From owner-freebsd-questions@FreeBSD.ORG Sat Dec 7 14:03:19 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE49951D for ; Sat, 7 Dec 2013 14:03:19 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 855611FD4 for ; Sat, 7 Dec 2013 14:03:19 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1VpITP-0002V7-Se for freebsd-questions@freebsd.org; Sat, 07 Dec 2013 06:03:11 -0800 Date: Sat, 7 Dec 2013 06:03:11 -0800 (PST) From: Beeblebrox To: freebsd-questions@freebsd.org Message-ID: <1386424991855-5866649.post@n5.nabble.com> Subject: Unbound in jail MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Dec 2013 14:03:19 -0000 I'd like to try running unbound in a jail. Since chrooting will be irrelevant, I have set in unbound.conf (chroot: ""). Config file passes sanity test with unbound-checkconf. But I have several questions: 1. As testing, from host-proper: unbound -c /etc/unbound/unbound.conf gives below error if these are set in unbound.conf: (# so-rcvbuf: 4m, # so-sndbuf: 4m). Not necessary? unbound[9069:0] error: setsockopt(..., SO_RCVBUF, ...) failed: No buffer space available unbound[9069:0] fatal error: could not open ports 2. Since unbound does NOT get started/stopped as a service - as stated in man page (unbound -c/kill unbound.pid), unbound_enable=yes in /etc/rc.conf will most likely not work. How is that managed in jails? 3. unbound will be tasked to cache and serve the DNS requests from clients, but needs to use forward-addr parameter to forward the DNS query to a Tor-Socks jail. Failing a response from Tor, it needs to fall-back to dns/dnscrypt-proxy (which will run either in the DNS or TOR jail). MyQ: Does a simple forward-addr to the TOR jail IP work for the DNS query, or is a more complicated setup necessary? For the fall-back method using dnscrypt-proxy, I assume placing this in unbound.conf will work, if dnscrypt-proxy is placed in the same jail as unbound? forward-addr: forward-addr: 127.0.0.1@40 Thanks. ----- FreeBSD-11-current_amd64_root-on-zfs_RadeonKMS -- View this message in context: http://freebsd.1045724.n5.nabble.com/Unbound-in-jail-tp5866649.html Sent from the freebsd-questions mailing list archive at Nabble.com.