Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 7 Dec 2013 06:03:11 -0800 (PST)
From:      Beeblebrox <zaphod@berentweb.com>
To:        freebsd-questions@freebsd.org
Subject:   Unbound in jail
Message-ID:  <1386424991855-5866649.post@n5.nabble.com>

Next in thread | Raw E-Mail | Index | Archive | Help
I'd like to try running unbound in a jail. Since chrooting will be
irrelevant, I have set in unbound.conf (chroot: ""). Config file passes
sanity test with unbound-checkconf. But I have several questions:

1. As testing, from host-proper:  unbound -c /etc/unbound/unbound.conf gives
below error if these are set in unbound.conf: (#    so-rcvbuf: 4m, #   
so-sndbuf: 4m). Not necessary?
unbound[9069:0] error: setsockopt(..., SO_RCVBUF, ...) failed: No buffer
space available  unbound[9069:0] fatal error: could not open ports

2. Since unbound does NOT get started/stopped as a service - as stated in
man page (unbound -c/kill unbound.pid), unbound_enable=yes in
<jailname>/etc/rc.conf will most likely not work. How is that managed in
jails?

3. unbound will be tasked to cache and serve the DNS requests from clients,
but needs to use forward-addr parameter to forward the DNS query to a
Tor-Socks jail. Failing a response from Tor, it needs to fall-back to
dns/dnscrypt-proxy (which will run either in the DNS or TOR jail). MyQ: Does
a simple forward-addr to the TOR jail IP work for the DNS query, or is a
more complicated setup necessary? For the fall-back method using
dnscrypt-proxy, I assume placing this in unbound.conf will work, if
dnscrypt-proxy is placed in the same jail as unbound?
forward-addr: <tor-jail-ip>
forward-addr: 127.0.0.1@40

Thanks.



-----
FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS
--
View this message in context: http://freebsd.1045724.n5.nabble.com/Unbound-in-jail-tp5866649.html
Sent from the freebsd-questions mailing list archive at Nabble.com.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?1386424991855-5866649.post>