Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I dont know why the forward function doesn't work. #45

Closed
silveric10 opened this issue Jun 25, 2019 · 4 comments

Comments

@silveric10
Copy link

commented Jun 25, 2019

I only made these changes below to the unbound.conf. I want to forward all my dns queries to port 9999, but it doesn't work.
interface:127.0.0.1@8888
forward-zone
name: "."
forward-addr: 127.0.0.1@9999
Can you help to explain?

@wcawijngaards

This comment has been minimized.

Copy link
Member

commented Jun 25, 2019

You need the option do-not-query-localhost: no in unbound.conf.
The previous default value was yes and this prevented messages to 127.0.0.1 from the forward-addr.

@wcawijngaards

This comment has been minimized.

Copy link
Member

commented Jun 25, 2019

(Closing this because I think it resolved your issue, if it did not resolve the issue, please explain more about what is going wrong).

@bjovereinder

This comment has been minimized.

Copy link
Member

commented Jun 25, 2019

wcawijngaards added a commit that referenced this issue Jun 25, 2019
- For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
  when do-not-query-localhost is turned on, or at default on,
  unbound-checkconf prints a warning if it is found in forward-addr or
  stub-addr statements.
@wcawijngaards

This comment has been minimized.

Copy link
Member

commented Jun 25, 2019

The commit above makes unbound-checkconf print out warnings for the matter, since other people also experience this as a surprise, I thought that could be helpful. Looks like this:
unbound-checkconf: warning: forward-addr: '127.0.0.1' is specified for forward-zone: '.', but do-not-query-localhost: yes means that the address will not be used for lookups.

jedisct1 added a commit to jedisct1/unbound that referenced this issue Jun 29, 2019
Merge remote-tracking branch 'nlnet/master'
* nlnet/master: (22 commits)
  Nicer spelling and layout.
  - For NLnetLabs#45, check that 127.0.0.1 and ::1 are not used in unbound.conf   when do-not-query-localhost is turned on, or at default on,   unbound-checkconf prints a warning if it is found in forward-addr or   stub-addr statements.
  - Fix memleak in unit test, reported from the clang 8.0 static analyzer.
  - Fix python dict reference and double free in config.
  - Merge PR NLnetLabs#6: Python module: support multiple instances - Merge PR NLnetLabs#5: Python module: define constant MODULE_RESTART_NEXT - Merge PR NLnetLabs#4: Python module: assign something useful to the   per-query data store 'qdata' Noted in Changelog.
  - Added documentation to the ipset files (for doxygen output).
  - make depend
  - Fix to make unbound-control with ipset, remove unused variable,   use unsigned type because of comparison, and assign null instead   of compare with it.  Remade lex and yacc output.
  - PR NLnetLabs#28: IPSet module, by Kevin Chou.  Created a module to support   the ipset that could add the domain's ip to a list easily.   Needs libmnl, and --enable-ipset and config it, doc/README.ipset.md. - Fix to omit RRSIGs from addition to the ipset.
  - Fix for NLnetLabs#24: Fix abort due to scan of auth zone masters using old   address from previous scan.
  - Fix NLnetLabs#39: In libunbound, leftover logfile is close()d unpredictably.
  - Master contains version 1.9.3 in development.
  fix segmentation fault
  rollback the code
  bugfix
  performance improvement
  edit config parser to support ipset
  Add support for ipset
  Document how to configure multiple python modules
  Support multiple python module instances
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.