<div dir="ltr">Hello guys, I need some help about understanding how to do what I need with unbound.<div><br></div><div>My setup is basically is 2 IPVS (heartbeat + ldirectord) with gate(not masquerade) to 4 servers each. </div>
<div><br></div><div>So I need to setup the IPVS on the servers in their loopbacks so I can use the IP to reply.</div><div><br></div><div>No arp allowed, forward allowed as needed.</div><div><br></div><div>This setup works w/ Named/Bind. The queries are replied by the IP requested (on the loopback as he's the IPVS)</div>
<div><br></div><div>But w/ unbound the request address is the IPVS but the reply comes from the real IP on the interface, resulting in:</div><div><br></div><div><div>dig <a href="http://google.com">google.com</a> @IPVS</div>
<div>;; reply from unexpected source: REALSERVER#53, expected IPVS#</div></div><div><br></div><div>Searching the archives, from oldest to newest I found this: </div><div><br></div><div><a href="http://www.unbound.net/pipermail/unbound-users/2008-January/000003.html">http://www.unbound.net/pipermail/unbound-users/2008-January/000003.html</a><br>
</div><div><br></div><div>And this:</div><div><br></div><div><a href="http://www.unbound.net/pipermail/unbound-users/2012-June/002404.html">http://www.unbound.net/pipermail/unbound-users/2012-June/002404.html</a><br></div>
<div><br></div><div>I can't bind to 0.0.0.0 cause bind is running on the other interfaces. This is why I have to use the IPs on the config w/ multiple interface statements. </div><div><br></div><div>They are both near what I have atm but not the same.</div>
<div><br></div><div><div>I get this behavior on 1.4.21-r2 (from Gentoo portage)</div></div><div><br></div><div>If I made any mistake in the config let me know:</div><div><br></div><div><div>erver:</div><div><span class="" style="white-space:pre">      </span>verbosity: 1</div>
<div><span class="" style="white-space:pre">    </span>interface: REALIP</div><div><span class="" style="white-space:pre">  </span>interface: IPVS1</div><div><span class="" style="white-space:pre">   </span>interface: IPVS2</div>
<div><span class="" style="white-space:pre">    </span>port: 53</div><div><span class="" style="white-space:pre">   </span>cache-min-ttl: 300</div><div><span class="" style="white-space:pre"> </span>cache-max-ttl: 86400</div><div>
<span class="" style="white-space:pre">       </span>infra-host-ttl: 900</div><div><span class="" style="white-space:pre">        </span>infra-cache-slabs: 8</div><div><span class="" style="white-space:pre">       </span>infra-cache-numhosts: 100000</div>
<div><span class="" style="white-space:pre">    </span>do-ip4: yes</div><div><span class="" style="white-space:pre">        </span>do-ip6: no</div><div><span class="" style="white-space:pre"> </span>do-udp: yes</div><div><span class="" style="white-space:pre">        </span>do-tcp: yes</div>
<div><span class="" style="white-space:pre">    </span>access-control: MYNETWORK.0/24 allow</div><div><span class="" style="white-space:pre">       </span>username: "unbound"</div><div><span class="" style="white-space:pre">      </span>directory: "/etc/unbound"</div>
<div><span class="" style="white-space:pre">    </span>logfile: "logs/unbound.log"</div><div><span class="" style="white-space:pre">      </span>use-syslog: no</div><div><span class="" style="white-space:pre">     </span>log-queries: yes</div>
<div><span class="" style="white-space:pre">    </span>pidfile: "/var/run/unbound.pid"</div><div><span class="" style="white-space:pre">  </span>hide-identity: yes</div><div><span class="" style="white-space:pre"> </span>hide-version: yes</div>
<div><span class="" style="white-space:pre">    </span>identity: ""</div><div><span class="" style="white-space:pre">     </span>version: ""</div><div><span class="" style="white-space:pre">      </span>harden-short-bufsize: no</div>
<div><span class="" style="white-space:pre">    </span>harden-large-queries: no</div><div><span class="" style="white-space:pre">   </span>harden-glue: yes</div><div><span class="" style="white-space:pre">   </span>harden-dnssec-stripped: yes</div>
<div><span class="" style="white-space:pre">    </span>harden-below-nxdomain: no</div><div><span class="" style="white-space:pre">  </span>harden-referral-path: no</div><div><span class="" style="white-space:pre">   </span>use-caps-for-id: yes</div>
<div><span class="" style="white-space:pre">    </span>prefetch: yes</div><div><span class="" style="white-space:pre">      </span>prefetch-key: yes</div><div><span class="" style="white-space:pre">  </span>rrset-roundrobin: yes</div>
<div><span class="" style="white-space:pre">    </span>minimal-responses: yes</div><div><span class="" style="white-space:pre">     </span>key-cache-size: 512m</div><div><span class="" style="white-space:pre">       </span>key-cache-slabs: 8</div>
<div><span class="" style="white-space:pre">    </span>neg-cache-size: 8m</div><div><span class="" style="white-space:pre"> </span>include: "/etc/unbound/local-zone.conf"</div><div>python:</div><div>remote-control:</div>
</div><div><br></div><div>-- <br>[ ]'s<br><br>Filipe Cifali Stangler<br>
</div></div>