Interface Automatic IPv6 / Load balancing

I have been testing unbound as a replacement for BIND for recursive DNS in a high
volume ISP deployment.

We are deploying about four unbound VM servers behind a F5 BigIP LTM, performance L4
(npath/DSR)

OS: FreeBSD 10.0/amd64
unbound 1.4.22

This requires us to configure the IP as a loopback address on each server so we can
have the LTM send the DNS requests to each server. In order for this to work we must
set "interface-automatic: yes" in the unbound configuration so that unbound will
send the response back from the loopback address and not the IP address of the NIC
the request came in on.

For IPv4 this seems to work flawlessly. For IPv6, not so much. When using an IPv6
VIP on the loopback we still see replies with the source address of the outbound NIC
and not the loopback IP.

I'm wondering if this is a bug or lack of feature. I know that when using BIND9 this
works.

Any input would be great.

TIA

-Robert

Robert Blayzor:

This requires us to configure the IP as a loopback address on each server so we can
have the LTM send the DNS requests to each server. In order for this to work we must
set "interface-automatic: yes" in the unbound configuration so that unbound will
send the response back from the loopback address and not the IP address of the NIC
the request came in on.

you could also try to male unbound listen only to the "farm ip"
for queries generated by unbound while talking to external nameservers
you could set outgoing-ip.

that works fine for me.
(at least vor v4, v6 I'm currently unsure)

Andreas

It worked fine for v4, but I did not have a VIP for v4, only v6.

I did manage to figure this out, it's not unbound. The F5 was NATing the VIP destination to the real server IP. I turned off destination NAT and now V6 is working just fine. Sorry for the false alarm.

-Robert