Bugzilla – Bug 4228
Unbound fails to start if an attempt is made to listen on any except the first IP, on multiple-IP PPP interfaces
Last modified: 2019-02-27 07:38:33 CET
I'm using Unbound on OPNSense current (19.1), although it's probably identical behaviour on pfSense current, and FreeBSD generally.
A user has a PPPoE WAN with a block of IPs (say 22.214.171.124/26)
The user wishes to use 126.96.36.199 for incoming DNS queries from peers on the internet.
Then the correct config line "interfaces: 188.8.131.52" prevents Unbound from starting up.
The way that PPP(oE) links work with pf, is that the interface is allocated just the first usable IP in the block, whatever that may be. (184.108.40.206 in the example). By default all traffic goes via this IP. The other IPs in the block must be manually created as virtual IPs on the WAN.
In my own case, the attempt to add lines of config for:
prevented Unbound from starting up. Adding a simple "#" to the start of these lines allowed Unbound to start up again, confirming the issue - but because of the commenting out, it couldn't listen to those IPs either.
SHould be testable by anyone with access to a PPP(oE) WAN, consistent here.
Sorry, typo. "interfaces: 220.127.116.11" should read "interface: 18.104.22.168", the discussion is correct and the typo wasn't present in the config when tried.
So, what is the error that unbound prints when it fails to start?
There is a variety of options for binding to non-up or even non-existing interfaces. Like ip-freebind: yes. There is also ip-transparent that is similar.
Best regards, Wouter