[Unbound-users] bogus resolution with forwarding and DLV
jan.vcelak at nic.cz
Tue Feb 3 15:27:43 UTC 2015
I'm running Fedora 21 with dnssec-trigger and unbound 1.5.1. The unbound is
configured by the dnssec-trigger to forward all queries to a local-network
validating resolver provided by DHCP.
With this configuration, unbound incorrectly recognizes the fedorapeople.org
domain as bogus. The domain uses DLV, which I guess might cause the problem.
% kdig @::1 jvcelak.fedorapeople.org
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 54325
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; jvcelak.fedorapeople.org. IN A
;; Received 42 B
;; Time 2015-02-03 16:12:33 CET
;; From ::1 at 53(UDP) in 0.1 ms
; Warning: failed to query server ::1 at 53(UDP)
% sudo unbound-control list_forwards
. IN forward x.x.x.x
With +cd, the resolution works. And resolution via the upstream resolver
x.x.x.x works as well. The upstream resolver runs BIND 9.9.6-P1.
When I disable the forwarding, the resolution starts to work again:
% sudo unbound-control forward_remove .
% kdig @::1 +short jvcelak.fedorapeople.org
Is this a bug in Unbound or is my configuration incorrect?
More information about the Unbound-users