Hello,
I have a CARP-IP (10.8.99.1) on my INT ernal Interface and a physical IP (10.8.99.3).
my client gets per KEAdhcp the DNS serverIP as CARP-IP (10.8.99.1).
a nslookup to google.com from client cli gets the error, that the info is expected from 10.8.99.1#53, but 10.8.99.3#3 responded.
The client drops the dns info, because its not from the CARP-IP.
How to configure, that Unbound uses the CARP-IP and not the physical IP from node1 in the HA config.
Create a NAT port forwarding rule on the INT interface:
Source: INT net
Destination: CARP-IP (create a manual alias if necessary)
Protocol: TCP & UDP
Destination port: 53
Redirect target: 127.0.0.1:53
If all your interfaces have a CARP address you can do this for all of them and bind Unbound to 127.0.0.1:53 only.
Hello Patrick,
this is not working. same result. pls. see attached screenshots. I've defined the nat rule you suggested.
Then try to bind Unbound to 127.0.0.1 only, please.
Where should I do this?
I have Adguard running on DNS Port 53. Unbound runs on Port 5354
So it is not Unbound which is answering with a wrong source address but AdGuard Home? That is a known bug in AdGuard Home and can be worked around just the same way.
Edit /usr/local/AdGuardHome/AdGuardHome.yaml:
dns:
bind_hosts:
- 127.0.0.1
port: 53
And use the same port forward NAT rule as I already advised.
I#ve got the following error:
There were error(s) loading the rules: /tmp/rules.debug:187: no translation address with matching address family found. - The line in question reads [187]: rdr on vtnet1 inet6 proto {tcp udp} from {(vtnet1:network)} to $CARP_DMZ_IP port {53} -> 127.0.0.1 port 53 # CARP DNS forwarding
You cannot redirect IPv6 to IPv4. You need to redirect your IPv4 CARP address to 127.0.0.1.
You can run DNS over IPv4 only even in a dual stack network - simplifies many things.
thank you for your patience. Now it works.