I'm having an issue with Unbound not responding over IPv6. It works when I do it on the router, but not on devices connected to the router. I have set up a split-horizon DNS record and I thought that was not working, but seems like the issue is in Unbound.
The DNS address advertised by the router is fd6a:f17d:d871:0::1:1. I can SSH using it to the router and I can open it in a browser to see the luci interface.
Please advice, thanks.
On the computer it works only over IPv4:
> nslookup -type=A mydomain.com 192.168.16.1
Server: openwrt
Address: 192.168.16.1
Name: mydomain.com
Address: 192.168.28.1
> nslookup -type=A mydomain.com fd6a:f17d:d871::1
Server: openwrt
Address: fd6a:f17d:d871::1
Non-authoritative answer:
Name: mydomain.com
Address: 65.254.242.180
On the router it works over both the IPv4 and IPv6:
> nslookup type=A mydomain.com 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1:53
Name: mydomain.com
Address: 192.168.28.1
> nslookup -type=A mydomain.com ::1
Server: ::1
Address: [::1]:53
Name: mydomain.com
Address: 192.168.28.1
netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2624/uhttpd
tcp 0 0 127.0.0.1:8953 0.0.0.0:* LISTEN 31989/unbound
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2624/uhttpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1369/dropbear
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 31989/unbound
tcp 0 0 :::443 :::* LISTEN 2624/uhttpd
tcp 0 0 ::1:8953 :::* LISTEN 31989/unbound
tcp 0 0 :::80 :::* LISTEN 2624/uhttpd
tcp 0 0 :::22 :::* LISTEN 1369/dropbear
tcp 0 0 :::53 :::* LISTEN 31989/unbound
udp 0 0 0.0.0.0:53 0.0.0.0:* 31989/unbound
udp 0 0 0.0.0.0:67 0.0.0.0:* 2493/odhcpd
udp 0 0 :::546 :::* 4386/odhcp6c
udp 0 0 :::547 :::* 2493/odhcpd
udp 0 0 :::547 :::* 2493/odhcpd
udp 0 0 :::53 :::* 31989/unbound
/etc/config/unbound
config unbound 'ub_main'
option edns_size '1232'
option hide_binddata '1'
option interface_auto '1'
option listen_port '53'
option localservice '1'
option manual_conf '0'
option num_threads '1'
option protocol 'default'
option rate_limit '0'
option rebind_localhost '0'
option rebind_protection '1'
option recursion 'default'
option root_age '9'
option ttl_neg_max '1000'
option verbosity '1'
option dhcp_link 'odhcpd'
option dhcp4_slaac6 '1'
option enabled '1'
option iface_lan 'lan'
option validator '1'
option validator_ntp '1'
option resource 'medium'
option unbound_control '1'
option extended_stats '1'
option add_extra_dns '1'
option dns64 '0'
option ttl_min '300'
option domain_type 'static'
option add_wan_fqdn '1'
option add_local_fqdn '1'
option domain 'lan'
list iface_wan 'wan'
list iface_wan 'wan6'
list iface_trig 'lan'
list iface_trig 'wan'
config zone 'auth_icann'
option enabled '0'
option fallback '1'
option url_dir 'https://www.internic.net/domain/'
option zone_type 'auth_zone'
list server 'lax.xfr.dns.icann.org'
list server 'iad.xfr.dns.icann.org'
list zone_name '.'
list zone_name 'arpa.'
list zone_name 'in-addr.arpa.'
list zone_name 'ip6.arpa.'
config zone 'fwd_isp'
option enabled '0'
option fallback '1'
option resolv_conf '1'
option zone_type 'forward_zone'
list zone_name 'isp-bill.example.com.'
list zone_name 'isp-mail.example.net.'
config zone 'fwd_google'
option fallback '1'
option tls_index 'dns.google'
option tls_upstream '1'
option zone_type 'forward_zone'
list server '8.8.4.4'
list server '8.8.8.8'
list server '2001:4860:4860::8844'
list server '2001:4860:4860::8888'
list zone_name '.'
option enabled '1'
config zone 'fwd_cloudflare'
option enabled '0'
option fallback '1'
option tls_index 'cloudflare-dns.com'
option tls_upstream '1'
option zone_type 'forward_zone'
list server '1.1.1.1'
list server '1.0.0.1'
list server '2606:4700:4700::1111'
list server '2606:4700:4700::1001'
list zone_name '.'
/etc/unbound/unbound_srv.conf
XXXX:XXXX:XXXX:XX54::/64 is my public IP range for the lan. Here are all the IPs that appear in LuCI under lan:
IPv4: 192.168.16.1/20
IPv6: XXXX:XXXX:XXXX:XX54::1/64
IPv6: fd6a:f17d:d871::1/64
access-control-view: fd6a:f17d:d871::/48 "mydomain"
access-control-view: fe80::/10 "mydomain"
access-control-view: XXXX:XXXX:XXXX:XX54::/64 "mydomain"
access-control-view: 192.168.16.1/20 "mydomain"
access-control-view: 127.0.0.1 "mydomain"
access-control-view: ::1 "mydomain"
private-domain: "mydomain.com"
private-address: 192.168.16.1/20
private-address: fd6a:f17d:d871::/48
/etc/unbound/unbound_ext.conf
view:
name: "mydomain"
view-first: yes
local-zone: "mydomain.com." redirect
local-data: "mydomain.com. IN A 192.168.28.1"
uci export network;
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd6a:f17d:d871::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option defaultroute '0'
option ip6assign '64'
list ipaddr '192.168.16.1/20'
option delegate '0'
config interface 'wan'
option device 'wan'
option proto 'pppoe'
option username 'XXX@t-online.de'
option password 'XXX'
option peerdns '0'
option ipv6 '1'
list dns '1.1.1.1'
list dns '1.0.0.1'
option metric '10'
config interface 'wan_lte'
option proto '3g'
option device '/dev/ttyUSB2'
option service 'umts'
option ipv6 'auto'
option apn 'internet'
option auto '0'
config interface 'modem'
option proto 'static'
list ipaddr '192.168.0.2/24'
option gateway '192.168.0.1'
option delegate '0'
option device 'wan'
config interface 'wan6'
option proto 'dhcpv6'
option device '@wan'
option reqaddress 'try'
option reqprefix '64'
option ip6assign '64'
uci export dhcp;
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
option dhcpv6 'server'
option ra_management '1'
option ndp 'hybrid'
option dns_service '0'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option leasefile '/tmp/hosts/odhcpd'
option loglevel '4'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
option maindhcp '1'
config dhcp 'modem'
option interface 'modem'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
option dynamicdhcp '0'
config dhcp 'wan6'
option interface 'wan6'
option ignore '1'
option ra 'relay'
option dhcpv6 'relay'
option ndp 'hybrid'
ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
lrwxrwxrwx 1 root root 16 Aug 19 16:01 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 118 Nov 20 08:37 /tmp/resolv.conf
-rw-r--r-- 1 root root 48 Nov 20 02:33 /tmp/resolv.conf.ppp
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 156 Nov 20 02:33 resolv.conf.auto
==> /etc/resolv.conf <==
# /tmp/resolv.conf generated by Unbound UCI 2023-11-20T08:37:38+01:00
nameserver 127.0.0.1
nameserver ::1
search lan.
==> /tmp/resolv.conf <==
# /tmp/resolv.conf generated by Unbound UCI 2023-11-20T08:37:38+01:00
nameserver 127.0.0.1
nameserver ::1
search lan.
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.ppp <==
nameserver 10.105.3.100
nameserver 10.105.3.101