[Unbound-users] unbound failed lookups?
pcl-associates
patrick at pcl-associates.net
Sat Jul 26 20:22:25 UTC 2014
Hello Carsten,
Thank you so very much. That was absolutely perfect. I would have gladly used option a) or b) but since it's for a server application, it was easier to use option c) as there were also no drawbacks.
Many thanks again.
Patrick
On Jul 25, 2014, at 11:27 PM, Carsten Strotmann <unbound at strotmann.de> wrote:
>
> Hello Patrick,
>
> pcl-associates writes:
>
>> Hi,
>>
>> Unbound seems to be handling failed lookups in a strange manner. Certain lookups provide my external IP as the answer. I'm interpreting that as a failed lookup. If that's the case, then how can I get unbound to provide an actual "failed lookup" response rather than my own external IP address?
>>
>> I've looked all over the unbound.conf site and found nothing with respect to this particular problem. The logs don't give me
>>
>> Machine w Unbound# nslookup 96.94.160.167.sbl-xbl.spamhaus.org
>> Server: 127.0.0.2
>> Address: 127.0.0.2#53
>>
>> Non-authoritative answer:
>> Name: 96.94.160.167.sbl-xbl.spamhaus.org.aquawest.net
>> Address: 1xx.1xx.1xx.1xx [my external IP address]
>>
>
> There is probably nothing wrong with Unbound, but your query tool
> (nslookup) appends a local domain name ".aquawest.net" to the
> query. nslookup, as well as the operating system stub-resolver, appends
> the local domain and/or any DNS searchlist in case the original query
> gives a negative response (NXDOMAIN).
>
> You have a wildcard-record on ".aquawest.net"
>
> dig "*.aquawest.net" +noall +answer
>
> ; <<>> DiG 9.10.0-P1 <<>> *.aquawest.net +noall +answer
> ;; global options: +cmd
> *.aquawest.net. 5992 IN A 109.164.249.126
>
> that IP address will be returned on all queries that end in
> ".aquawest.net".
>
> If you don't want that, you can
>
> a) make the domain name you query full qualified by ending with a dot:
> "nslookup 96.94.160.167.sbl-xbl.spamhaus.org."
>
> b) use better DNS query tools than "nslookup" ("dig" or "drill" or
> "unbound-host")
>
> c) remove the local domain/searchlist from the computer's TCP/IP
> configuration you're sending the query from.
>
> --
> Carsten Strotmann
> Email: cas at strotmann.de
> Blog: strotmann.de
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20140726/36d0d5b3/attachment.htm>
More information about the Unbound-users
mailing list