On Nov 17, 2015, at 12:45 PM, Steve Yates <[email protected]> wrote: > Paul Mather wrote on Thu, Nov 12 2015 at 1:38 pm: > >> Unfortunately, with this configuration, unbound does not listen on the >> IP aliases: it only listens on the primary IP addresses of LAN, >> INTERNAL, and localhost. > > I don't have quite the same configuration, but with a CARP shared LAN > IP, it listens on that alias. Did you check your firewall log/rules?
I don't believe it is an issue of firewall/log rules. Unbound is simply not listening on those interfaces, as shown by a "sockstat -4l": USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS [[...]] unbound unbound 1123 10 udp4 10.5.5.1:53 *:* unbound unbound 1123 11 tcp4 10.5.5.1:53 *:* unbound unbound 1123 12 udp4 10.0.0.7:53 *:* unbound unbound 1123 13 tcp4 10.0.0.7:53 *:* unbound unbound 1123 14 udp4 127.0.0.1:53 *:* unbound unbound 1123 16 tcp4 127.0.0.1:53 *:* unbound unbound 1123 19 tcp4 127.0.0.1:953 *:* [[...]] Those IP addresses correspond to the primary addresses of LAN, INTERNAL, and localhost. Missing are entries listening on the IP aliases, 10.0.0.1 and 10.0.0.14. Also, even though I also have 10.0.0.14 and 10.0.0.1 checked in the DNS Resolver settings, they are not included in the active /var/unbound/unbound.conf file: [[...]] # Interface IP(s) to bind to interface: 10.5.5.1 interface: 10.0.0.7 interface: 127.0.0.1 interface: ::1 [[...]] Only the primary addresses of the network NICs are included. If I add "interface:" lines myself to this file and stop and start unbound from the command line then unbound listens correctly on the IP aliases, too. For some reason, they are not making it into the unbound.conf file from the GUI settings page for DNS Resolver. Cheers, Paul. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
