BUG: interface-automatic vs DNS-over-TLS (Re: unbound not listening on 853?)
Phil Pennock
unbound-users+phil at spodhuis.org
Tue Feb 1 00:09:02 UTC 2022
On 2022-01-28 at 21:48 -0500, Phil Pennock via Unbound-users wrote:
> Folks, I've probably made a stupid mistake somewhere, but I can't find
> it.
Found it: setting server.interface-automatic to "yes" causes the
DNS-over-TLS ports to not be opened.
My config has:
# Multiple IPv6 addresses, replies come from the wrong one without this
interface-automatic: yes
Recompiling with some additional logging at VERB_OPS let me see what was
happening. Setting that bool to "no" was sufficient to get unbound
listening on port 853.
I _think_ the interface-automatic setting was needed because these boxes
are also home container servers (via K3S) so interfaces dynamically
appear and disappear over time and I debugged some DNS failures to
wrong-origin responses without the setting.
Working from current git head, release-1.14.0-51-g10d98041:
[1643673519] unbound[178009:0] notice: listening_ports_open: auto AF_INET6, do_auto=1
[1643673519] unbound[178009:0] notice: listening_ports_open: auto AF_INET(4), do_auto=1
-- port 853 not opened, confirmed with lsof
setting "interface-automatic: no":
[1643673589] unbound[178948:0] notice: listening_ports_open[0]: is IPv4 [0.0.0.0] ssl_port=853
[1643673589] unbound[178948:0] notice: listening_ports_open[1]: is IPv6 [::0] ssl_port=853
[1643673589] unbound[178948:0] notice: listening_ports_open[2]: is IPv4 [0.0.0.0 at 853] ssl_port=853
[1643673589] unbound[178948:0] notice: listening_ports_open[3]: is IPv6 [::0 at 853] ssl_port=853
-Phil
More information about the Unbound-users
mailing list