanity test with unbound-checkconf. But I have several questions:

1. As testing, from host-proper:  unbound -c /etc/unbound/unbound.conf gives
below error if these are set in unbound.conf: (#    so-rcvbuf: 4m, #   
so-sndbuf: 4m). Not necessary?
unbound[9069:0] error: setsockopt(..., SO_RCVBUF, ...) failed: No buffer
space available  unbound[9069:0] fatal error: could not open ports

2. Since unbound does NOT get started/stopped as a service - as stated in
man page (unbound -c/kill, unbound_enable=yes in
<jailname>/etc/rc.conf will most likely not work. How is that managed in

3. unbound will be tasked to cache and serve the DNS requests from clients,
but needs to use forward-addr parameter to forward the DNS query to a
Tor-Socks jail. Failing a response from Tor, it needs to fall-back to
dns/dnscrypt-proxy (which will run either in the DNS or TOR jail). MyQ: Does
a simple forward-addr to the TOR jail IP work for the DNS query, or is a
more complicated setup necessary? For the fall-back method using
dnscrypt-proxy, I assume placing this in unbound.conf will work, if
dnscrypt-proxy is placed in the same jail as unbound?
forward-addr: <tor-jail-ip>


View this message in context:
Sent from the freebsd-questions mailing list archive at

Want to link to this message? Use this URL: <>