|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Unbound problems
Greetings all,
I have been experimenting with installing unbound on my laptop, connected to a router via an Ethernet interface. 1. My fist problem is that after issuing several pings, I notice an error: "/var/unbound/db/root.key fail: the anchor is NOT ok and could not be fixed" Both Code:
rm /var/unbound/db/root.key unbound-anchor -a /var/unbound/db/root.key Code:
unbound-anchor -F Although based on my search some people do have similar root.key problem, it appears to be on the order of months and not minutes. Any ideas how to resolve the problem would be appreciated. 2. Although the response to the first ping takes a while, which I attribute to use of root server(s), the subsequent ping responses do not appear to be any faster. This puzzles me because my understanding is that unbound should cache the response. Do I have an error in the unbound.conf? 3. I cannot figure out from the various unbound related web pages, how to configure a browser (Firefox) to use the server. Do I need some redirection rule in pf.conf? unbound.conf: Code:
# $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $ server: #---------------# # Set interfaces #---------------# interface: 127.0.0.1 verbosity: 1 do-ip4: yes do-ip6: no do-udp: yes do-tcp: yes #---------------# # Control access #---------------# access-control: 0.0.0.0/0 refuse # Disable all interfaces access-control: 127.0.0.0/8 allow # Allow all 127.0.0.0 interfaces access-control: 192.168.0.0/24 allow # Allow all 192.168.0.0 interface queries do-not-query-localhost: no #-----------------# # Privacy settings #-----------------# hide-identity: yes # id.server and version.bind queries refused hide-version: yes # version.server and version.bind queries refused # Uncomment to enable qname minimisation. # https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 # # qname-minimisation: yes # Enable DNSSEC validation. auto-trust-anchor-file: "/var/unbound/db/root.key" root-hints: "/var/unbound/db/root.hints" # UDP EDNS reassembly buffer advertised to peers. Default 4096. # May need lowering on broken networks with fragmentation/MTU issues, # particularly if validating DNSSEC. # #edns-buffer-size: 1480 # Use TCP for "forward-zone" requests. Useful if you are making # DNS requests over an SSH port forwarding. # #tcp-upstream: yes # DNS64 options, synthesizes AAAA records for hosts that don't have # them. For use with NAT64 (PF "af-to"). # #module-config: "dns64 validator iterator" #dns64-prefix: 64:ff9b::/96 # well-known prefix (default) #dns64-synthall: no local-zone: "local." static local-data: "dracula.local. IN A 192.168.0.108" #----------------------# # Remote access control #----------------------# remote-control: control-enable: no control-use-cert: no control-interface: /var/run/unbound.sock M |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unbound and states | junkym | OpenBSD General | 3 | 22nd October 2016 10:03 PM |
Unbound Database | daemonbak | OpenBSD General | 2 | 21st July 2015 03:28 AM |
Unbound Troubleshoot | Peter_APIIT | OpenBSD General | 13 | 26th June 2015 02:00 AM |
directing DNS queries to local unbound? | 22decembre | OpenBSD Security | 16 | 28th December 2014 04:52 AM |
DNSCrypt and local Unbound resolver | Oko | OpenBSD Security | 1 | 28th December 2014 12:54 AM |