[Unbound-users] New member, maybe old question?
Filipe Cifali
cifali.filipe at gmail.com
Tue Jun 3 15:34:45 UTC 2014
Hello guys, I need some help about understanding how to do what I need with
unbound.
My setup is basically is 2 IPVS (heartbeat + ldirectord) with gate(not
masquerade) to 4 servers each.
So I need to setup the IPVS on the servers in their loopbacks so I can use
the IP to reply.
No arp allowed, forward allowed as needed.
This setup works w/ Named/Bind. The queries are replied by the IP requested
(on the loopback as he's the IPVS)
But w/ unbound the request address is the IPVS but the reply comes from the
real IP on the interface, resulting in:
dig google.com @IPVS
;; reply from unexpected source: REALSERVER#53, expected IPVS#
Searching the archives, from oldest to newest I found this:
http://www.unbound.net/pipermail/unbound-users/2008-January/000003.html
And this:
http://www.unbound.net/pipermail/unbound-users/2012-June/002404.html
I can't bind to 0.0.0.0 cause bind is running on the other interfaces. This
is why I have to use the IPs on the config w/ multiple interface
statements.
They are both near what I have atm but not the same.
I get this behavior on 1.4.21-r2 (from Gentoo portage)
If I made any mistake in the config let me know:
erver:
verbosity: 1
interface: REALIP
interface: IPVS1
interface: IPVS2
port: 53
cache-min-ttl: 300
cache-max-ttl: 86400
infra-host-ttl: 900
infra-cache-slabs: 8
infra-cache-numhosts: 100000
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
access-control: MYNETWORK.0/24 allow
username: "unbound"
directory: "/etc/unbound"
logfile: "logs/unbound.log"
use-syslog: no
log-queries: yes
pidfile: "/var/run/unbound.pid"
hide-identity: yes
hide-version: yes
identity: ""
version: ""
harden-short-bufsize: no
harden-large-queries: no
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: no
harden-referral-path: no
use-caps-for-id: yes
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
key-cache-size: 512m
key-cache-slabs: 8
neg-cache-size: 8m
include: "/etc/unbound/local-zone.conf"
python:
remote-control:
--
[ ]'s
Filipe Cifali Stangler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20140603/94077831/attachment.htm>
More information about the Unbound-users
mailing list