CARP and Unbound DNS response

Started by rudiratlos63, February 04, 2026, 05:14:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 04, 2026, 05:14:29 PM
Hello,
I have a CARP-IP (10.8.99.1) on my INT ernal Interface and a physical IP (10.8.99.3).
my client gets per KEAdhcp the DNS serverIP as CARP-IP (10.8.99.1).
a nslookup to google.com from client cli gets the error, that the info is expected from 10.8.99.1#53, but 10.8.99.3#3 responded.
The client drops the dns info, because its not from the CARP-IP.
How to configure, that Unbound uses the CARP-IP and not the physical IP from node1 in the HA config.
February 04, 2026, 09:06:53 PM #1
Create a NAT port forwarding rule on the INT interface:

Source: INT net
Destination: CARP-IP (create a manual alias if necessary)
Protocol: TCP & UDP
Destination port: 53
Redirect target: 127.0.0.1:53

If all your interfaces have a CARP address you can do this for all of them and bind Unbound to 127.0.0.1:53 only.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 03:55:05 PM #2
Hello Patrick,
this is not working. same result. pls. see attached screenshots. I've defined the nat rule you suggested.
Today at 04:14:18 PM #3
Then try to bind Unbound to 127.0.0.1 only, please.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 07:01:03 PM #4 Last Edit: Today at 07:08:27 PM by rudiratlos63
Where should I do this?
I have Adguard running on DNS Port 53. Unbound runs on Port 5354
Print
Go Up Pages1
User actions