Two unbound instances and filtering AAAA record

Vladimir Lomov lomov.vl at bkoty.ru
Sat Dec 16 05:16:52 UTC 2023 

Hello,
** Vladimir Lomov via Unbound-users <unbound-users at lists.nlnetlabs.nl> [2023-12-15 17:12:15 +0800]:

> Hello,
> ** Daisuke HIGASHI <daisuke.higashi at gmail.com> [2023-12-15 17:29:27 +0900]:
>
>> try to add:
>>
>> server:
>>  do-not-query-localhost: no
>>
>> into "main" instance configuration.
>
> Already has this one.

I managed to get this to work. I had to explicitly set the `interface`, add
the `access-control` to the "ipv4" instance, and change the `forward-addr` in
the "main" instance.

It seems that the unbound running by systemd couldn't send requests to ::1
address. What makes me think that:
- when the "ipv4" instance has no explicit 'interface' setting then it uses
   ::1 and 127.0.0.1, which I checked by running `dig`;
- meanwhile the "main" instance with
   ```
     forward-addr: ::1 at 10053
   ```
   would return nothing.
- After changing the "ipv4" instance to use a specific address both the `dig`
   and the "main" instance return results.

But I could be way off here.

For the record, this is the "ipv4" instance configuration:
```
server:
         interface: fdb9:1981:930:5::1:907
         port: 10053
         include: "/etc/unbound/ipv4/public-address.conf"
         access-control: fdb9:1981:0930::/48  allow
         chroot: "/etc/unbound/ipv4"
         directory: "/etc/unbound/ipv4"
         private-address: ::/0
         trust-anchor-file: "/etc/unbound/ipv4/trusted-key.key"
python:
dynlib:
remote-control:
```

This is part of the "main" instance configuration:
```
forward-zone:
   name: "isu.bkoty.ru"
   forward-addr: fdb9:1981:930:5::1:907 at 10053
```

I run the unbound on Linux by systemd with "instantiated" service file (a bit
changed the upstream .service).

---
WBR, Vladimir Lomov

-- 
The only winner in the War of 1812 was Tchaikovsky.
		-- David Gerrold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20231216/0fa6597b/attachment.bin>

More information about the Unbound-users mailing list