My Setup/Goal:
I'm running a specific version of Debian 10 on my rpi 4b and have nextcloudpi installed on top. This results in the need for another (virtual) interface because nextcloudpi runs on apache2, port 80 (as well as pi-hole). I could have changed the apache port 80 but I want another interface/IP for my pihole/unbound setup. I could have also achieved it by using docker but it failed (either because IPv6 and macvlan are sometimes a bit buggy within docker or because my brain is a bit buggy).
However, I've installed Pihole successfully using IPv4 and IPv6 (local unicast fd00) of my macvlan. I have told apache to only use my physical interface IP, bound lighttpd to the other IPv4 of my Macvlan, and configured pihole to use the IPv4 and IPv6 local unicast of my Macvlan (setupvars.conf).
Central issue:
My central question: How do I configure unbound correctly to use the Macvlan interface? Do I have to change the default config at all?
Assuming my macvlan IPv4 looks like: 192.168.178.123/24, what would my interface line look like? Would I just need to add
interface: 192.168.178.123@5335
interface: my corresponding local unicast address of my Macvlan@5335 (fd00....)
???
Some further questions regarding Macvlan:
My Macvlan has also a global unicast address and I'm not sure about it since I remember a post which told me that macvlan with a global unicast address might be a security risk? In case this is true: how do I disable the global address for my Macvlan?
The important line if my interfaces.d file is:
pre-up ip link add name macvlan1 link eth0:1 address 02:3E:A6:22:01:05 type macvlan
Do I have to add "mode bridge"? What does it exactly do? I've read some information about networks and bridge mode in general but I'm still not sure whether to use or not? So would it be
.... type macvlan mode bridge
?
Thank you much for your help!