You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have been researching and working on a simple, low resource method for added security on a NomadBSD system, that goes beyond what a VPN can provide. I have been led to understand that Unbound can provide this, so I have tried to configure the version (?) of Unbound, that is found in the base FreeBSD system. I have experienced some issues along the way and could use some help.
I currently have the line in my /etc/rc.conf as follows to try to help diagnose some of the problems that I am experiencing: local_unbound_enable=NO
Here is what I get when I try to start Unbound manually: # service local_unbound onestart Starting local_unbound. Waiting for nameserver to start...[1645112025] unbound-control[2874:0] warning: control-enable is 'no' in the config file. [1645112025] unbound-control[2874:0] error: connect: Connection refused for 127.0.0.1 port 8953 .[1645112026] unbound-control[2879:0] warning: control-enable is 'no' in the config file. [1645112026] unbound-control[2879:0] error: connect: Connection refused for 127.0.0.1 port 8953 .[1645112027] unbound-control[2884:0] warning: control-enable is 'no' in the config file. [1645112027] unbound-control[2884:0] error: connect: Connection refused for 127.0.0.1 port 8953 .[1645112028] unbound-control[2889:0] warning: control-enable is 'no' in the config file. [1645112028] unbound-control[2889:0] error: connect: Connection refused for 127.0.0.1 port 8953 .[1645112029] unbound-control[2894:0] warning: control-enable is 'no' in the config file. [1645112029] unbound-control[2894:0] error: connect: Connection refused for 127.0.0.1 port 8953 giving up
My /etc/unbound/unbound.conf is very basic:
`server:
port: 5300
tls-upstream: yes
tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
The following is what I used as a point of reference in starting to work with Unbound:
I made sure that ntpd was installed and running for correct time. # sysrc local_unbound_enable=YES
This should set local_unbound to be used as a local resolver. # pkg install bind-tools
This is to get the "dig" command.
Next, reboot or run: # service local_unbound start
Test with: # dig @::1 -p 5300 mozilla.org
I am not sure, but I believe this works.
I believe that the following is used for capturing traffic. Here, I start getting on thin ice, regarding what I have learned so far: # tcpdump host 2a05:fc84::42 -w tls.pcap
AND # dig @::1 -p 5300 mozilla.org
OR # dig @::1 -p 5300 mozilla.org +dnssec
tcdump appears to work, but when running Wireshark, I only see UDP, no DNS, TCP or TLS protocols.
There are no man pages for local_unbound and references to unbound-checkconf and unbound-anchor, I suspect refer to the full Unbound install, while I am trying to run this on a desktop system. I am a bit lost at this point, as I have no experience in network security, but am trying my best. However, I could definitely use some help at this point.
For the future, it would be nice if some form of Simple DNS over TLS and DNSSEC for added security were implemented in NomadBSD, without any particular configuration needed, for the desktop user...
The text was updated successfully, but these errors were encountered:
I have been researching and working on a simple, low resource method for added security on a NomadBSD system, that goes beyond what a VPN can provide. I have been led to understand that Unbound can provide this, so I have tried to configure the version (?) of Unbound, that is found in the base FreeBSD system. I have experienced some issues along the way and could use some help.
I currently have the line in my /etc/rc.conf as follows to try to help diagnose some of the problems that I am experiencing:
local_unbound_enable=NOHere is what I get when I try to start Unbound manually:
# service local_unbound onestart Starting local_unbound. Waiting for nameserver to start...[1645112025] unbound-control[2874:0] warning: control-enable is 'no' in the config file. [1645112025] unbound-control[2874:0] error: connect: Connection refused for 127.0.0.1 port 8953 .[1645112026] unbound-control[2879:0] warning: control-enable is 'no' in the config file. [1645112026] unbound-control[2879:0] error: connect: Connection refused for 127.0.0.1 port 8953 .[1645112027] unbound-control[2884:0] warning: control-enable is 'no' in the config file. [1645112027] unbound-control[2884:0] error: connect: Connection refused for 127.0.0.1 port 8953 .[1645112028] unbound-control[2889:0] warning: control-enable is 'no' in the config file. [1645112028] unbound-control[2889:0] error: connect: Connection refused for 127.0.0.1 port 8953 .[1645112029] unbound-control[2894:0] warning: control-enable is 'no' in the config file. [1645112029] unbound-control[2894:0] error: connect: Connection refused for 127.0.0.1 port 8953 giving upMy /etc/unbound/unbound.conf is very basic:
`server:
port: 5300
tls-upstream: yes
tls-cert-bundle: "/usr/local/share/certs/ca-root-nss.crt"
forward-zone:
name: "."
forward-addr: 2a05:fc84::42@853#dns.digitale-gesellschaft.ch`
The following is what I used as a point of reference in starting to work with Unbound:
I made sure that ntpd was installed and running for correct time.
# sysrc local_unbound_enable=YESThis should set local_unbound to be used as a local resolver.
# pkg install bind-toolsThis is to get the "dig" command.
Next, reboot or run:
# service local_unbound startTest with:
# dig @::1 -p 5300 mozilla.orgI am not sure, but I believe this works.
I believe that the following is used for capturing traffic. Here, I start getting on thin ice, regarding what I have learned so far:
# tcpdump host 2a05:fc84::42 -w tls.pcapAND
# dig @::1 -p 5300 mozilla.orgOR
# dig @::1 -p 5300 mozilla.org +dnssectcdump appears to work, but when running Wireshark, I only see UDP, no DNS, TCP or TLS protocols.
There are no man pages for local_unbound and references to unbound-checkconf and unbound-anchor, I suspect refer to the full Unbound install, while I am trying to run this on a desktop system. I am a bit lost at this point, as I have no experience in network security, but am trying my best. However, I could definitely use some help at this point.
For the future, it would be nice if some form of Simple DNS over TLS and DNSSEC for added security were implemented in NomadBSD, without any particular configuration needed, for the desktop user...
The text was updated successfully, but these errors were encountered: