1.7.3 - stub-zone public domain
ѽ҉ᶬḳ℠
vtol at gmx.net
Fri Jul 27 16:19:40 UTC 2018
>>>>> is stub-zone is only serving private domains but not public domains?
>>> stub zones and forward zones are selected closest to the name of the
>>> query. That one is used.
>>>
>>> If you run another (authoritative) server on the same host,
>>> do-not-query-localhost: no is usually necessary to enable unbound to
>>> query it. Otherwise unbound attempts to not get into some sort of loop
>>> by querying localhost (itself in many cases), hence it is off by default.
>> That does not seems to be an issue. BIND-9 as authoritative server is
>> not bound on lo/127.0.0.1 but eth0/172.24.120.10 and port 42053.
> That looks fine to me.
>> The local QDN set in a stub-zone gets resolved just fine by unbound.
>> However, for the public FQDN set in a stub-zone it does not and unbound
>> is querying upstream resolvers instead and I do not see why it should.
>> Is there a hard-coded logic in unbound for FQDN to always (or first) be
>> resolved from upstream servers? The sub-zone is configured as follows:
> No, that should work fine and the stub should be used once configured.
> All I can think of is that some people report that on FreeBSD there is
> at some times confusion and they edit the wrong unbound.conf file, their
> edits are ignored because a different config file is used by unbound.
> (I think because there are separate configs for different instances;
> also Debian has an alternatives mechanism that puts the files in some
> other location or was that Ubuntu).
Not the case here being an ubuntu box with a one unbound.conf with a
separate [ include: "/etc/unbound/stub" ]. Latter is being loaded and
foo.bar is a DelegationPoint (LOG [2] at the bottom) with the corect ip
and port.
Looking then at LOG [1] (bottom) the query via stub is initiated indeed
but then at some point leaps to the upstream resolver:
unbound[14331:0] debug: request has dependency depth of 1
unbound[14331:0] debug: forwarding request
>
> Set verbosity: 4 and see what goes wrong here. At startup it should
> straight away log the stubs and forwards that it read in.
>
> Best regards, Wouter
>
>> stub-zone:
>> name: foo.bar
>> stub-host: dns
>> stub-addr: 172.24.120.10 at 42053
>>
>> Doing a [ dig foo.bar ] unbound is neglecting [ stub-addr:
>> 172.24.120.10 at 42053 ] and heads straight for the upstream resolver. And
>> that does not make sense to me as the dig query is matching the [
>> stub-zone name ]
>>
LOG [1]
unbound[14331:0] info: resolving foo.bar. A IN
unbound[14331:0] debug: request has dependency depth of 0
unbound[14331:0] info: use stub foo.bar. NS IN
unbound[14331:0] debug: cache delegation returns delegpt
unbound[14331:0] info: DelegationPoint<foo.bar.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) cacheNS
unbound[14331:0] info: dns.
unbound[14331:0] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[14331:0] debug: iter_handle processing q with state INIT REQUEST
STATE (stage 2)
unbound[14331:0] info: resolving (init part 2): foo.bar. A IN
unbound[14331:0] info: use stub foo.bar. NS IN
unbound[14331:0] debug: iter_handle processing q with state INIT REQUEST
STATE (stage 3)
unbound[14331:0] info: resolving (init part 3): foo.bar. A IN
unbound[14331:0] debug: iter_handle processing q with state QUERY
TARGETS STATE
unbound[14331:0] info: processQueryTargets: foo.bar. A IN
unbound[14331:0] debug: processQueryTargets: targetqueries 0,
currentqueries 0 sentcount 0
unbound[14331:0] info: DelegationPoint<foo.bar.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) cacheNS
unbound[14331:0] info: dns.
unbound[14331:0] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[14331:0] debug: attempt to get extra 3 targets
unbound[14331:0] info: new target dns. A IN
unbound[14331:0] debug: selrtt 376
unbound[14331:0] info: sending query: foo.bar. A IN
unbound[14331:0] debug: sending to target: <foo.bar.> 172.24.120.10#42053
unbound[14331:0] debug: dnssec status: not expected
unbound[14331:0] debug: EDNS lookup known=0 vs=0
unbound[14331:0] debug: qname perturbed to foo.bar.
unbound[14331:0] debug: serviced query UDP timeout=376 msec
unbound[14331:0] debug: inserted new pending reply id=c71e
unbound[14331:0] debug: opened UDP if=0 port=6899
unbound[14331:0] debug: comm point start listening 58
unbound[14331:0] debug: mesh_run: iterator module exit state is
module_wait_reply
unbound[14331:0] debug: iterator[module 1] operate:
extstate:module_state_initial event:module_event_pass
unbound[14331:0] info: iterator operate: query dns. A IN
unbound[14331:0] debug: iter_handle processing q with state INIT REQUEST
STATE
unbound[14331:0] info: resolving dns. A IN
unbound[14331:0] debug: request has dependency depth of 1
unbound[14331:0] debug: forwarding request
unbound[14331:0] debug: iter_handle processing q with state QUERY
TARGETS STATE
unbound[14331:0] info: processQueryTargets: dns. A IN
unbound[14331:0] debug: processQueryTargets: targetqueries 0,
currentqueries 0 sentcount 0
unbound[14331:0] info: DelegationPoint<.>: 0 names (0 missing), 8 addrs
(0 result, 8 avail) parentNS
unbound[14331:0] debug: attempt to get extra 2 targets
unbound[14331:0] debug: selrtt 376
unbound[14331:0] info: sending query: dns. A IN
unbound[14331:0] debug: sending to target: <.>
LOG [2]
unbound[6400:0] debug: Forward zone server list:
unbound[6400:0] info: DelegationPoint<.>: 0 names (0 missing), 8 addrs
(0 result, 8 avail) parentNS
unbound[6400:0] info: DelegationPoint<foo.bar.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) cacheNS
unbound[6400:0] info: dns.
unbound[6400:0] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:0] info: DelegationPoint<mail.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) parentNS
unbound[6400:0] info: mail.
unbound[6400:0] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:2] debug: Forward zone server list:
unbound[6400:2] info: DelegationPoint<.>: 0 names (0 missing), 8 addrs
(0 result, 8 avail) parentNS
unbound[6400:2] info: DelegationPoint<foo.bar.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) cacheNS
unbound[6400:2] info: dns.
unbound[6400:2] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:2] info: DelegationPoint<mail.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) parentNS
unbound[6400:2] info: mail.
unbound[6400:2] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:1] debug: Forward zone server list:
unbound[6400:1] info: DelegationPoint<.>: 0 names (0 missing), 8 addrs
(0 result, 8 avail) parentNS
unbound[6400:1] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs
(0 result, 26 avail) parentNS
unbound[6400:4] debug: Forward zone server list:
unbound[6400:4] info: DelegationPoint<.>: 0 names (0 missing), 8 addrs
(0 result, 8 avail) parentNS
unbound[6400:3] debug: Forward zone server list:
unbound[6400:5] debug: Forward zone server list:
unbound[6400:3] info: DelegationPoint<.>: 0 names (0 missing), 8 addrs
(0 result, 8 avail) parentNS
unbound[6400:5] info: DelegationPoint<.>: 0 names (0 missing), 8 addrs
(0 result, 8 avail) parentNS
unbound[6400:3] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs
(0 result, 26 avail) parentNS
unbound[6400:1] info: DelegationPoint<foo.bar.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) cacheNS
unbound[6400:5] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs
(0 result, 26 avail) parentNS
unbound[6400:1] info: dns.
unbound[6400:1] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:1] info: DelegationPoint<mail.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) parentNS
unbound[6400:1] info: mail.
unbound[6400:4] info: DelegationPoint<.>: 13 names (0 missing), 26 addrs
(0 result, 26 avail) parentNS
unbound[6400:1] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:3] info: DelegationPoint<foo.bar.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) cacheNS
unbound[6400:3] info: dns.
unbound[6400:3] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:3] info: DelegationPoint<mail.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) parentNS
unbound[6400:3] info: mail.
unbound[6400:3] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:4] info: DelegationPoint<foo.bar.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) cacheNS
unbound[6400:4] info: dns.
unbound[6400:4] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:4] info: DelegationPoint<mail.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) parentNS
unbound[6400:4] info: mail.
unbound[6400:4] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:5] info: DelegationPoint<foo.bar.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) cacheNS
unbound[6400:5] info: dns.
unbound[6400:5] debug: ip4 172.24.120.10 port 42053 (len 16)
unbound[6400:5] info: DelegationPoint<mail.>: 1 names (1 missing), 1
addrs (0 result, 1 avail) parentNS
unbound[6400:5] info: mail.
unbound[6400:5] debug: ip4 172.24.120.10 port 42053 (len 16)
More information about the Unbound-users
mailing list