unbound appending internal domain to all DNS requests
Petr Špaček
petr.spacek at nic.cz
Wed Oct 31 14:14:44 UTC 2018
Hello,
On 30. 10. 18 20:14, Andrew Meyer via Unbound-users wrote:
> Hello,
> I am running unbound on CentOS 7 (latest) using Unbound 1.6.6. While
> doing a tcpdump to my destination DNS server I can see that unbound is
> appending my internal zone to everything.
I bet this is caused by client so I would recommend you to verify what
queries Unbound receives from client side. Typically this is caused by
messy `search` directive in resolv.conf or simialar config.
Take away: Never ever use `search` directive.
Petr Špaček @ CZ.NIC
>
> Here is my config:
> ]# cat /etc/unbound/unbound.conf|grep -v '#'
> server:
>
> verbosity: 3
>
> statistics-interval: 0
>
> statistics-cumulative: no
>
> extended-statistics: yes
>
> num-threads: 4
>
> interface: x.x.x.x
>
> interface-automatic: no
>
> so-rcvbuf: 4m
>
> so-sndbuf: 4m
>
> cache-max-negative-ttl: 10
>
> do-ip4: yes
>
> do-ip6: no
>
> do-udp: yes
>
> do-tcp: yes
>
> do-daemonize: yes
>
> access-control: 0.0.0.0/0 refuse
> access-control: x.x.x.x/16 allow
>
> chroot: ""
>
> username: "unbound"
>
> directory: "/etc/unbound"
>
> logfile: "/var/log/unbound.log"
>
>
> log-time-ascii: yes
>
> pidfile: "/var/run/unbound/unbound.pid"
>
> harden-glue: yes
>
> harden-dnssec-stripped: yes
>
> harden-below-nxdomain: yes
>
> harden-referral-path: yes
>
> use-caps-for-id: no
>
> unwanted-reply-threshold: 10000000
>
> do-not-query-localhost: yes
>
> prefetch: yes
>
> prefetch-key: yes
>
> rrset-roundrobin: yes
>
> minimal-responses: yes
>
> module-config: "iterator"
>
> trusted-keys-file: /etc/unbound/keys.d/*.key
> auto-trust-anchor-file: "/var/lib/unbound/root.key"
>
> val-clean-additional: yes
>
> val-permissive-mode: no
>
> val-log-level: 1
>
> include: /etc/unbound/local.d/*.conf
>
> include: /etc/unbound/conf.d/*.conf
>
>
> 19:12:51.822564 IP 10.1.6.247.49589 > 10.10.0.31.domain: 18798+% [1au]
> A? grafana.example.com.example.net. (70)
> 19:12:51.822735 IP 10.10.0.31.domain > 10.1.6.247.49589: 18798 NXDomain*
> 0/1/1 (132)
> 19:12:51.823203 IP 10.1.6.247.8795 > 10.10.0.31.domain: 14439+% [1au]
> AAAA? grafana.example.com.example.net. (70)
> 19:12:51.823280 IP 10.10.0.31.domain > 10.1.6.247.8795: 14439 NXDomain*
> 0/1/1 (132)
> 19:12:54.020532 IP 10.1.6.247.59429 > 10.10.0.31.domain: 3647+ A?
> unbound01.stl1.example.net. (49)
> 19:12:54.020640 IP 10.10.0.31.domain > 10.1.6.247.59429: 3647* 1/6/6 A
> 10.1.6.247 (315)
> 19:12:54.056951 IP 10.1.6.247.45906 > 10.10.0.31.domain: 52440+ A?
> unbound01.stl1.example.net. (49)
More information about the Unbound-users
mailing list