LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
  Search this Thread
Old 11-01-2017, 05:38 PM   #1
alanware
Member
 
Registered: Aug 2011
Location: Midwest-USA
Distribution: Slackware
Posts: 85

Rep: Reputation: Disabled
Unbound NSD DNSSEC dnscrypt-proxy OpenBSD


I am trying to setup Unbound to provide caching/forwarding to dnscrypt proxy alongside authoritative NSD for internal dns.

What I would like is to have unbound provide caching/forwarding to dnscrypt proxy for the Internet and forward to my local domain on an NSD server for local resolution. I am running into problems when I start adding in forwading/dnscrypt proxy.

OpenBSD 6.2
unbound 1.6.6
nsd 4.1.10
dnscrypt-proxy 1.9.5

What works:
Unbound configured with stub zones to NSD domain and recursive/caching.
Unbound configured with forward zone to NSD domain.

What does not work:
Unbound configured with stub zones to NSD domain and caching/forwarding to dnscrypt proxy.
Unbound configured with forward zones to NSD domain and caching/forwarding to dnscrypt proxy.

I have been working off of Arch guide that seems pretty concise.
Archlinux - Unbound

unbound.conf
Code:
# $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $

server:
	interface: 127.0.0.1
	interface: 192.168.5.20
	do-ip6: no

	access-control: 0.0.0.0/0 refuse
	access-control: 127.0.0.0/8 allow
	access-control: ::0/0 refuse
	access-control: 192.168.5.0/24 allow

	hide-identity: yes
	hide-version: yes

	verbosity: 2
	log-queries: yes

	auto-trust-anchor-file: "/var/unbound/db/root.key"

	do-not-query-localhost: no

	# private networks:
	private-address: 10.0.0.0/8
	private-address: 100.64.0.0/10
	private-address: 172.16.0.0/12
	private-address: 192.0.0.0/29
	private-address: 192.168.0.0/16
	private-address: 198.18.0.0/15
	# example source code & documentation:
	private-address: 192.0.2.0/24
	private-address: 198.51.100.0/24
	private-address: 203.0.113.0/24
	# subnet, autoconfiguration between two hosts on a single link:
	private-address: 169.254.0.0/16
	# reserved for multicast assignments:
	private-address: 224.0.0.0/4
	# reserved for future use:
	private-address: 240.0.0.0/4


local-zone: "example.net" transparent
local-zone: "168.192.in-addr.arpa." transparent

local-zone: "localhost." static
	local-data: "localhost. 10800 IN NS localhost."
	local-data: "localhost. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800"
	local-data: "localhost. 10800 IN A 127.0.0.1"
local-zone: "127.in-addr.arpa." static
	local-data: "127.in-addr.arpa. 10800 IN NS localhost."
	local-data: "127.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 2 3600 1200 604800 10800"
	local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost."

remote-control:
	control-enable: yes
	control-use-cert: no
	control-interface: /var/run/unbound.sock

forward-zone:
	name: "example.net."
	forward-addr: 127.0.0.1@8053
forward-zone:
	name: "168.192.in-addr.arpa."
	forward-addr: 127.0.0.1@8053

#forward-zone:
#	name: "."
#	forward-addr: 127.0.0.1@40
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: IPFire 2.19 Linux Firewall Distribution Switches to Unbound as DNS Proxy LXer Syndicated Linux News 0 11-03-2016 12:50 AM
UnBound <-> Dnscrypt-Proxy Problem Peter_APIIT *BSD 3 09-08-2015 04:10 AM
UnBound <-> Dnscrypt-Proxy Problem Peter_APIIT Linux - Software 2 09-02-2015 12:06 PM

LinuxQuestions.org > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 10:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration