Hi,
I couldn't find anything in the forum about this. I have set up unbound to only respond to certain network interfaces. I noticed that after setting up IPsec it is not listed with the other network interfaces which is the face under firewall rules. I suspect I just missed something simple.
As a workaround I tried to uncheck all interfaces (default for listening to all interfaces), but it didn't seem to work either.
In both cases I get (Wireshark):
DNS Flags: 0x8105 Standard query response, Refused
The only thing that seems to work is if I manually add the virtual IP addresses to the access list of unbound, however this is not the best solution if the virtual IPs change then one must remember to change them manually.
Tamer
Hi there,
Long time no talk, hope you are ok :)
Cross-service functionality is pretty hard to maintain, especially with dynamic ranges and guessing what the user intended... best bet is to add manual ACL entries like you did.
Cheers,
Franco