Hi all,
I have unbound running and have just tried to configure bind per https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/ (https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/)
When I check the logs in BIND for 'queries' and 'blocked' they don't show any results.
Should these logs show all the dns queries forwarded by unbound?
Do you use overrides in Unbound?
Thanks for taking the time to respond.
Yes, I need overrides to point host names though vpn to a remote site on a different subnet.
Can you remove them for testing? There was an issue with Overrides and a config option for local forward
I have the same setup at home, there is no overrides in that setup.
I looked at the unbound.conf file and the custom options were followed by the forwarding zone again.
I removed the custom options and changed the forwarding mode in the conf file to 127.0.0.1@53530.
I see a section for dns rebinding prevention which lists private addresses and includes the loopback address, should I take that out of the conf file?
hmm I just reinstalled it on my home install and watched the install for bind, there's notes i didnt see.
BIND requires configuration of rndc, including a "secret"
key. The easiest, and most secure way to configure rndc is
to run 'rndc-confgen -a' to generate the proper conf file,
with a new random key, and appropriate file permissions.
The /usr/local/etc/rc.d/named script will do that for you.
If using syslog to log the BIND9 activity, and using a
chroot'ed installation, you will need to tell syslog to install
a log socket in the BIND9 chroot by running:
# sysrc altlog_proglist+=named
And then restarting syslogd with: service syslogd restart
maybe its working fine but just not logging