[Pkg-dns-devel] Bug#882388: unbound: interface config ignored, listens on all IPs
Jakob Bohm
jb-debbugs at wisemo.com
Wed Nov 22 00:38:04 UTC 2017
Package: unbound
Version: 1.6.0-2~bpo8+1
Severity: normal
Dear Maintainer,
When using unbound 1.6.0-2~bpo8+1 (with matching libraries etc.),
unbound seems to (at least partially) ignore the "interface:" setting
in unbound.conf and unconditionally binds to 0.0.0.0:53 and :::53 .
This prevents running another DNS server (such as nsd3 or knot) on a
different logical interface (IP address).
Using the interface option in unbound.conf works correctly in version
1.4.22-3+deb8u3, but of cause this requires staying on jessie.
Here is the console output from starting 1.6.0-2~bpo8+1:
root at xxxxx:~# /etc/init.d/unbound start
[....] Starting DNS server: unbound[1511300849] unbound[13444:0] notice: Start of unbound 1.6.0.
Nov 21 21:47:29 unbound[13444:0] debug: increased limit(open files) from 1024 to 4152
Nov 21 21:47:29 unbound[13444:0] debug: creating udp6 socket :: 53
Nov 21 21:47:29 unbound[13444:0] debug: creating tcp6 socket :: 53
Nov 21 21:47:29 unbound[13444:0] debug: creating udp4 socket 0.0.0.0 53
Nov 21 21:47:29 unbound[13444:0] debug: creating tcp4 socket 0.0.0.0 53
Nov 21 21:47:29 unbound[13444:0] debug: creating tcp6 socket ::1 8953
Nov 21 21:47:29 unbound[13444:0] debug: creating tcp4 socket 127.0.0.1 8953
Nov 21 21:47:29 unbound[13444:0] debug: switching log to syslog
. ok
And knot then refuses to start on specific IP addresses not listed in
unbound.conf due to port 53 in use.
And here is the similar output from 1.4.22-3+deb8u3:
root at xxxxx:/etc/init.d# /etc/init.d/unbound start
[....] Starting recursive DNS server: unbound[1511307121] unbound[15227:0] notice: Start of unbound 1.4.22.
Nov 21 23:32:01 unbound[15227:0] debug: creating udp4 socket 10.xxx.xxx.xxx 53
Nov 21 23:32:01 unbound[15227:0] debug: creating tcp4 socket 10.xxx.xxx.xxx 53
Nov 21 23:32:01 unbound[15227:0] debug: creating udp6 socket 2xxx:xxxx:xxxx:xxxx::xxxx:xxxx 53
Nov 21 23:32:01 unbound[15227:0] debug: creating tcp6 socket 2xxx:xxxx:xxxx:xxxx::xxxx:xxxx 53
Nov 21 23:32:01 unbound[15227:0] debug: creating tcp6 socket ::1 8953
Nov 21 23:32:01 unbound[15227:0] debug: creating tcp4 socket 127.0.0.1 8953
Nov 21 23:32:01 unbound[15227:0] debug: switching log to syslog
. ok
And knot then starts fine and answers queries on its configured IP
addresses while unbound answers queries on its IP addresses.
-- System Information:
Debian Release: 8.9
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages unbound depends on:
ii adduser 3.113+nmu3
ii libc6 2.19-18+deb8u10
ii libevent-2.0-5 2.0.21-stable-2+deb8u1
ii libpython2.7 2.7.9-2+deb8u1
ii libssl1.0.0 1.0.2l-1~bpo8+1
ii openssl 1.0.2l-1~bpo8+1
ii unbound-anchor 1.6.0-2~bpo8+1
unbound recommends no packages.
unbound suggests no packages.
-- Configuration Files:
/etc/default/unbound changed:
DAEMON_OPTS="-v -v -v"
/etc/init.d/unbound changed [summarized]:
- Added this to the block at the top:
# X-Start-Before: ntp exim4 clamav-freshclam spamassassin local-spfd
- Added a command that copies unbound.conf from a shared location.
- (1.4.22 only): Make the stop action not conditional on UNBOUND_ENABLE
/etc/unbound/unbound.conf changed [extract below]:
server:
verbosity: 1
interface: 10.xxx.xxx.xxx
interface: 2xxx:xxxx:xxxx:xxxx::xxxx:xxxx
interface-automatic: no
outgoing-interface: yyy.yyy.yyy.yyy
outgoing-interface: 2yyy:yyyy:yyyy:yyyy::yyyy:yyyy
-- no debconf information
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the pkg-dns-devel
mailing list