unbound fetches DNS record from nsd but does not return it to client
Patrik Lundin
patrik at sigterm.se
Sat Aug 1 08:33:28 UTC 2015
On Fri, Jul 31, 2015 at 10:36:34PM -0400, Sonic via Unbound-users wrote:
> I doubt that
> local-zone: "1.168.192.in-addr.arpa" nodefault
> is necessary since you're defining it as a stub-zone.
>
This is actually necessary. I just tested on my firewall at home, and if
I remove "local-zone: "168.192.in-addr.arpa." nodefault" I will get the unbound
default NXDOMAIN even if I still have my stub-zone declaration:
===
stub-zone:
name: "1.168.192.in-addr.arpa"
stub-addr: 127.0.0.1
===
However, the configuration is still wrong since "nodefault" only works on the
specific RFC1918 boundaries, and not anything below. If I change this:
---
local-zone: "168.192.in-addr.arpa." nodefault
---
... to this:
---
local-zone: "1.168.192.in-addr.arpa." nodefault
---
I again get the unbound default NXDOMAIN even if it looks like it matches what
I want better. As you have pointed out to me on openbsd-misc in the
past, the correct configuration to use in the latter case is this:
---
local-zone: "1.168.192.in-addr.arpa." transparent
---
This is only mentioned in passing in the man page for unbound.conf and I had
missed it completely before you pointed it out to me here:
http://marc.info/?l=openbsd-misc&m=140647222022445&w=2
This is probably my biggest pet peeve in the unbound configuration :).
This of course does not relate to the main question in the thread, but I am
pretty sure reverse lookups does not currently work either for the above
reasons.
--
Patrik Lundin
More information about the Unbound-users
mailing list