DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th December 2017
mefisto mefisto is offline
Fdisk Soldier
 
Join Date: Sep 2017
Posts: 46
Default Unbound problems

Greetings all,

I have been experimenting with installing unbound on my laptop, connected to a router via an Ethernet interface.

1. My fist problem is that after issuing several pings, I notice an error:

"/var/unbound/db/root.key
fail: the anchor is NOT ok and could not be fixed"

Both
Code:
rm /var/unbound/db/root.key
unbound-anchor -a /var/unbound/db/root.key
and
Code:
unbound-anchor -F
restore the root.key, but in a while the same problem reoccurs.

Although based on my search some people do have similar root.key problem, it appears to be on the order of months and not minutes. Any ideas how to resolve the problem would be appreciated.

2. Although the response to the first ping takes a while, which I attribute to use of root server(s), the subsequent ping responses do not appear to be any faster. This puzzles me because my understanding is that unbound should cache the response. Do I have an error in the unbound.conf?

3. I cannot figure out from the various unbound related web pages, how to configure a browser (Firefox) to use the server. Do I need some redirection rule in pf.conf?

unbound.conf:

Code:
# $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $

server:
	#---------------#
	# Set interfaces
	#---------------#

	interface: 127.0.0.1
	verbosity: 1

	do-ip4:  yes
	do-ip6: no
	do-udp: yes
	do-tcp: yes

	#---------------#
	# Control access
	#---------------#

	access-control: 0.0.0.0/0 refuse	# Disable all interfaces
	access-control: 127.0.0.0/8 allow	# Allow all 127.0.0.0 interfaces
	access-control: 192.168.0.0/24 allow	# Allow all 192.168.0.0 interface queries
	do-not-query-localhost: no
	
	#-----------------#
	# Privacy settings
	#-----------------#

	hide-identity: yes	# id.server and version.bind queries refused
	hide-version: yes	# version.server and version.bind queries refused

	# Uncomment to enable qname minimisation.
	# https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08
	#
	# qname-minimisation: yes

	# Enable DNSSEC validation.
	auto-trust-anchor-file: "/var/unbound/db/root.key"
	root-hints: "/var/unbound/db/root.hints"

	# UDP EDNS reassembly buffer advertised to peers. Default 4096.
	# May need lowering on broken networks with fragmentation/MTU issues,
	# particularly if validating DNSSEC.
	#
	#edns-buffer-size: 1480

	# Use TCP for "forward-zone" requests. Useful if you are making
	# DNS requests over an SSH port forwarding.
	#
	#tcp-upstream: yes

	# DNS64 options, synthesizes AAAA records for hosts that don't have
	# them. For use with NAT64 (PF "af-to").
	#
	#module-config: "dns64 validator iterator"
	#dns64-prefix: 64:ff9b::/96	# well-known prefix (default)
	#dns64-synthall: no

	local-zone: "local." static
	local-data: "dracula.local. IN A 192.168.0.108"

	#----------------------#
	# Remote access control
	#----------------------#

	remote-control:
	control-enable: no
	control-use-cert: no
	control-interface: /var/run/unbound.sock
Kindest regards,

M
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unbound and states junkym OpenBSD General 3 22nd October 2016 10:03 PM
Unbound Database daemonbak OpenBSD General 2 21st July 2015 03:28 AM
Unbound Troubleshoot Peter_APIIT OpenBSD General 13 26th June 2015 02:00 AM
directing DNS queries to local unbound? 22decembre OpenBSD Security 16 28th December 2014 04:52 AM
DNSCrypt and local Unbound resolver Oko OpenBSD Security 1 28th December 2014 12:54 AM


All times are GMT. The time now is 04:38 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick