OPNsense Forum
English Forums => General Discussion => Topic started by: Scooter on July 30, 2019, 08:14:09 am
-
Hi all,
I have unbound running and have just tried to configure bind per https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/ (https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/)
When I check the logs in BIND for 'queries' and 'blocked' they don't show any results.
Should these logs show all the dns queries forwarded by unbound?
-
Do you use overrides in Unbound?
-
Thanks for taking the time to respond.
Yes, I need overrides to point host names though vpn to a remote site on a different subnet.
-
Can you remove them for testing? There was an issue with Overrides and a config option for local forward
-
I have the same setup at home, there is no overrides in that setup.
I looked at the unbound.conf file and the custom options were followed by the forwarding zone again.
I removed the custom options and changed the forwarding mode in the conf file to 127.0.0.1@53530.
I see a section for dns rebinding prevention which lists private addresses and includes the loopback address, should I take that out of the conf file?
hmm I just reinstalled it on my home install and watched the install for bind, there's notes i didnt see.
BIND requires configuration of rndc, including a "secret"
key. The easiest, and most secure way to configure rndc is
to run 'rndc-confgen -a' to generate the proper conf file,
with a new random key, and appropriate file permissions.
The /usr/local/etc/rc.d/named script will do that for you.
If using syslog to log the BIND9 activity, and using a
chroot'ed installation, you will need to tell syslog to install
a log socket in the BIND9 chroot by running:
# sysrc altlog_proglist+=named
And then restarting syslogd with: service syslogd restart
maybe its working fine but just not logging