Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Help with "unbound" and home network
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
chaseguard
Tux's lil' helper
Tux's lil' helper


Joined: 25 Jun 2004
Posts: 140

PostPosted: Wed Jan 20, 2010 2:37 am    Post subject: Help with "unbound" and home network Reply with quote

I recently emerged unbound and set it to work on my main Gentoo box. I really like unbound and would like to extend it to my entire home network. The catch is, I don't want to install it on all the various boxes (including some pretty tightly configured MS work related boxes that I do not even have admin for).

My internet goes into a dd-wrt router. I can set DNS resolve addresses (up to three, presently set to openDNS) and a bunch of other stuff that I do not even understand. I tried to set the router's first DNS resolve address to my main Gentoo box (which has a static IP, 192.168.xxx.xxx) and configured unbound to accept queries from all interfaces.

This is not working, the other network boxes still use the openDNS for lookups. Any ideas to how to make this work? I really don't want to change the network layout (for example connect the Gentoo box to the internet and run the router downstream).
Back to top
View user's profile Send private message
nativemad
Developer
Developer


Joined: 30 Aug 2004
Posts: 911
Location: Switzerland

PostPosted: Tue Jan 26, 2010 7:05 am    Post subject: Reply with quote

Hi, i've just just set the following two lines in unbound.conf to allow querys from my lan:
Code:
interface: 0.0.0.0
access-control: 192.168.0.0/24 allow

_________________
Power to the people!
Back to top
View user's profile Send private message
chaseguard
Tux's lil' helper
Tux's lil' helper


Joined: 25 Jun 2004
Posts: 140

PostPosted: Tue Jan 26, 2010 2:25 pm    Post subject: Reply with quote

Thanks for your reply. I used those settings and cleared my firewall (shorewall). I set my router to make DNS queries to my unbound box thinking that other network equipment would get DNS resolution from unbound. None of this worked. In addition, by doing this the box with unbound developed local name resolution (as in could not resolve my network machine names) problems so I tried openresolv. What a mess.

I think I would have to put the box with unbound in front of the router (or make it a router) to make this work as a single machine DNS provider, a configuration I don't want to try. Alternatively, I could install unbound on all the individual boxes on the network.

In the end, this all became to complicated for me so I went back to my original configuration. If anyone has success doing this it would make a nice a how-to. I find the idea of doing my own DNS reolution appealing.
Back to top
View user's profile Send private message
nativemad
Developer
Developer


Joined: 30 Aug 2004
Posts: 911
Location: Switzerland

PostPosted: Tue Jan 26, 2010 3:47 pm    Post subject: Reply with quote

But if you just put "nameserver 127.0.0.1" in the resolv.conf of the unbound box, can you resolve something!?
If not, i would guess that the firewall doesn't allow querys to the direct outer world... (you will need udp and tcp sourceport 53 destinationport >1024)
If it works, then you could put that unbound-IP to the resolv.conf of the other boxen...
Its probably a bit special if you do this on the router-box, as it has to allow some kind triangle routing...
_________________
Power to the people!
Back to top
View user's profile Send private message
chaseguard
Tux's lil' helper
Tux's lil' helper


Joined: 25 Jun 2004
Posts: 140

PostPosted: Wed Jan 27, 2010 2:48 am    Post subject: Reply with quote

Sorry if am not clear. Unbound did a great job of resolving addresses for the box (home3) it was installed on. It worked so beautifully I wanted to use it as the DNS server for my entire network. Thus I configured my router (DD-WRT) to use the home3 IP address (static) 192.168.1.xxx as the preferred DNS. As you might guess, I am not too savvy about this stuff, but I thought a DNS request from another box on the internal network (say home2) would be forwarded to home3 where unbound would resolve the address. This did not work.

In addition, the box home3 using unbound then had a problem resolving internal network addresses, evidently because unbound only questions the real internet authoritative DNS servers, not the internal network. So then I experimented with openresolv. I opened up the unbound configuration pretty much like you showed and killed shorewall just in case. Along the way I spent too much time for the frustration, so I chucked the whole idea.


Thanks for your interest.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum