Unbound not listenning on Wireguard interface at boot

Started by binoix, May 30, 2022, 12:07:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 30, 2022, 12:07:48 PM
Hello,

I have set Unbound to listen on All interfaces.
I have defined the Wireguard interface as static.

Yet at each reboot, Unbound is not listenning on the wireguard interface, and I have to restart Unbound for this to work on wireguard interface.
Would is be possible that Unbound is started *before* wireguard interface is up and hence does not take it into account?

Any ideas?

Thanks !
June 02, 2022, 11:09:45 AM #1
The ACL entry is missing after boot. It cannot be generated automatically before wireguard is up, which is after unbound is up. Unfortunately unbound is not capable of runtime reconfiguration for ACL so that unbound needs to be restarted which we don't do by default to prevent resolution disruption (and possible cache flush) on any wireguard up and down.


Cheers,
Franco
June 02, 2022, 01:28:50 PM #2
Thank you Franco for the explanation !
June 02, 2022, 01:30:20 PM #3
(a manual ACL entry for the wireguard subnet should work)
June 02, 2022, 02:44:22 PM #4
Another approach that I am taking with BIND, because it is even more finicky about interfaces and IP addresses coming and going than Unbound, is to bind the server to 127.0.0.1 only and use port forwarding NAT rules on each interface that shall be accessible for clients. Also helps greatly with HA setups and virtual IP addresses.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions