help needed with unbound / blacklist

Johannes_B_Kernel · November 4, 2021, 12:05pm

hello list,

on one of my servers i use “unbound” for blacklisting Domains.
but it seems, its not working any longer after an past update of my system.

On the server is gentoo linux, Kernel 5.14.15
Unbound is version 1.13.1

unbound -V
Version 1.13.1

Configure line: --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir
=/var/lib --docdir=/usr/share/doc/unbound-1.13.1-r2 --htmldir=/usr/share/doc/unbound-1.13.1-r2/html --with-sysroot=/ --libdir=/usr/lib64 --disable-debug --disable-gost --disable-dnscrypt –
disable-dnstap --enable-ecdsa --disable-subnet --enable-cachedb --disable-static --disable-systemd --with-pythonmodule --with-pyunbound --with-pthreads --with-libnghttp2 --disable-flto --di
sable-rpath --enable-event-api --enable-ipsecmod --enable-tfo-client --enable-tfo-server --with-libevent=/usr --with-libhiredis=/usr --with-pidfile=/run/unbound.pid --with-rootkey-file=/etc
/dnssec/root-anchors.txt --with-ssl=/usr --with-libexpat=/usr
Linked libs: libevent 2.1.11-stable (it uses epoll), OpenSSL 1.1.1l 24 Aug 2021
Linked modules: dns64 python cachedb ipsecmod respip validator iterator
TCP Fastopen feature available

in /etc/unbound i have the following structure:

root.hints
unbound.conf
unbound.conf.d
unbound.conf.ORIGINAL
unbound.conf.WRK
unbound_control.key
unbound_control.pem
unbound_server.key
unbound_server.pem
var

my unbound.conf:

Eoin_Norris · November 7, 2021, 4:33pm

Hi there,

Any suggestions on building a FAT binary for unbound. Running this produces a ARM only

./configure --with-ssl=/opt/homebrew/opt/openssl@3/ --with-libexpat=/opt/homebrew/opt/expat —prefix=~/Projects/unbound_clean/output & make & make install

Anyway that works and builds but it doesn’t seem to build FAT. I am not on the latest builds, and I wonder if that has been fixed.

Thanks in advance

Eoin

Jaap · November 7, 2021, 7:15pm

Eoin Norris via Unbound-users writes:

> Hi there,
>
> Any suggestions on building a FAT binary for unbound. Running this
> produces a ARM only
>
> ./configure --with-ssl=/opt/homebrew/opt/openssl@3/
> --with-libexpat=/opt/homebrew/opt/expat prefix~/Projects/unbound_clean/output & make & make install
>
> Anyway that works and builds but it doesn't seem to build FAT. I
> am not on the latest builds, and I wonder if that has been fixed.

With FAT binary, I assume you mean an universal binary. according to
https://developer.apple.com/documentation/apple-silicon/building-a-universal-macos-binary
you need to build both binaries and then comnime them using a tool, lipo,
to combine the two binaries into an universal one.

jaap

George_Yorgos_Thessa · December 27, 2021, 2:04pm

Hi Marko,

The local-zone configuration that you present does work.
Since you also include other configuration files, maybe something there prevents the use of the blacklist.conf file's contents to be used for specific clients? I see that you also may have access control and view options (from the filenames) that may affect this.

Best regards,
-- George