1

I deployed the unbound caching server, below is how it is deployed

Client ---> InternelDNSServer(Windows) ---> ExternalDNSServer(RHEL) ---> GoogleDNS

from Localhost(unbound) If i do

dig +ttlunits somesite.com

on first try it will go to google dns servers and on second try it will check from unbound cache and Query time will be either 1 msec or 0msec tcpdump confirms that it is checking from internel cache.

But if any other client which is behind InternelDNSServer then query still goes to GoogleDNS. below is unbound.conf content

server:
        verbosity: 1
        statistics-interval: 0
        statistics-cumulative: no
        extended-statistics: yes
        num-threads: 4
        interface: 192.168.56.10
        interface-automatic: no
        so-reuseport: yes
        ip-transparent: yes
        do-ip4: yes
        access-control: 127.0.0.0/8 allow
        access-control: 192.168.56.10/32 allow ***(unbound,Localhost)***
        access-control: 10.30.10.1/32 allow_snoop ***(InternetDNSServer1)***
        access-control: 10.30.11.2/32 allow_snoop ***(InternetDNSServer2)***
        chroot: ""
        username: "unbound"
        directory: "/etc/unbound"
        logfile: /var/log/unbound/unbound.log
        log-queries: yes
        use-syslog: yes

        log-time-ascii: yes
        log-replies: yes
        pidfile: "/var/run/unbound/unbound.pid"
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        harden-dnssec-stripped: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        unwanted-reply-threshold: 10000000
        prefetch: yes
        prefetch-key: yes
        rrset-roundrobin: yes
        minimal-responses: yes
        module-config: "ipsecmod validator iterator"
        trust-anchor-signaling: yes
        trusted-keys-file: /etc/unbound/keys.d/*.key
        auto-trust-anchor-file: "/var/lib/unbound/root.key"
        val-clean-additional: yes
        val-permissive-mode: no
        val-log-level: 1
        include: /etc/unbound/local.d/*.conf
        ipsecmod-enabled: no
        ipsecmod-hook: "/usr/libexec/ipsec/_unbound-hook"
python:
remote-control:
        control-enable: yes
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"
forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4
        forward-addr: 1.1.1.1
        forward-first: no
include: /etc/unbound/conf.d/*.conf

/etc/resolv.conf contents

# Generated by NetworkManager
search privatedomain.com
nameserver 192.168.56.10

i'm confused why is it not looking for cache for clients behind the InternelDNSServer

OmiPenguin
  • 4,168
  • 34
  • 79
  • 111

0 Answers0