unbound refuses all requests

Johannes B. Kernel weberzbf at gmail.com
Wed Nov 10 15:51:28 UTC 2021


even when i add your access config line:

supabunka /etc/unbound # dig @192.168.110.250 heise.de

; <<>> DiG 9.16.15 <<>> @192.168.110.250 heise.de
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21149
;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; Query time: 0 msec
;; SERVER: 192.168.110.250#53(192.168.110.250)
;; WHEN: Wed Nov 10 16:50:37 CET 2021
;; MSG SIZE  rcvd: 12



Am Mi., 10. Nov. 2021 um 16:48 Uhr schrieb George Thessalonikefs via
Unbound-users <unbound-users at lists.nlnetlabs.nl>:

> Hi Johannes,
>
> Unbound by default only listens on localhost.
> You would need to configure 'access-control:' to allow client netblocks
> to query Unbound.
>
>  From your example I guess that something like
>         access-control: 192.168.0.0/16 allow
> would allow most of your clients to connect.
>
> Best regards,
> -- George
>
> On 10/11/2021 16:39, Johannes B. Kernel via Unbound-users wrote:
> > hello list,
> >
> > unbound refuses all requests on my machine.
> > google dns server works fine, tested already.
> >
> >
> > my unbound.conf looks like:
> >
> > server:
> >
> > statistics-cumulative: yes
> > extended-statistics: yes
> > log-queries: yes
> > log-servfail: yes
> > verbosity: 9
> > val-log-level: 2
> >
> > interface: 192.168.100.250
> > interface: 116.202.87.165
> > interface: 192.168.120.251
> > interface: 192.168.110.250
> >
> > outgoing-interface: 192.168.100.250
> > outgoing-interface: 192.168.110.250
> > outgoing-interface: 192.168.120.251
> > outgoing-interface: 116.202.87.165
> > num-threads: 2
> >
> > include: /etc/unbound/unbound.conf.d/name_solving.conf
> > include: /etc/unbound/unbound.conf.d/privacy_options.conf
> > include: /etc/unbound/unbound.conf.d/cache_options.conf
> > include: /etc/unbound/unbound.conf.d/dnssec_options.conf
> > include: /etc/unbound/unbound.conf.d/blacklist.conf
> > include: /etc/unbound/unbound.conf.d/local_names.conf
> > include: /etc/unbound/unbound.conf.d/opennic_names.conf
> > include: /etc/unbound/unbound.conf.d/forwarders.conf
> >
> > remote-control:
> >        control-enable: yes
> >
> >
> > can anyone help with am idea?
> >
> > best regards
> > marko
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20211110/209c2f74/attachment-0001.htm>


More information about the Unbound-users mailing list