jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

unbound: use ipv4 on older ubuntu

Browse Source 
SpamHaus rejects queries from ipv6.
unbound does not work on ipv6 only servers without do-ip6: true
prefer-ip4 only works on ubuntu 24

this leads to a situation that we cannot support ipv6 only servers with
older ubuntu
This commit is contained in:
Girish Ramakrishnan
2025-06-28 17:56:09 +02:00
parent 0427d08ede
commit 6561a40f2c
3 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
setup/start.sh
View File

@@ -94,10 +94,12 @@ systemctl restart systemd-journald
usermod -a -G adm ${USER}
log "Setting up unbound"
rm -f /etc/unbound/unbound.conf.d/prefer-ip4.conf # old config file
cp -f "${script_dir}/start/unbound/unbound.conf" /etc/unbound/unbound.conf.d/cloudron-network.conf
unbound_version=$(unbound -V | sed -n 's/^Version \([0-9.]*\)/\1/p')
if vergte "${unbound_version}" "1.19.2"; then
cp "${script_dir}/start/unbound/prefer-ip4.conf" /etc/unbound/unbound.conf.d/cloudron-prefer-ip4.conf
if [[ "${ubuntu_version}" == "20.04" || "${ubuntu_version}" == "22.04" ]]; then
# on older ubuntu, prefer-ip4 option does not exist. do-ip6 has to be disabled because SpamHaus rejects IPv6 queries
# this means we cannot support IPv6 only servers on older ubuntu
sed -e 's/do-ip6: yes/do-ip6: no/' -e 's/prefer-ip4:/# prefer-ip4:/' -i /etc/unbound/unbound.conf.d/cloudron-network.conf
fi
rm -f /etc/unbound/unbound.conf.d/remote-control.conf # on ubuntu 24

6
setup/start/unbound/prefer-ip4.conf
View File

@@ -1,6 +0,0 @@
# Prefer IPv4 outbound queries. Spamhaus often rejects queries from IPv6 addresses
# This setting is in a separate file since it only works from Ubuntu 24 , unbound 1.19.2
server:
prefer-ip4: yes

8
setup/start/unbound/unbound.conf
View File

@@ -6,11 +6,17 @@ server:
interface: 127.0.0.150
interface: 172.18.0.1
ip-freebind: yes
do-ip6: yes
access-control: 127.0.0.1 allow
access-control: 172.18.0.1/16 allow
cache-max-negative-ttl: 30
cache-max-ttl: 300
# Prefer IPv4 outbound queries. Spamhaus often rejects queries from IPv6 addresses
# without this, unbound does not start on IPv6 only servers
do-ip6: yes
# this setting only works with ubuntu 24 and unbound >= 1.19.2
prefer-ip4: yes
# enable below for logging to journalctl -u unbound
# verbosity: 5
# log-queries: yes