Peter, you are correct, I do think I can share some data.
Namecheap's documentation is pretty good on what is needed, but the link below
has a bit better definition when it comes to setting up the
hosts.
https://www.labsrc.com/multiple-domains-with-ddclient-namecheap/
Namecheap's documentation
On Thu, Jan 09, 2025 at 07:32:52PM -0500, Jay Hart wrote:
> Resolved
That is very nice to hear indeed.
> Disregard!!
This is where I lean towards disagreeing - if you have figured out something
that could be of use to other list members, it is much appreciated if you take
the time to post at
Resolved
Disregard!!
Thanks,
Jay
> Is anyone using this exact combination of resources.
>
> If so would you please contact me off list.
>
> I am having some issues getting DDClient configured correctly.
>
> Thanks for your time!
>
> Jay Hart
>
>
Is anyone using this exact combination of resources.
If so would you please contact me off list.
I am having some issues getting DDClient configured correctly.
Thanks for your time!
Jay Hart
-policy-zones-in-unbound/
>
> Thanks, Stuart. I can see the advantage of this approach and it looks like
> someone has already done the work,
>
> https://www.geoghegan.ca/unbound-adblock.html
There are also other sources of RPZs for various purposes, e.g.
https://ioc2rpz.net. They
> I guess you're using local zones for this - I would look into using RPZ
> instead. I haven't tried it myself but hopefully this will get you started:
>
> https://blog.nlnetlabs.nl/response-policy-zones-in-unbound/
Thanks, Stuart. I can see the advantage of this approach and it looks like
some
On 2024-11-16, ckeader wrote:
>
> Since the upgrade to 7.6, I have been unable to use unbound in the
> previous configuration.
>
> root@router ~ # rcctl -df start unbound
> doing _rc_parse_conf
> unbound_flags >-c /var/unbound/etc/unbound.conf<
> doing rc_check
> unbound
> doing rc_pre
> /var/unbo
Since the upgrade to 7.6, I have been unable to use unbound in the
previous configuration.
root@router ~ # rcctl -df start unbound
doing _rc_parse_conf
unbound_flags >-c /var/unbound/etc/unbound.conf<
doing rc_check
unbound
doing rc_pre
/var/unbound/db/root.key has content
success: the anchor is
This node is running with IPv6-only.
Since I did not have IPv4, I initially only commented the constraint
with IPv4 . But it was not enough.
Then I realised that pool.ntp.org doesn't include a record.
That is ntppool's decision.
I ended up by commenting the servers line and added sev
Stuart Henderson wrote:
> On 2024-02-15, Rudolf Sykora wrote:
> > Josh Grosse wrote:
> >> On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote:
> >> > my computer is connected to a LAN, from which it obtains its
> >> > IP and also local-
On 2024-02-15, Rudolf Sykora wrote:
> Josh Grosse wrote:
>> On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote:
>> > my computer is connected to a LAN, from which it obtains its
>> > IP and also local-DNS-server IP via DHCP. The latter is then
>>
Josh Grosse wrote:
> On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote:
> > my computer is connected to a LAN, from which it obtains its
> > IP and also local-DNS-server IP via DHCP. The latter is then
> > inserted into /etc/resolv.conf by, I believe, reso
On Thu, Feb 15, 2024 at 02:15:07PM +0100, rsyk...@disroot.org wrote:
> my computer is connected to a LAN, from which it obtains its
> IP and also local-DNS-server IP via DHCP. The latter is then
> inserted into /etc/resolv.conf by, I believe, resolvd. The
> computer is furthermore c
Dear list,
my computer is connected to a LAN, from which it obtains its
IP and also local-DNS-server IP via DHCP. The latter is then
inserted into /etc/resolv.conf by, I believe, resolvd. The
computer is furthermore connected via wireguard VPN to
another network with its own DNS server, serving
On Wed, February 14, 2024 4:44 am, Peter J. Philipp wrote:
> ...
>
> * I'm not a cryptographer, mathematician nor do I program DNS on the
> recursive end. I program on the authoritative server end, where you can't
> do anything about something like a MITM anyhow. Donal
On 2/14/2024 6:27 AM, Willy Manga wrote:
I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one
"ntpd[26862]: DNS lookup tempfail"
This node is running with IPv6-only.
Perhaps you could use DNS64+NAT64.
It's quite easy to set up a DNS64 server
Stuart Henderson wrote:
> You need to use one of the "2." pool addresses, e.g.
>
> global:
>
> 2.pool.ntp.org
>
> regional:
>
> 2.africa.pool.ntp.org
> 2.asia.pool.ntp.org
> 2.europe.pool.ntp.org
> 2.north-america.pool.ntp.org
> 2.oceania.pool.ntp.org
> 2.south-america.pool.ntp.org
>
> "vend
ream or solve at
> its own level the user experience.
OpenBSD has nothing to fix. We are not the ones curating what the DNS
records translate to.
Otto Moerbeek wrote:
> On Wed, Feb 14, 2024 at 04:55:20AM +0100, b...@fea.st wrote:
>
> > “A single packet can exhaust the processing
> > capacity of a vulnerable DNS server, effectively
> > disabling the machine, by exploiting a
> > 20-plus-year
On Tue, Feb 13, 2024, at 9:55 PM, b...@fea.st wrote:
> “A single packet can exhaust the processing
> capacity of a vulnerable DNS server, effectively
> disabling the machine, by exploiting a
> 20-plus-year-old design flaw in the DNSSEC
> specification.
>
> https://www.there
On 2024-02-14, Willy Manga wrote:
> I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one
That's mostly not recommended, openntpd (in base) is generally a better
idea for OpenBSD systems...
> "ntpd[26862]: DNS lookup tempfail"
...though that look
On 14/02/2024 09:31, Theo de Raadt wrote:
Willy Manga wrote:
Is it possible the default ntpd.conf file use something like
"servers openbsd.pool.ntp.org" and of course have openbsd.pool.ntp.org
looking for IPv6 nodes?
Not going to happen.
Fine. Can we at least have a workaround from the st
On Wed, Feb 14, 2024 at 04:55:20AM +0100, b...@fea.st wrote:
> “A single packet can exhaust the processing
> capacity of a vulnerable DNS server, effectively
> disabling the machine, by exploiting a
> 20-plus-year-old design flaw in the DNSSEC
> specification.
>
> https:
Willy Manga wrote:
> Is it possible the default ntpd.conf file use something like
>
> "servers openbsd.pool.ntp.org" and of course have openbsd.pool.ntp.org
> looking for IPv6 nodes?
Not going to happen.
Hello.
I'm running ntp-4.2.8pl10p6 on openbsd7.4 .. I saw messages like this one
"ntpd[26862]: DNS lookup tempfail"
This node is running with IPv6-only.
Since I did not have IPv4, I initially only commented the constraint
with IPv4 . But it was not enough.
Then
On 2/14/24 04:55, b...@fea.st wrote:
“A single packet can exhaust the processing
capacity of a vulnerable DNS server, effectively
disabling the machine, by exploiting a
20-plus-year-old design flaw in the DNSSEC
specification.
https://www.theregister.com/2024/02/13
“A single packet can exhaust the processing
capacity of a vulnerable DNS server, effectively
disabling the machine, by exploiting a
20-plus-year-old design flaw in the DNSSEC
specification.
https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
I was using unwind, but i changed over to use unbound instead and so i
noticed the changes made in resolv.conf by resolvd.
On 1/3/24 13:37, Stuart Henderson wrote:
On 2024-01-03, Peter Wens wrote:
Hi Otto,
I checked it, and yes it's slaacd
...
rdns_proposal_state_transition[vio0] PROPOSAL_N
On 2024-01-03, Peter Wens wrote:
> Hi Otto,
>
> I checked it, and yes it's slaacd
>
> ...
> rdns_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED ->
> PROPOSAL_CONFIGURED, timo: 3588
> gen_rdns_proposal: iface 1: fe80::f...
> ...
>
> Don't know how to disable this (e.g. vultr), so for now
Otto Moerbeek wrote:
On Wed, Jan 03, 2024 at 12:15:04PM +0100, Peter Wens wrote:
Hi,
I noticed that ignoring nameservers from leases only works
on IPv4 addresses.
in /etc/dhcpleased.conf
interface vio0 {
ignore dns
}
resolvd still adds a IPv6 nameserver
nameserver 2001:19f0:300:1704
On Wed, Jan 03, 2024 at 12:15:04PM +0100, Peter Wens wrote:
> Hi,
>
> I noticed that ignoring nameservers from leases only works
> on IPv4 addresses.
>
> in /etc/dhcpleased.conf
>
> interface vio0 {
> ignore dns
> }
>
> resolvd still adds a IPv6 name
Hi,
I noticed that ignoring nameservers from leases only works
on IPv4 addresses.
in /etc/dhcpleased.conf
interface vio0 {
ignore dns
}
resolvd still adds a IPv6 nameserver
nameserver 2001:19f0:300:1704::6 # resolvd: vio0
Is this intentional?
Best regards,
Peter
On 2023-12-27, hammer2_zfs wrote:
> Why "OpenBSD packages" did not have a py3-certbot-dns-cloudflare.
Because nobody was interested enough in it to write a port and get it
committed.
Hmmm, I don't believe "inconvenience" for an OpenBSD user motivates folks who
create OpenBSD packages.
Look at this another way, you could create
py3-certbot-dns-cloudflare package, and submit it to OpenBSD ports list for
inclusion as a supported package, with you as the devel
hi, dears;-)
I'm using the OpenBSD 7.4 and snapshots.
recently, I was trying the pkg_add certbot certbot-dns-cloudflare.
pkg_add certbot was ok. but, pkg_add certbot-dns-cloudflare was fail.
(it was need a pip. it must be pkg_add py3-certbot-dns-cloudflare. but same
things. )
I was more t
>you claim the SOA serial being a timestamp would have helped in
diagnosis.
Actually, I did not.
tux2bsd:
>> The SOA record could do with some attention too.
...
>> That is true but it doesn't help when trouble shooting.
Those comments were simply an observation passed along after
I raised the i
On Fri, Nov 17, 2023 at 07:14:58AM +, tux2bsd wrote:
> I understand you're choosing to be ornery about
> the SOA record. Seems to matter more to you lot
> than to me, given the defense being run around it.
You claim the SOA serial being a timestamp would have helped in
diagnosis. It would n
I understand you're choosing to be ornery about
the SOA record. Seems to matter more to you lot
than to me, given the defense being run around it.
> The issue was spotted
You're welcome.
Only 1 of your 10 name servers was returning an
A record, when I raised the issue.
> and fixed.
What wo
again" thanks for you
insight. We never would have thouhgt that up.
In this case using a time based SOA serial would have only told you
when the last working zone was created as the primary DNS was
ServFailing and the secondaries kept on serving what they had for the
SOA expiry period.
As for
> > Stuart Henderson wrote:
> well, if you're nitpicking things which don't matter
I would have rather not have needed to look at all.
Useful: when was a change made, who to contact.
(strangely enough, easy to provide via SOA)
OpenBSD list: fuck that, deflection is more fun
>> Host openbsd.org
On 2023-11-16, tux2bsd wrote:
> Stuart Henderson wrote:
>> > Convention is either date of last update MMDDNN or, date +%s
>> > 1218140044 is neither.
>>
>>
>> Serial can be absolutely anything the admin wants to use as long as they
>> follow the rules for rollover
>
> That is true but it doe
ress that can be used. As the RNAME "feature" of DNS is broken, that
is a good option.
> SERIAL:
>
> Convention is either date of last update MMDDNN or, date +%s
>
> 1218140044 is neither.
It's a convention, and every admin can decide which numbering scheme works for
her/him.
Greetings
Carsten
Stuart Henderson wrote:
> > Convention is either date of last update MMDDNN or, date +%s
> > 1218140044 is neither.
>
>
> Serial can be absolutely anything the admin wants to use as long as they
> follow the rules for rollover
That is true but it doesn't help when trouble shooting.
> (btw t
On 2023-11-16, tux2bsd wrote:
It'd be good to sort this, a bit of a meta remote hole...
>
> Maybe I could have said "remote black hole".
>
> Otto:
>>> The persons capable of fixing this are traveling right now
>> (and openbsd.org does have an A record).
>> things are fixed now
>
> You're welc
>>> It'd be good to sort this, a bit of a meta remote hole...
Maybe I could have said "remote black hole".
Otto:
>> The persons capable of fixing this are traveling right now
> (and openbsd.org does have an A record).
> things are fixed now
You're welcome.
The SOA record could do with some atte
On Wed, Nov 15, 2023 at 11:49:05AM +, Craig Skinner wrote:
> Hello,
>
> OpenBSD's root A record was deliberately removed about 5-10 years ago.
>
> The website is http://www.openbsd.org, not http://openbsd.org
>
> I can't find the thread of complaints from the time it changed.
>
> Cheers,
>
Hello,
OpenBSD's root A record was deliberately removed about 5-10 years ago.
The website is http://www.openbsd.org, not http://openbsd.org
I can't find the thread of complaints from the time it changed.
Cheers,
Craig.
.19
> Address: 199.185.230.19#53
> Aliases:
>
> Host openbsd.org not found: 2(SERVFAIL)
> $ host -t a openbsd.org 199.185.230.18
> Using domain server:
> Name: 199.185.230.18
> Address: 199.185.230.18#53
> Aliases:
>
> Host openbsd.org not found: 2(SERVFAIL)
>
-t a openbsd.org 199.185.230.18
Using domain server:
Name: 199.185.230.18
Address: 199.185.230.18#53
Aliases:
Host openbsd.org not found: 2(SERVFAIL)
Web page tool:
https://dnschecker.org/all-dns-records-of-domain.php?query=openbsd.org&rtype=A&dns=dnsauth
Stuart Henderson wrote:
> There is a complication in Kaya's case because if my handle on the
> config is correct, there are likely to be nameservers learned from
> both DHCP (in one rdomain) and PPPOE (in another), but they won't
> work on the opposite connection.
>
> In this situation I would d
t might have even been
> triggered by my altering of the pf.conf file... they are the only two
> things that I have been touching.
resolv does not care about how many special route messages it receives
about the DNS resolver. Each time it receives one, it will update
resolv.conf to contain t
On 2023/04/12 13:20, Theo de Raadt wrote:
> Stuart Henderson wrote:
>
> > On 2023-04-11, Theo de Raadt wrote:
> > > Kaya Saman wrote:
> > >
> > >> This somehow is overriding my resolv.conf file; another words the
> > >> information is *not* being used from resolv.conf and is instead being
> > >
tc/resolv.conf has not changed for years.
I accept maybe i fiddled with things and caused unwanted behavior... it
can happen.
All I was trying to figure out is why the resolv.conf file was not being
used and instead the information obtained through ipcp was being used
for dns lookups. If
Stuart Henderson wrote:
> On 2023-04-11, Theo de Raadt wrote:
> > Kaya Saman wrote:
> >
> >> This somehow is overriding my resolv.conf file; another words the
> >> information is *not* being used from resolv.conf and is instead being
> >> used from the ipcp negotiation as part of the pppoe kern
On 2023-04-11, Theo de Raadt wrote:
> Kaya Saman wrote:
>
>> This somehow is overriding my resolv.conf file; another words the
>> information is *not* being used from resolv.conf and is instead being
>> used from the ipcp negotiation as part of the pppoe kernel module.
>
> then the pppoe code sho
Kaya Saman wrote:
> This somehow is overriding my resolv.conf file; another words the
> information is *not* being used from resolv.conf and is instead being
> used from the ipcp negotiation as part of the pppoe kernel module.
then the pppoe code should submit a RTM_PROPOSAL route message ...
Thanks Stu, and everyone else who responded :-)
On 4/11/23 09:01, Stuart Henderson wrote:
On 2023-04-10, Kaya Saman wrote:
On 4/10/23 16:24, Daniele B. wrote:
Apr 10, 2023 12:52:22 Kaya Saman :
how do I override OpenBSD's
behavior to explicitly not use the dns servers obtained th
On 2023-04-10, Kaya Saman wrote:
>
> On 4/10/23 16:24, Daniele B. wrote:
>> Apr 10, 2023 12:52:22 Kaya Saman :
>>
>>>>> how do I override OpenBSD's
>>>>> behavior to explicitly not use the dns servers obtained through ipcp but
>>>>
On 4/10/23 16:24, Daniele B. wrote:
Apr 10, 2023 12:52:22 Kaya Saman :
how do I override OpenBSD's
behavior to explicitly not use the dns servers obtained through ipcp but
instead use the ones form the resolv.conf file?
My solution both for security reasons (I'm using unboun
Apr 10, 2023 12:52:22 Kaya Saman :
>>> how do I override OpenBSD's
>>> behavior to explicitly not use the dns servers obtained through ipcp but
>>> instead use the ones form the resolv.conf file?
My solution both for security reasons (I'm using unbound)
f
On 4/10/23 11:40, Jonathan Gray wrote:
On Mon, Apr 10, 2023 at 11:26:22AM +0100, Kaya Saman wrote:
Hi,
I'll ask the second question first as it might be easier to implement...
Currently I have found that the dns servers specified in the resolv.conf
file are not being used. Inste
On Mon, Apr 10, 2023 at 11:26:22AM +0100, Kaya Saman wrote:
> Hi,
>
>
> I'll ask the second question first as it might be easier to implement...
>
>
> Currently I have found that the dns servers specified in the resolv.conf
> file are not being used. Instead my ma
Hi,
I'll ask the second question first as it might be easier to implement...
Currently I have found that the dns servers specified in the resolv.conf
file are not being used. Instead my machine is prioritizing the ISP
obtained servers from the ipcp protocol through the kernel ppp se
On 09/15/22 04:18PM, Stuart Henderson wrote:
> On 2022-09-15, David A. Pocock wrote:
> > From the unwind manpage:
> >
> >> unwind sends DNS queries to nameservers to answer queries and switches to
> >> resolvers learned from dhclient(8), dhcpleased(8) or slaa
On 2022-09-15, David A. Pocock wrote:
> From the unwind manpage:
>
>> unwind sends DNS queries to nameservers to answer queries and switches to
>> resolvers learned from dhclient(8), dhcpleased(8) or slaacd(8) if it
>> detects that DNS queries are blocked by the local ne
ce was:
>
> "[!] WARNING: unwind will leak DNS queries"
>
> I was not able to find any discussion of this on the internet.
https://github.com/WireGuard/wireguard-tools/commit/84ac6add7e
> My purpose in using unwind is to reduce the need for third-party DNS
> quer
>From the unwind manpage:
> unwind sends DNS queries to nameservers to answer queries and switches to
> resolvers learned from dhclient(8), dhcpleased(8) or slaacd(8) if it
> detects that DNS queries are blocked by the local network.
Perhaps the warning us to let you know that
Hello,
I was hoping to get some clarification on a warning I noticed today
after running wg-quick (part of wireguard-tools) to connect to a
commercial VPN provider. I run OpenBSD 7.1, with all the patches
installed.
The notice was:
"[!] WARNING: unwind will leak DNS queries"
I wa
Ali Farzanrad wrote:
> Hi,
>
> I have a wireguard configuration in my system with local unbound dns
> resolver. In the past, I'd configured my wireguard as a separated
> rdomain, so whenever I needed to run my browser, I did one of these 2
> options:
>
> 1. chang
Hi,
I have a wireguard configuration in my system with local unbound dns
resolver. In the past, I'd configured my wireguard as a separated
rdomain, so whenever I needed to run my browser, I did one of these 2
options:
1. change /etc/resolv.conf and user a global dns resolver,
2. r
gs&m=163459084214897&w=2
Stefan,
Thanks,
mv /etc/firmware/iwm-7265D-29 /etc/firmware/iwm-7265D-29.orig
cp /etc/firmware/iwm-7265-17 /etc/firmware/iwm-7265D-29
and a reboot has improved things considerably!
The odd DNS timeout still gets logged but for all I know it always did
that running Open
On Tue, Dec 14, 2021 at 12:49:14PM +, Dave Turner wrote:
> I have searched the web and tried various things but so far nothing
> fixes it.
This should help: https://marc.info/?l=openbsd-bugs&m=163459084214897&w=2
0 the Ethernet via USB has not
failed so far.
I turn off iwm0 using
doas ifconfig iwm0 down
and then use an external USB to ethernet connector.
I have searched the web and tried various things but so far nothing
fixes it.
The release notes for 7.0 show both DNS and iwm0 have been changed.
Is th
and make sure there is a route to Route to your Internal DNS servers
over the VPNs
Or
a policy that covers the DNS servers ip range if it is an Ipsec
policy based vpn
Hope this helps
On Tue, 20 Jul 2021 at 13:15, Timo Myyrä wrote:
>
> Stuart Henderson [2021-07-20, 11:24 +]:
>
&g
Stuart Henderson [2021-07-20, 11:24 +]:
> On 2021-07-20, Timo Myyrä wrote:
>
>> Hi,
>>
>> Just started testing the new dhcleased,resolvd stuff and noticed that
>> DNS resolution won't work correctly once I open my VPN connection. Name
>> resolution w
On 2021-07-20, Timo Myyrä wrote:
> Hi,
>
> Just started testing the new dhcleased,resolvd stuff and noticed that
> DNS resolution won't work correctly once I open my VPN connection. Name
> resolution works for external domains but not for the internal domains
> resolved by
Hi,
Just started testing the new dhcleased,resolvd stuff and noticed that
DNS resolution won't work correctly once I open my VPN connection. Name
resolution works for external domains but not for the internal domains
resolved by the interal DNS servers.
I'm using openconnect to setup
I am using unbound DNS over TLS. I consistently get these error's but have
found little online about what they mean.
/var/log/messages
error: SSL_handshake syscall: Connection reset by peer
I'm probably looking in the wrong place.
Thanks.
Hi,
Yes use PF to separate your clients on the routing machine and then use
the server with the proper DB.
HTH
On 2021-03-25 6:52 a.m., Родин Максим wrote:
Hello,
Is there a way to do split horizon dns using NSD?
I did not find anything similar in man nsd.conf
just run a second nsd on separate (ip)/port, then use unbound as a router
On 3/25/21 12:52 PM, Родин Максим wrote:
> Hello,
> Is there a way to do split horizon dns using NSD?
> I did not find anything similar in man nsd.conf
Hello,
Is there a way to do split horizon dns using NSD?
I did not find anything similar in man nsd.conf
--
Best regards
Maksim Rodin
lish record sets larger than 512 bytes. (This is almost
> always a mistake.)"
>
> I had no need for TCP port 53 to be open. Until month and a half ago
> things worked as expected and I have more important things to do than to
> fix things which don't appear to be broken.
DNS
On Sun, Sep 20, 2020 at 10:17:47PM -0400, Predrag Punosevac wrote:
> Nicolai wrote :
>
> > On Sun, Sep 20, 2020 at 12:43:41AM -0400, Predrag Punosevac wrote:
> >
> > > For number of years I had in my /var/unbound/etc/unbound.conf line
> > >
> > > do-tcp: no
> >
> > > To make things worse I wa
Nicolai wrote :
> On Sun, Sep 20, 2020 at 12:43:41AM -0400, Predrag Punosevac wrote:
>
> > For number of years I had in my /var/unbound/etc/unbound.conf line
> >
> > do-tcp: no
>
> > To make things worse I was blocking port TCP port 53.
>
> Just curious, why did you do that?
When I start us
On Sun, Sep 20, 2020 at 12:43:41AM -0400, Predrag Punosevac wrote:
> For number of years I had in my /var/unbound/etc/unbound.conf line
>
> do-tcp: no
> To make things worse I was blocking port TCP port 53.
Just curious, why did you do that?
On my authoritative servers roughly 1 in 1000 queri
ents happened a month and a half ago
> when pkg management tools stopped working on all my FreeBSD file servers
> and jail hosts. After waisting an hour, I got to the bottom of my
> problem. Namely, my caching DNS Unbound resolvers (obviously running of
> OpenBSD) which also serve my LAN
On Sun, Sep 20, 2020 at 12:43:41AM -0400, Predrag Punosevac wrote:
> Could a kind soul who runs DNS for living point me to the documentation
> which I can use to educate myself.
>
>
> Most Kind Regards,
> Predrag Punosevac
Yes it does need TCP. It's part of the protoc
servers
and jail hosts. After waisting an hour, I got to the bottom of my
problem. Namely, my caching DNS Unbound resolvers (obviously running of
OpenBSD) which also serve my LAN and DMZ authoritatively could no longer
resolve
pkg.freebsd.org.
After waisting another hour it became clear that
example, In the case of a captive portal or floating between APs I
> would like DNS to work on different LANs where outbound DNS queries are
> blocked.
>
> I'm trying to build an isolated network environment in which all traffic
> is routed over an interface with a custom DNS
Thanks. Your solution works but is not ideal for my situation. The
reason it's not ideal is that one of the rdomains gets its nameserver
from DHCP and I don't think unbound can read this information.
For example, In the case of a captive portal or floating between APs I
would like D
The
> reason it's not ideal is that one of the rdomains gets its nameserver
> from DHCP and I don't think unbound can read this information.
>
> For example, In the case of a captive portal or floating between APs I
> would like DNS to work on different LANs where outbou
Hi all,
How can I allow different rdomains to use separate DNS nameservers?
Thanks
oh yeah you will have to adjust the flags for each daemon (to accept a
different
config file for each dns server in each Rdomain...
hope this helps...
On Wed, 27 May 2020 at 23:35, Tom Smyth
wrote:
> howdy,
>
> you can use symbolic links for /etc/rc.d/nsd to /etc/rc.d/nsd1
> an
howdy,
you can use symbolic links for /etc/rc.d/nsd to /etc/rc.d/nsd1
and to/etc/rc.d/nsd2 to /etc/rc.d/nsdn where 1,2 n are your r
domains for your
dns servers (authoritive) or you can use unbound instead of nsd
if it is just a forwarding dns server
then use for a dns server for
I also encountered this requirement and created a tool to handle it. It
runs as a non-privileged user and is independent of dhclient and the like.
My DNS zones are hosted in AWS, so it uses their API. No other DNS
providers are supported.
https://github.com/jsleeio/ru1
I'm much more sys
I've thought about this as welland would love to use native
OpenBSD tools for the job.
Just a design idea:
1. Use dhcpd(8) synchronization
(https://man.openbsd.org/dhcpd.8#SYNCHRONISATION) to send details of
dhcp leases to a DNS creator/listener.
2. The dns creator/listener creates/up
I use dnsmasq (an openbsd package) on the gateway for my lab ethernet
network and it works great with minimal configuration as a local DNS
server. At home I have a Synology wireless router which does the same
as long as you tell it to make DNS reservations. Your mileage may
vary with cheaper
On 2020-04-25 15:00, bofh wrote:
> Hi,
> I searched through the archives and saw a couple of discussions about using
> Dnsmasq from a long time ago.
>
> Is that the best way to let the stuff in my home to have valid dns entries
> in my home network?
>
> How difficult
bofh writes:
> Hi,
> I searched through the archives and saw a couple of discussions about
> using Dnsmasq from a long time ago.
>
> Is that the best way to let the stuff in my home to have valid dns
> entries in my home network?
I've not worked with dnsmasq so can&
OpenBSD dhcpd and unbound does not support dynamic dns.
The easyest way is to install isc-dhcp-server and isc-bind from
packages. There are pretty much howtos for this setup.
25.04.2020 22:00, bofh пишет:
Hi,
I searched through the archives and saw a couple of discussions about using
Dnsmasq
1 - 100 of 870 matches
Mail list logo
