Unbound & BIND

[Scooter]

Hi all,

I have unbound running and have just tried to configure bind per https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/
When I check the logs in BIND for 'queries' and 'blocked' they don't show any results.
Should these logs show all the dns queries forwarded by unbound?

[mimugmail]

Do you use overrides in Unbound?

[Scooter]

Thanks for taking the time to respond.

Yes, I need overrides to point host names though vpn to a remote site on a different subnet.

[mimugmail]

Can you remove them for testing? There was an issue with Overrides and a config option for local forward

[Scooter]

I have the same setup at home, there is no overrides in that setup.

I looked at the unbound.conf file and the custom options were followed by the forwarding zone again.
I removed the custom options and changed the forwarding mode in the conf file to 127.0.0.1@53530.

I see a section for dns rebinding prevention which lists private addresses and includes the loopback address, should I take that out of the conf file?

hmm I just reinstalled it on my home install and watched the install for bind, there's notes i didnt see.

Code Select Expand

BIND requires configuration of rndc, including a "secret"
key.  The easiest, and most secure way to configure rndc is
to run 'rndc-confgen -a' to generate the proper conf file,
with a new random key, and appropriate file permissions.

The /usr/local/etc/rc.d/named script will do that for you.

If using syslog to log the BIND9 activity, and using a
chroot'ed installation, you will need to tell syslog to install
a log socket in the BIND9 chroot by running:

  # sysrc altlog_proglist+=named

And then restarting syslogd with: service syslogd restart

maybe its working fine but just not logging