I’ve enabled an OpenBSD unbound(8) daemon that is used as a central DNS cache resolver. Now I needed to know what it was doing and how it performed. The question was answered grabbing statistics from unbound and render them using Grafana.
The whole monitoring stack is composed of Net-SNMP, Telegraf and InfluxDB for the metrics part ; and syslogd(8), Logstash and Elasticsearch for the logs part. Of course, most of those run on OpenBSD (6.3) ; except Telegraf, which is not available (yet).
Continue reading “Monitoring unbound(8) using Net-SNMP, Telegraf, InfluxDB and Elasticsearch”
By default, a DHCP client gets an IP address, a network gateway and a DNS server. That’s fine most of the time. But if you own an OpenBSD cloud instance that has to use DHCP to get online, you might not be satisfied with the domain-name-servers option provided by your DHCP server. Hopefully, OpenBSD provides an easy way to force your DNS:
# vi /etc/dhclient.conf
prepend domain-name-servers 127.0.0.1;
Since then, OpenBSD will use our DNS resolver. Which is… unbound(8)
# rcctl enable unbound
# rcctl start unbound
Note that this configuration allows to use the DNS server provided by the DHCP server as a fallback.
QTS 4.x and the App Center have many applications et services available for Qnap. But there don’t seem to be a stand-alone DNS service. DNS can be enabled when configuring QNAP as a Domain Controller but -1- I don’t need a DC -2- that feature seems to go down quite often. So let’s run the good old BIND boy.
Continue reading “BIND server and DNS service on QNAP TS-453mini”
I started replacing Bind with nsd/unbound on previous OpenBSD release. Now it’s time to update to OpenBSD 5.7 and ensure it still works.
Continue reading “Running nsd and unbound on OpenBSD 5.7”
I wrote about running unbound and nsd on OpenBSD 5.6 here.
The other day, the VM that runs those went to DDB. On reboot, I got the following error message :
unbound: [16897:0] error: ldns error while converting string to RR at15: Syntax error, could not parse the RR's type: spamd: \\[priv\\]
unbound: [16897:0] error: failed to load trust anchor from /db/root.key at line 1, skipping
unbound: [16897:0] error: failed to read /db/root.key
unbound: [16897:0] error: error reading auto-trust-anchor-file: /var/unbound/db/root.key
This means “root.key” went broken. To rebuild it, simple run those:
sudo -u _unbound unbound-anchor -a /var/unbound/db/root.key
Et voilà, solved!