[nsd-users] Unbound Problems (Reverse Direction)
Wouter Wijngaards
wouter at nlnetlabs.nl
Fri Jul 10 09:31:13 UTC 2020
Hi Ken,
On 10/07/2020 02:34, Ken.Hendrickson--- via nsd-users wrote:
> The unbound-users at lists.nlnetlabs.nl mailing list is completely blocking me,
> and preventing me from asking for help. So I am posting my question again here,
> even though it is really about unbound, and not about nsd.
The unbound list got spam subscriptions and requires moderator approval
before a new subscriber can send email. This takes time, and has
already been resolved for you, i.e. that should be working now. But let
me reply to your issue, because maybe that helps straight away.
>
> NSD is working in both directions.
> Unbound is only working in the forward direction.
Nice to see that NSD is working!
I think you may need the unbound option unblock-lan-zones: yes and
perhaps also insecure-lan-zones: yes
Unbound blocks the lan zones by default. It is to protect internet
servers from getting hit by traffic that is not really meant there.
Best regards, Wouter
>
>
>
>
>
> Here is proof that both Unbound and NSD are working in the forward direction:
> ------------------------------------------------------------------------
> 7 Soekris2# nslookup nas2
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> Non-authoritative answer:
> Name: nas2.Foo.Bar
> Address: 172.24.10.2
> ------------------------------------------------------------------------
>
>
>
>
>
> Here is proof that NSD is working in the reverse direction:
> ------------------------------------------------------------------------
> 8 Soekris2# nslookup
>> server 127.0.0.1
> Default server: 127.0.0.1
> Address: 127.0.0.1#53
>> set port=53053
>> 172.24.10.2
> Server: 127.0.0.1
> Address: 127.0.0.1#53053
>
> 2.10.24.172.in-addr.arpa name = nas2.foo.bar.
> ------------------------------------------------------------------------
>
>
>
>
>
> But somehow, Unbound is not working in the reverse direction:
> ------------------------------------------------------------------------
> 6 Soekris2# nslookup 172.24.10.2
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> ** server can't find 2.10.24.172.in-addr.arpa: NXDOMAIN
> ------------------------------------------------------------------------
>
>
>
>
>
> Here is the relevant part of my unbound.conf:
> ------------------------------------------------------------------------
> # Use nsd to resolve local names.
> # Do not send these queries to the root servers.
> stub-zone:
> name: Foo.Bar.
> stub-addr: 127.0.0.1 at 53053
> stub-zone:
> name: 10.24.172.in-addr.arpa.
> stub-addr: 127.0.0.1 at 53053
> stub-zone:
> name: 20.24.172.in-addr.arpa.
> stub-addr: 127.0.0.1 at 53053
> stub-zone:
> name: 30.24.172.in-addr.arpa.
> stub-addr: 127.0.0.1 at 53053
> stub-zone:
> name: 2.168.192.in-arpa.arpa.
> stub-addr: 127.0.0.1 at 53053
> stub-zone:
> name: 224.in-addr.arpa.
> stub-addr: 127.0.0.1 at 53053
> stub-zone:
> name: 255.in-addr.arpa.
> stub-addr: 127.0.0.1 at 53053
> ------------------------------------------------------------------------
>
>
>
>
>
> Any ideas? What am I still doing wrong??
>
>
>
> NSD is listening on port 53053, and works (as proved above) for resolving in the reverse direction.
>
> Why doesn't unbound work?
>
>
>
>
>
> CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving.
>
>
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
>
More information about the nsd-users
mailing list