Unbound does not response a forwarded query

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Feb 28 08:50:53 UTC 2017 

Hi Adrian,

Unbound waits until the root has done.  But you do not allow these
queries to be done.

You can stop unbound from querying the root NS by setting a forward zone
for the root (".") to somewhere.

Best regards, Wouter

On 28/02/17 06:16, Adrian Zhang via Unbound-users wrote:
> When I check Unbound cache, it shows 
> 
> unbound-control dump_cache|grep mine.intra
> file.mine.intra.86387INA10.3.3.50
> msg file.mine.intra. IN A 33152 1 47 1 1 0 0
> file.mine.intra. IN A 0
> 
> 3 records about file.mine.intra are generated by one client query.
> 
> Adrian
> 
> ------------------ Original ------------------
> *From: * "Adrian Zhang via Unbound-users"<unbound-users at unbound.net>;
> *Date: * Tue, Feb 28, 2017 10:59 AM
> *To: * "unbound-users"<unbound-users at unbound.net>;
> *Subject: * Unbound does not response a forwarded query
>  
> Hi there,
> 
> I am using unbound to forward mine.intra which is a private domain of
> Microsoft Windows Active Directory due to DNS server on Windows server
> has the record.
> 
> first of all, there is a record file.mine.intra created on DNS server on
> Windows, and works for clients via running "dig file.mine.intra
> @IP-OF-WINDOWS".
> Second, create forward configuration in unbound.conf and restart
> Unbound, details are listed below. But Unbound is not able to response
> to client which run "dig file.mine.intra at IP-OF-UNBOUND"
> forward-zone:
>         name: "mine.intra."
>         forward-addr: 10.3.3.21
>         forward-addr: 10.3.3.22
>         forward-first: no
> (10.3.3.21 is dc1 of mine.intra, 10.3.3.22 is dc2 of mine.intra.)
> Finally, I use tcpdump -w to catch packages and save to a file to see
> that happens. Then using Wireshark to open capture file I get below result.
> Time          source.            Dest.               Protocol.          
>  Length.        Info.
> 7.841795   client_ip.          Unbound_ip.     DNS                  76  
>             Standard query 0xb80a A file.mine.intra
> 7.842781   Unbound_ip      Windows_ip.     DNS                  87      
>         Standard query 0xdece A file.mine.intra OPT
> 7.843769.  ReltekU_e9:..   Broadcast         ARP                   60  
>            Who has IP_OF_Unbound? Tell IP_OF_Windows
> 7.843788.  ReltekU_64..    ReltekU_e9:..    ARP                   42    
>          IP_OF_Unbound is at 52:54:00:64:37:c7
> 7.844291.  Windows_ip.     Unbound_ip.     DNS                  103    
>        Standard query response 0xdece A file.mine.intra  A  10.3.3.50 OPT
> 7.844761.  Unbound_ip.     192.8.128.30.   DNS                  70      
>       Standard query 0x8762 NS <ROOT> OPT
> 
> Clearly Windows response the query but Unbound do not receive it and
> forward response to client, however it continually query ROOT DNS. BTW,
> these is also standard private domain forwarding settings (same format
> like above) in the same unbound.conf and works well, such as
> my-private-domain.com forwarded to a BIND server.
> 
> Why this happens and how to make Unbound response client if query a host
> in xxx.intra?
> 
> Thanks in advance.
> 
> Adrian


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20170228/849f4a7c/attachment.bin>

More information about the Unbound-users mailing list