<html><head></head><body><div style="color:#000; background-color:#fff; font-family:lucida console, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1540991039783_35845"><span id="yui_3_16_0_ym19_1_1540991039783_35846">So I have my Aruba WLAN controller doing DHCP.  (predates me in setup)  There is no relay back to the Linux DHCP servers.  </span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: lucida console, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font size="2" face="Arial"> On Wednesday, October 31, 2018 9:15 AM, Petr Špaček via Unbound-users <unbound-users@nlnetlabs.nl> wrote:<br></font></div>  <br><br> <div class="y_msg_container"><div dir="ltr">Hello,<br clear="none"><br clear="none">On 30. 10. 18 20:14, Andrew Meyer via Unbound-users wrote:<br clear="none">> Hello,<br clear="none">> I am running unbound on CentOS 7 (latest) using Unbound 1.6.6.  While<br clear="none">> doing a tcpdump to my destination DNS server I can see that unbound is<br clear="none">> appending my internal zone to everything.  <br clear="none"><br clear="none">I bet this is caused by client so I would recommend you to verify what<br clear="none">queries Unbound receives from client side. Typically this is caused by<br clear="none">messy `search` directive in resolv.conf or simialar config.<br clear="none"><br clear="none">Take away: Never ever use `search` directive.<br clear="none"><br clear="none">Petr Špaček  @  CZ.NIC<div class="yqt6118460587" id="yqtfd74125"><br clear="none"><br clear="none"><br clear="none">> <br clear="none">> Here is my config:<br clear="none">> ]# cat /etc/unbound/unbound.conf|grep -v '#'<br clear="none">> server:<br clear="none">> <br clear="none">> verbosity: 3<br clear="none">> <br clear="none">> statistics-interval: 0<br clear="none">> <br clear="none">> statistics-cumulative: no<br clear="none">> <br clear="none">> extended-statistics: yes<br clear="none">> <br clear="none">> num-threads: 4<br clear="none">> <br clear="none">>  interface: x.x.x.x<br clear="none">> <br clear="none">> interface-automatic: no<br clear="none">> <br clear="none">>  so-rcvbuf: 4m<br clear="none">> <br clear="none">>  so-sndbuf: 4m<br clear="none">> <br clear="none">> cache-max-negative-ttl: 10<br clear="none">> <br clear="none">> do-ip4: yes<br clear="none">> <br clear="none">> do-ip6: no<br clear="none">> <br clear="none">> do-udp: yes<br clear="none">> <br clear="none">> do-tcp: yes<br clear="none">> <br clear="none">> do-daemonize: yes<br clear="none">> <br clear="none">> access-control: 0.0.0.0/0 refuse<br clear="none">> access-control: x.x.x.x/16 allow<br clear="none">> <br clear="none">> chroot: ""<br clear="none">> <br clear="none">> username: "unbound"<br clear="none">> <br clear="none">> directory: "/etc/unbound"<br clear="none">> <br clear="none">> logfile: "/var/log/unbound.log"<br clear="none">> <br clear="none">> <br clear="none">> log-time-ascii: yes<br clear="none">> <br clear="none">> pidfile: "/var/run/unbound/unbound.pid"<br clear="none">> <br clear="none">> harden-glue: yes<br clear="none">> <br clear="none">> harden-dnssec-stripped: yes<br clear="none">> <br clear="none">> harden-below-nxdomain: yes<br clear="none">> <br clear="none">> harden-referral-path: yes<br clear="none">> <br clear="none">> use-caps-for-id: no<br clear="none">> <br clear="none">> unwanted-reply-threshold: 10000000<br clear="none">> <br clear="none">> do-not-query-localhost: yes<br clear="none">> <br clear="none">> prefetch: yes<br clear="none">> <br clear="none">> prefetch-key: yes<br clear="none">> <br clear="none">> rrset-roundrobin: yes<br clear="none">> <br clear="none">> minimal-responses: yes<br clear="none">> <br clear="none">> module-config: "iterator"<br clear="none">> <br clear="none">> trusted-keys-file: /etc/unbound/keys.d/*.key<br clear="none">> auto-trust-anchor-file: "/var/lib/unbound/root.key"<br clear="none">> <br clear="none">> val-clean-additional: yes<br clear="none">> <br clear="none">> val-permissive-mode: no<br clear="none">> <br clear="none">> val-log-level: 1<br clear="none">> <br clear="none">> include: /etc/unbound/local.d/*.conf<br clear="none">> <br clear="none">> include: /etc/unbound/conf.d/*.conf<br clear="none">> <br clear="none">> <br clear="none">> 19:12:51.822564 IP 10.1.6.247.49589 > 10.10.0.31.domain: 18798+% [1au]<br clear="none">> A? grafana.example.com.example.net. (70)<br clear="none">> 19:12:51.822735 IP 10.10.0.31.domain > 10.1.6.247.49589: 18798 NXDomain*<br clear="none">> 0/1/1 (132)<br clear="none">> 19:12:51.823203 IP 10.1.6.247.8795 > 10.10.0.31.domain: 14439+% [1au]<br clear="none">> AAAA? grafana.example.com.example.net. (70)<br clear="none">> 19:12:51.823280 IP 10.10.0.31.domain > 10.1.6.247.8795: 14439 NXDomain*<br clear="none">> 0/1/1 (132)<br clear="none">> 19:12:54.020532 IP 10.1.6.247.59429 > 10.10.0.31.domain: 3647+ A?<br clear="none">> unbound01.stl1.example.net. (49)<br clear="none">> 19:12:54.020640 IP 10.10.0.31.domain > 10.1.6.247.59429: 3647* 1/6/6 A<br clear="none">> 10.1.6.247 (315)<br clear="none">> 19:12:54.056951 IP 10.1.6.247.45906 > 10.10.0.31.domain: 52440+ A?<br clear="none">> unbound01.stl1.example.net. (49)<br clear="none"><br clear="none"></div></div><br><br></div>  </div> </div>  </div></div></body></html>