Hello,
I tried to adapt the scheme described here
https://lists.nlnetlabs.nl/pipermail/unbound-users/2018-January/005057.html
but it seems I did something wrong, as I couldn't get it to work.
I configured the "filter" instance with the following settings:
server:
port: 10053
include: "/etc/unbound/ipv4/public-address.conf"
chroot: "/etc/unbound/ipv4"
directory: "/etc/unbound/ipv4"
private-address: ::/0
trust-anchor-file: "/etc/unbound/ipv4/trusted-key.key"
python:
dynlib:
remote-control:
and added the following lines to the "main" instance:
forward-zone:
name: "isu.bkoty.ru"
forward-addr: ::1@10053
forward-addr: 127.0.0.1@10053
When I run
$ dig -p 10053 isu.bkoty.ru @::1
I get the expected result, but I get nothing (empty result) when run
$ dig isu.bkoty.ru
When I remove the "forward-zone" settings from the "main" instance, the above
command returns the result.
Am I missing something crucial here?
Hello,
** Daisuke HIGASHI <daisuke.higashi@gmail.com> [2023-12-15 17:29:27 +0900]:
try to add:
server:
do-not-query-localhost: no
into "main" instance configuration.
Already has this one.
Hello,
** Vladimir Lomov via Unbound-users <unbound-users@lists.nlnetlabs.nl> [2023-12-15 17:12:15 +0800]:
Hello,
** Daisuke HIGASHI <daisuke.higashi@gmail.com> [2023-12-15 17:29:27 +0900]:
try to add:
server:
do-not-query-localhost: no
into "main" instance configuration.
Already has this one.
I managed to get this to work. I had to explicitly set the `interface`, add
the `access-control` to the "ipv4" instance, and change the `forward-addr` in
the "main" instance.
It seems that the unbound running by systemd couldn't send requests to ::1
address. What makes me think that:
- when the "ipv4" instance has no explicit 'interface' setting then it uses
::1 and 127.0.0.1, which I checked by running `dig`;
- meanwhile the "main" instance with
forward-addr: ::1@10053
would return nothing.
- After changing the "ipv4" instance to use a specific address both the `dig`
and the "main" instance return results.
But I could be way off here.
For the record, this is the "ipv4" instance configuration:
server:
interface: fdb9:1981:930:5::1:907
port: 10053
include: "/etc/unbound/ipv4/public-address.conf"
access-control: fdb9:1981:0930::/48 allow
chroot: "/etc/unbound/ipv4"
directory: "/etc/unbound/ipv4"
private-address: ::/0
trust-anchor-file: "/etc/unbound/ipv4/trusted-key.key"
python:
dynlib:
remote-control:
This is part of the "main" instance configuration:
forward-zone:
name: "isu.bkoty.ru"
forward-addr: fdb9:1981:930:5::1:907@10053
I run the unbound on Linux by systemd with "instantiated" service file (a bit
changed the upstream .service).