Re : Re: Re : Re: Re : Re: Re : Re: unbound.conf issue

Thu Aug 1 13:24:25 UTC 2024

Thank you very much for your help it works like a charm now :) Time for me to educate myself about that kind of topic. Have a very nice day Yorgos ! Alexandre Le 1 août 2024 à 14:26, Yorgos Thessalonikefs <yorgos at nlnetlabs.nl> a écrit : The first file enables remote control while the second configures the trust anchor. You can put your custom configuration file in this directory as well. Without any include directives though. So from your first email the contents of that file should only be: ``` server: # send minimal amount of information to upstream servers to enhance privacy qname-minimisation: yes # the interface that is used to connect to the network (this will listen to all interfaces) interface: 0.0.0.0 # interface: ::0 # addresses from the IP range that are allowed to connect to the resolver access-control: 192.168.1.0/26 allow # access-control: 2001:DB8/64 allow ``` And the /etc/unbound/unbound.conf file should be left at the default: ``` include-toplevel: "/etc/unbound/unbound.conf.d/*.conf" ``` Best regards, -- Yorgos On 01/08/2024 14:13, Alexandre Froissard wrote: I just check and in the /etc/unbound/unbound.conf.d/ directory, I found 2 files : afroissard@ raspberrypi:/etc/unbound/unbound.conf.d < http://raspberrypi:/etc/unbound/unbound.conf.d >$ ls -al total 16 drwxr-xr-x 2 root root 4096 Jul 31 18:30 . drwxr-xr-x 3 root root 4096 Aug 1 11:25 .. -rw-r--r-- 1 root root 195 Feb 26 13:47 remote-control.conf -rw-r--r-- 1 root root 190 Feb 26 13:47 root-auto-trust-anchor-file.conf afroissard@ raspberrypi:/etc/unbound/unbound.conf.d < http://raspberrypi:/etc/unbound/unbound.conf.d >$ When I cat them here's what's inside : afroissard@ raspberrypi:/etc/unbound/unbound.conf.d < http://raspberrypi:/etc/unbound/unbound.conf.d >$ cat root-auto-trust-anchor-file.conf server: # The following line will configure unbound to perform cryptographic # DNSSEC validation using the root trust anchor. auto-trust-anchor-file: "/var/lib/unbound/root.key" afroissard@ raspberrypi:/etc/unbound/unbound.conf.d < http://raspberrypi:/etc/unbound/unbound.conf.d >$ cat remote-control.conf remote-control: control-enable: yes # by default the control interface is is 127.0.0.1 and ::1 and port 8953 # it is possible to use a unix socket too control-interface: /run/unbound.ctl afroissard@ raspberrypi:/etc/unbound/unbound.conf.d < http://raspberrypi:/etc/unbound/unbound.conf.d >$ Le 1 août 2024 à 12:13, Yorgos Thessalonikefs <yorgos at nlnetlabs.nl> a écrit : On 01/08/2024 11:48, Alexandre Froissard wrote: I commented # the auto-trust-anchor-file from my configuration file ans it works just fine now. I'm not a Linux specialist. From what I understand, removing this line will tell Ubuntu to use what was installed by default, correct ? I'm trying to make sure removing this line has no consequences on the security of the system and/or dns service. Removing this line does not explicitly tell anything to Unbound. I believe one of the files under /etc/unbound/unbound.conf.d/ specifies a trust-anchor and that should be the system installed one. You can verify yourself by looking at the files under /etc/unbound/unbound.conf.d/. Best regards, -- Yorgos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20240801/b5bb5bf5/attachment-0001.htm>