VRF support in unbound?

Leen Besselink leen at consolejunkie.net
Fri Jan 4 15:00:15 UTC 2019 

Hi,

Not sure what your goal is, but would it not be easier to work with network namespaces instead of VRF ?

Just like containers do ?

With kind regards,
 Leen.
 Just an other Unbound user.

On Fri, Jan 04, 2019 at 02:00:31PM +0100, Ralf Jung via Unbound-users wrote:
> Hi again,
> 
> I should probably give some more details about my configuration... currently, I
> am playing with
> 
> >     interface: 0.0.0.0
> >     interface: ::
> >     access-control: 10.24.192.0/18 allow
> >     access-control: fd4e:f2d7:88d2:ffff::/64 allow
> >     ip-freebind: yes
> >     interface-automatic: yes
> >     outgoing-interface: 82.165.162.239
> 
> When a request now comes in from the 10.24.192.0/18 subnet (which is in the
> VRF), I can see via tcpdump that unbound sends requests to an authoritative DNS
> server to resolve this request.  However, the response to the original client
> never goes out.
> Via TCP, the request actually works and a response is sent out correctly!
> 
> However, all of this is for IPv4 only, and only when I have set
> net.ipv4.{tcp,udp}_l3mdev_accept=1.  For IPv6 and without that setting (which
> doesn't seem to exist for IPv6), unbound does not even seem to receive the
> request, there is no reaction in the form of messages to the authoritative DNS.
> 
> Kind regards,
> Ralf
> 
> On 04.01.19 13:24, Ralf Jung via Unbound-users wrote:
> > Hi all,
> > 
> > I am playing around with the [VRF] support on the Linux kernel, and got basic
> > routing and address assignment to work for IPv4 and IPv6.  The next step,
> > obviously, is to get DNS, and here I am running into the following error in unbound:
> > 
> >> unbound[3115]: [3115:0] error: can't bind socket: Cannot assign requested address for 2a03:2260:3009::2
> > 
> > This is the expected error when an application does not use setsockopt for
> > SO_BINDTODEVICE to configure the device on which the address is to be bound.
> > 
> > Is there any way to tell unbound to bind to a particular device (and not just a
> > particular address)?  The only options I found for configuring unbound allow
> > giving IP addresses to bind to, but there seems to be no way to also configure
> > the network device to use.
> > 
> > [VRF]: https://www.kernel.org/doc/Documentation/networking/vrf.txt
> > 
> > Kind regards,
> > Ralf
> >

More information about the Unbound-users mailing list