<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/07/2013 12:29, Anand Buddhdev
wrote:<br>
</div>
<blockquote cite="mid:51DD3799.9010602@ripe.net" type="cite">
<pre wrap="">On 10/07/2013 12:10, zongo saiba wrote:
Hi Zongo,
</pre>
<blockquote type="cite">
<pre wrap="">Sorry i forgot to mention that NSD is listening on port 5353
Unbound is listening 53.
One of my main goal is to have unbound talk directly to NSD for
authoritative server on 127.0.0.1 only.
For that I understood that unbound and NSD would have to use the same
port - Is this correct ?
Nevertheless, i tried the same port "53" but got same error message as
mentioned above>
</pre>
</blockquote>
<pre wrap="">Okay, so you're on a Mac, where port 5353 is already in use by
mDNSResponder. Just configure your NSD to use some other high-numbered port.
Regards,
Anand</pre>
</blockquote>
<br>
@inigo<br>
<br>
Creating a virtual network on OS X is not an easy task. I do no that
you have to go through the GUI to do so. The NIC gets created but
does not work with DNS. Was going down the road of 'tun/tap' as well
as the setup of this server is going to go into a virtual
environment. First needs to finish the testing :) <br>
<br>
Thanks Anand. That was easily solved:) The error has gone and I now
have NSD and Unbound working great. <br>
One question though about reverse lookup which is not working with
current setup. Any idea what i could change to have the reverse
lookup work ?<br>
The setup is based on '<a class="moz-txt-link-freetext"
href="https://calomel.org/unbound_dns.html">https://calomel.org/unbound_dns.html</a>'
and '<a class="moz-txt-link-freetext"
href="https://wiki.archlinux.org/index.php/Unbound">https://wiki.archlinux.org/index.php/Unbound</a><br>
<br>
Also i am getting this error <br>
<b>10/07/2013 14:03:12.523 unbound[705]: [705:0] error: could not
open autotrust file for writing,
/usr/local/etc/unbound/root.key.705-0: Permission denied</b><br>
Is it safe to disregard? Was reading that it appears to not affect
unbound process. I can tell that unbound is still working properly
:) <br>
<br>
Below is my setup. <br>
<blockquote cite="mid:51DD3799.9010602@ripe.net" type="cite"> </blockquote>
<b>NSD Setup: </b><br>
<br>
server:<br>
ip-address: 127.0.0.1<br>
port: 56<br>
server-count: 1<br>
hide-version: yes<br>
identity: ""<br>
username: nsd<br>
database: /usr/local/etc/nsd/nsd.db<br>
pidfile: /usr/local/etc/nsd.pid<br>
zonesdir: /usr/local/etc/nsd<br>
<br>
key:<br>
name: "sec_key"<br>
algorithm: hmac-md5<br>
secret:
"654c6da8f3b0fd8fe819669daf07996738d21a53c02c731b0aee6373"<br>
<br>
zone:<br>
name: zalloc.lan<br>
zonefile: zalloc.lan.forward<br>
zone:<br>
name: 1.168.192.in-addr.arpa<br>
zonefile: zalloc.lan.reverse<br>
<br>
<b>Forward-Zone </b><br>
<br>
server:<br>
$ORIGIN zalloc.lan. ; default zone domain<br>
$TTL 86400 ; default time to live<br>
<br>
@ IN SOA kagami.zalloc.lan. admin.zalloc.lan. (<br>
2013010704 ; serial number<br>
28800 ; refresh<br>
7200 ; retry<br>
864000 ; expire<br>
86400 ; min ttl<br>
)<br>
<br>
NS kagami.zalloc.lan.<br>
MX 10 mail.zalloc.lan.<br>
<br>
router IN A 192.168.1.1<br>
kagami IN A 192.168.1.38<br>
<br>
<b>Reverse-Zone </b><br>
<br>
$ORIGIN zalloc.lan. ; default zone domain<br>
$TTL 86400 ; default time to live<br>
<br>
1.168.192.in-addr.arpa. IN SOA kagami.zalloc.lan.
admin.zalloc.lan. (<br>
2013010704 ; serial number<br>
28800 ; refresh<br>
7200 ; retry<br>
864000 ; expire<br>
86400 ; min ttl<br>
<br>
38.1.168.192.in-addr.arpa. IN PTR kagami.zalloc.lan.<br>
1.1.168.192.in-addr.arpa. IN PTR router.zalloc.lan.<br>
<br>
<br>
Unbound Set Up:<br>
<br>
server:<br>
verbosity: 3<br>
val-log-level: 2<br>
interface: 127.0.0.1<br>
access-control: 127.0.0.1/8 allow<br>
access-control: 192.168.1.0/24 allow<br>
interface-automatic: no<br>
module-config: "validator iterator"<br>
chroot: ""<br>
port: 53<br>
do-ip4: yes<br>
do-ip6: yes<br>
do-udp: yes<br>
do-tcp: yes<br>
hide-identity: yes<br>
hide-version: yes<br>
harden-glue: yes<br>
harden-dnssec-stripped: yes<br>
use-caps-for-id: yes<br>
cache-min-ttl: 3600<br>
cache-max-ttl: 86400<br>
prefetch: yes<br>
prefetch-key: yes<br>
num-threads: 4<br>
root-hints: "/usr/local/etc/unbound/root.hints"<br>
<br>
#### OPTIMIZATION ####<br>
<br>
msg-cache-slabs: 8<br>
rrset-cache-slabs: 8<br>
infra-cache-slabs: 8<br>
key-cache-slabs: 8<br>
rrset-cache-size: 256m<br>
msg-cache-size: 128m<br>
so-rcvbuf: 4m<br>
private-address: 192.168.1.0/24<br>
private-domain: "zalloc.lan"<br>
domain-insecure: "zalloc.lan"<br>
unwanted-reply-threshold: 10000<br>
do-not-query-localhost: no<br>
val-clean-additional: yes<br>
auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"<br>
<br>
local-zone: "doubleclick.net" redirect<br>
local-data: "doubleclick.net A 127.0.0.1"<br>
local-zone: "googlesyndication.com" redirect<br>
local-data: "googlesyndication.com A 127.0.0.1"<br>
local-zone: "googleadservices.com" redirect<br>
local-data: "googleadservices.com A 127.0.0.1"<br>
local-zone: "google-analytics.com" redirect<br>
local-data: "google-analytics.com A 127.0.0.1"<br>
local-zone: "ads.youtube.com" redirect<br>
local-data: "ads.youtube.com A 127.0.0.1"<br>
local-zone: "adserver.yahoo.com" redirect<br>
local-data: "adserver.yahoo.com A 127.0.0.1"<br>
<br>
# 127.0.0.1<br>
local-zone: "localhost." static<br>
local-data: "localhost. 10800 IN NS localhost."<br>
local-data: "localhost. 10800 IN SOA localhost.
nobody.invalid. 1 3600 1200 604800 10800"<br>
local-data: "localhost. 10800 IN A 127.0.0.1"<br>
local-zone: "127.in-addr.arpa." static<br>
local-data: "127.in-addr.arpa. 10800 IN NS localhost."<br>
local-data: "127.in-addr.arpa. 10800 IN SOA localhost.
nobody.invalid. 2 3600 1200 604800 10800"<br>
local-data: "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost"<br>
<br>
# Local Zones<br>
local-zone: "192.in-addr.arpa." typetransparent<br>
forward-zone:<br>
name: "zalloc.lan"<br>
<font color="#ff6666"> <b>forward-addr: 127.0.0.1@56 -->
I have asked Unbound to forward to port 56 where NSD is
listening</b></font><br>
forward-zone:<br>
name: "192.in-addr.arpa."<br>
<font color="#ff6666"><b>forward-addr: 127.0.0.1@56 -->
Same here</b></font><br>
<br>
remote-control:<br>
control-enable: yes<br>
control-interface: 127.0.0.1<br>
control-port: 8953<br>
server-key-file:
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_server.key"<br>
server-cert-file:
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_server.pem"<br>
control-key-file:
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_control.key"<br>
control-cert-file:
"/usr/local/cellar/unbound/1.4.20/etc/unbound/unbound_control.pem"<br>
<br>
<br>
</body>
</html>