Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th December 2017
mefisto mefisto is offline
Port Guard
Join Date: Sep 2017
Posts: 24
Default Unbound problems

Greetings all,

I have been experimenting with installing unbound on my laptop, connected to a router via an Ethernet interface.

1. My fist problem is that after issuing several pings, I notice an error:

fail: the anchor is NOT ok and could not be fixed"

rm /var/unbound/db/root.key
unbound-anchor -a /var/unbound/db/root.key
unbound-anchor -F
restore the root.key, but in a while the same problem reoccurs.

Although based on my search some people do have similar root.key problem, it appears to be on the order of months and not minutes. Any ideas how to resolve the problem would be appreciated.

2. Although the response to the first ping takes a while, which I attribute to use of root server(s), the subsequent ping responses do not appear to be any faster. This puzzles me because my understanding is that unbound should cache the response. Do I have an error in the unbound.conf?

3. I cannot figure out from the various unbound related web pages, how to configure a browser (Firefox) to use the server. Do I need some redirection rule in pf.conf?


# $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $

	# Set interfaces

	verbosity: 1

	do-ip4:  yes
	do-ip6: no
	do-udp: yes
	do-tcp: yes

	# Control access

	access-control: refuse	# Disable all interfaces
	access-control: allow	# Allow all interfaces
	access-control: allow	# Allow all interface queries
	do-not-query-localhost: no
	# Privacy settings

	hide-identity: yes	# id.server and version.bind queries refused
	hide-version: yes	# version.server and version.bind queries refused

	# Uncomment to enable qname minimisation.
	# https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
	# qname-minimisation: yes

	# Enable DNSSEC validation.
	auto-trust-anchor-file: "/var/unbound/db/root.key"
	root-hints: "/var/unbound/db/root.hints"

	# UDP EDNS reassembly buffer advertised to peers. Default 4096.
	# May need lowering on broken networks with fragmentation/MTU issues,
	# particularly if validating DNSSEC.
	#edns-buffer-size: 1480

	# Use TCP for "forward-zone" requests. Useful if you are making
	# DNS requests over an SSH port forwarding.
	#tcp-upstream: yes

	# DNS64 options, synthesizes AAAA records for hosts that don't have
	# them. For use with NAT64 (PF "af-to").
	#module-config: "dns64 validator iterator"
	#dns64-prefix: 64:ff9b::/96	# well-known prefix (default)
	#dns64-synthall: no

	local-zone: "local." static
	local-data: "dracula.local. IN A"

	# Remote access control

	control-enable: no
	control-use-cert: no
	control-interface: /var/run/unbound.sock
Kindest regards,

Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unbound and states junkym OpenBSD General 3 22nd October 2016 10:03 PM
Unbound Database daemonbak OpenBSD General 2 21st July 2015 03:28 AM
Unbound Troubleshoot Peter_APIIT OpenBSD General 13 26th June 2015 02:00 AM
directing DNS queries to local unbound? 22decembre OpenBSD Security 16 28th December 2014 04:52 AM
DNSCrypt and local Unbound resolver Oko OpenBSD Security 1 28th December 2014 12:54 AM

All times are GMT. The time now is 06:30 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick