unbound appending internal domain to all DNS requests

Petr Špaček petr.spacek at nic.cz
Wed Oct 31 14:14:44 UTC 2018 

Hello,

On 30. 10. 18 20:14, Andrew Meyer via Unbound-users wrote:
> Hello,
> I am running unbound on CentOS 7 (latest) using Unbound 1.6.6.  While
> doing a tcpdump to my destination DNS server I can see that unbound is
> appending my internal zone to everything.  

I bet this is caused by client so I would recommend you to verify what
queries Unbound receives from client side. Typically this is caused by
messy `search` directive in resolv.conf or simialar config.

Take away: Never ever use `search` directive.

Petr Špaček  @  CZ.NIC


> 
> Here is my config:
> ]# cat /etc/unbound/unbound.conf|grep -v '#'
> server:
> 
> verbosity: 3
> 
> statistics-interval: 0
> 
> statistics-cumulative: no
> 
> extended-statistics: yes
> 
> num-threads: 4
> 
>  interface: x.x.x.x
> 
> interface-automatic: no
> 
>  so-rcvbuf: 4m
> 
>  so-sndbuf: 4m
> 
> cache-max-negative-ttl: 10
> 
> do-ip4: yes
> 
> do-ip6: no
> 
> do-udp: yes
> 
> do-tcp: yes
> 
> do-daemonize: yes
> 
> access-control: 0.0.0.0/0 refuse
> access-control: x.x.x.x/16 allow
> 
> chroot: ""
> 
> username: "unbound"
> 
> directory: "/etc/unbound"
> 
> logfile: "/var/log/unbound.log"
> 
> 
> log-time-ascii: yes
> 
> pidfile: "/var/run/unbound/unbound.pid"
> 
> harden-glue: yes
> 
> harden-dnssec-stripped: yes
> 
> harden-below-nxdomain: yes
> 
> harden-referral-path: yes
> 
> use-caps-for-id: no
> 
> unwanted-reply-threshold: 10000000
> 
> do-not-query-localhost: yes
> 
> prefetch: yes
> 
> prefetch-key: yes
> 
> rrset-roundrobin: yes
> 
> minimal-responses: yes
> 
> module-config: "iterator"
> 
> trusted-keys-file: /etc/unbound/keys.d/*.key
> auto-trust-anchor-file: "/var/lib/unbound/root.key"
> 
> val-clean-additional: yes
> 
> val-permissive-mode: no
> 
> val-log-level: 1
> 
> include: /etc/unbound/local.d/*.conf
> 
> include: /etc/unbound/conf.d/*.conf
> 
> 
> 19:12:51.822564 IP 10.1.6.247.49589 > 10.10.0.31.domain: 18798+% [1au]
> A? grafana.example.com.example.net. (70)
> 19:12:51.822735 IP 10.10.0.31.domain > 10.1.6.247.49589: 18798 NXDomain*
> 0/1/1 (132)
> 19:12:51.823203 IP 10.1.6.247.8795 > 10.10.0.31.domain: 14439+% [1au]
> AAAA? grafana.example.com.example.net. (70)
> 19:12:51.823280 IP 10.10.0.31.domain > 10.1.6.247.8795: 14439 NXDomain*
> 0/1/1 (132)
> 19:12:54.020532 IP 10.1.6.247.59429 > 10.10.0.31.domain: 3647+ A?
> unbound01.stl1.example.net. (49)
> 19:12:54.020640 IP 10.10.0.31.domain > 10.1.6.247.59429: 3647* 1/6/6 A
> 10.1.6.247 (315)
> 19:12:54.056951 IP 10.1.6.247.45906 > 10.10.0.31.domain: 52440+ A?
> unbound01.stl1.example.net. (49)

More information about the Unbound-users mailing list