-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Bruce, Haw, I do not know if this helps for you, but there is an interface option specifically made for anycast; interface-automatic: yes That acts like '0.0.0.0' (and ::0) but uses (weird) socket options. This makes it pick up new interfaces when they are created (without need for config edits and restart) or deleted. (This option is portable to FreeBSD, Solaris, Linux, but probably won't work on other OSes). Best regards, Wouter On 08/19/2010 08:03 AM, Haw Loeung wrote: > Hi Bruce, > > On Thu, 19 Aug 2010 02:35:07 am Hayward, Bruce wrote: > <snip> >> >> When removing the Virtual from the unbound.conf and using 0.0.0.0, it >> works against the physical (but does not resolve against the >> logical/virtuals) >> >> Ideas? >> > > I think we ran into this same problem a couple of years back when > switching from BIND to Unbound on our resolvers (also using anycast > addresses). > > We fixed this by adding "interface" options. For example, one of our > servers has the following interface options defined: > > interface: 127.0.0.1 > interface: 203.26.24.44 > interface: 203.12.160.35 > interface: 203.87.88.1 > > From memory, I think the reason why it fails to resolve against the > logical/virtuals is to do with it using the wrong source IP when > replying to the client. > > Hope this helps. > > > Regards, > > Haw > > > > > _______________________________________________ > Unbound-users mailing list > Unbound-users at unbound.net > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxs1i4ACgkQkDLqNwOhpPhPqwCcD100CPbuxfsrdrNPPLhsIALq 9CYAoI57N4r/7KbxXAqx183lu28C6zl0 =zk8a -----END PGP SIGNATURE-----