Hi Stuart, Appreciate the feedback.
On Wed, Aug 6, 2014 at 8:57 AM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2014-08-06, Todd Zimmermann <toddo.zimmerm...@gmail.com> wrote: >> What eliminated the weirdness was binding to the wildcard addy: >> >> unbound.conf >> interface: 0.0.0.0 > > Careful with this, it is usually a bad idea because it means that you > generate reply packets with the source address associated with the outgoing > interface used to reach the destination, rather than the address which the > query was sent to. > Ah I didn't like doing this and was not aware of the effect it has on reply packets. Good to know. > (in some OS this situation can be avoided by using interface-automatic; > chrisz was looking at implementing the kernel code that would be needed > in order to be able to use this). > I used the example dns section in the relayd.conf man page with matching divert-to rules in pf. relayd on the internal and unbound is now only on the loopback. Always learning something new here :)
