|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
||||
Unbound Troubleshoot
Hello all,
I had set up unbound according to online tutorial but unfortunately the dig command return error. Quote:
Quote:
Quote:
Quote:
Does anyone know how to troubleshoot? The log file does not contains any things. Last edited by Peter_APIIT; 20th June 2015 at 02:17 AM. Reason: Added unbound configuration and troubleshoot steps |
|
||||
Quote:
Yes I do. Setting Unbound on 5.7 is 2 minutes job but you don't give us any info to work with. Consequently I can give you just a generic advise. Start by reading man pages. |
|
|||
Sorry to all of you. I had added the necessary configuration to the original thread. Please help me. Thanks.
|
|
||||
It is clear that unbound(8) is not running.
Quote:
The rc.d(8) subsystem includes a diagnostic -d option that can show you if there are startup errors. See the man page, and run /etc/rc.d/unbound with this option enabled. You may receive messages which tell you why unbound refuses to start. Lastly, please read the unbound(8) man page. There are two things in it that I would like you to take note of:
|
|
|||
First of all, Thanks for jggmi giving such a good explanation.
I had tried to start unbound using -d option and it shows that it is log file permission error. I'm created the log file using superuser and chown and chgrp to _unbound but the problem still persists. On the other hands, I had also tried to removed the log file option and unbound was started successfully with the -d option. Then, I tried to dig and no server can reached error displayed again. There is nothing displayed at the /var/log/messages unbound-checkconf return no error. What Wrong with it? |
|
||||
This:
Code:
$ unbound-checkconf Peter_APIIT.provided.file pasted.file:16: error: unknown keyword 'forward-zones' pasted.file:16: error: stray ':' pasted.file:17: error: syntax error read pasted.file failed: 3 errors in configuration file $ Code:
unbound-checkconf: no errors in <file> Quote:
=== NOTE: in the configuration you pasted, you did not bother with a full path to the logfile. If that is still true with the configuration you are using, that is likely part of the problem. Without a full path, unbound will use a relative path to its working directory. When started manually by you, this will be whatever working directory your shell happened to be using. When started by the OS at boot ... it is possibly the root directory. But I'm unsure. I do not use relative paths in any of my system configuration files. Edited to add: I also do not use a logfile directive in any of my unbound configurations. Logging instead is via syslogd(8). Last edited by jggimi; 23rd June 2015 at 07:15 AM. Reason: syslog mentioned |
|
|||
Somehow I knew before clicking it that the online tutorial was indeed that site, whose name shall not be mentioned. And as a funny added insult, my xombrero core-dumps every time I visit it aswell.
Also, you specified 127.0.0.1 in resolv.conf, but not under interfaces in unbound.conf. So I'm guessing your querys are going to an interface where unbound is not running. |
|
||||
Quote:
Code:
# $OpenBSD: unbound.conf,v 1.4 2014/04/02 21:43:30 millert Exp $ server: interface: 127.0.0.1 interface: ::1 interface: 192.168.6.254 # listen on lan zone interface do-ip6: no access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: ::0/0 refuse access-control: ::1 allow access-control: 192.168.6.0/24 allow # allow lan zone queries hide-identity: yes hide-version: yes # Uncomment to enable DNSSEC validation. # auto-trust-anchor-file: "/var/unbound/db/root.key" # Serve zones authoritatively from Unbound to resolver clients. # Not for external service. include: "/var/unbound/etc/oko_network/*" oko_network.org Code:
# more oko_network.org # Auton Lab LAN zone file local-zone: "oko_network.org" static local-data: "lofty.oko_network.org IN A 192.168.6.1" local-data: "svnhub.oko_network.org IN A 192.168.6.2 Code:
# more 6.168.192.in-addr.arpa local-zone: "6.168.192.in-addr.arpa." static local-data-ptr: "192.168.6.1 lofty.oko_network.org" local-data-ptr: "192.168.6.2 svnhub.oko_network.org" |
|
||||
Since we're sharing valid configurations, here is one of mine. It's pretty simple. This non-authoritative configuration supports domain resolutions for two subnets: 10.0.1/24 and 10.0.4/24, and also provides local resolution on the server itself via loopback. It uses Google's public nameservers at 8.8.8.8 and 8.8.4.4 for resolutions of domain names and IP addresses on the Internet.
All I've done here is redact the local system names and addresses, leaving only a single domain name and IP address to show the two blocks where they are located in the file. Code:
server: verbosity: 1 interface: 127.0.0.1 interface: 10.0.1.1 interface: 10.0.4.1 access-control: 0.0.0.0/0 refuse access-control: 127.0.0.0/8 allow access-control: 10.0.0.0/8 allow root-hints: "/var/unbound/etc/named.cache" local-zone: "jggimi.homeip.net." static local-data: "gateway.jggimi.homeip.net. IN A 10.0.1.1" . . . [snip] . . . local-data-ptr: "10.0.1.1 gateway.jggimi.homeip.net" . . . [snip] . . . python: remote-control: forward-zone: name: "." forward-addr: 8.8.8.8 forward-addr: 8.8.4.4 |
|
|||
Problem solved by added interface 127.0.0.1. Thanks jggmi.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
directing DNS queries to local unbound? | 22decembre | OpenBSD Security | 16 | 28th December 2014 04:52 AM |
DNSCrypt and local Unbound resolver | Oko | OpenBSD Security | 1 | 28th December 2014 12:54 AM |
How to troubleshoot a hang in OpenBSD? | quisquous | OpenBSD General | 11 | 1st January 2014 09:21 PM |
unbound reverse lookup private zone | Oko | General software and network | 2 | 20th November 2013 03:15 PM |
How do I troubleshoot an internal interface | BinarySpike | OpenBSD General | 3 | 1st September 2011 04:11 AM |