Help Needed with Unbound
Ralph Dolmans
ralph at nlnetlabs.nl
Wed Jan 23 10:09:12 UTC 2019
Hi Yogesh,
On 23-01-19 06:15, Yogesh Sharma via Unbound-users wrote:
> I am able to test 2nd scenario and all resolution will be done by dns
> server as mentioned in name: "." (dot). Can some please guide how can we
> route few zones to specific dns server and rest all to google dns.
The most specific match will be used. So in your example all queries
except example.com, example.org and its subdomains will go to the "."
forward-zone.
>
> However, first one is still a problem, when I am using
>
> forward-zone:
> name: "."
> forward-addr: 127.0.0.1 at 5353
>
> it appends search string from resolv.conf.
>
> Eg: is search string is internal.localhost then All example.com
> <http://example.com> name is changing to example.com.internal.localhost.
This is done by the client querying Unbound. Unbound itself does not use
your resolv.conf.
>
> if I put example.com <http://example.com>. (dot at the end) then it
> return server fail.
Check your Unbound logs to see why it is a SERVFAIL. My first guess is
that this is because your zone does not DNSSEC validate. In that case
you might want to have a look at the domain-insecure configuration option.
-- Ralph
>
>
> /Thanks & Regards,
>
> Yogesh Sharma
> /
>
>
> On Wed, Jan 23, 2019 at 9:48 AM Yogesh Sharma <yks0000 at gmail.com
> <mailto:yks0000 at gmail.com>> wrote:
>
> Hi ,
>
> Any suggestion.
>
> /Thanks & Regards,
>
> Yogesh Sharma | yks0000 at gmail.com <mailto:yks0000 at gmail.com> |
> LinkedIn <http://linkedin.com/in/yks0000> | Portal
> <https://yogeshsharma.me/>
> /
>
>
> On Tue, Jan 22, 2019 at 11:44 PM Yogesh Sharma <yks0000 at gmail.com
> <mailto:yks0000 at gmail.com>> wrote:
>
> Hi Team,
>
> I am new to Unbound and need some help.
>
> I need to forward all of request to local dnsmasq running on
> 127.0.0.1 at 5353.
>
> Once I do that, I see all lookup are suffixed with search string
> as present in /etc/resolv.conf and return server fail. If I do
> resolve by explicitly putting "." (dot) at the end, even though
> I get server fail.
>
>
> Version: 1.6.6
>
> Config:
>
>
> server:
> verbosity: 1
> username: root
> interface: 127.0.0.1
> port: 53
> chroot: ""
> do-ip4: yes
> do-udp: yes
> do-tcp: yes
> hide-identity: yes
> hide-version: yes
> msg-cache-size: 50m
> msg-cache-slabs: 4
> rrset-cache-size: 100m
> rrset-cache-slabs: 4
> cache-min-ttl: 300
> cache-max-negative-ttl: 300
> access-control: 0.0.0.0/0 <http://0.0.0.0/0> allow
> logfile: "/var/log/unbound/unbound.log"
> log-identity: root
> log-queries: yes
> log-replies: yes
> pidfile: "/var/log/unbound/unbound.pid"
> prefetch: yes
>
> forward-zone:
> name: "."
> forward-addr: 127.0.0.1 at 5353
>
>
>
> 2nd Question:
>
> considering below forward-zone configuration, will all of name
> lookup will be forwarded to open dns servers
> (208.67.222.222/208.67.220.220
> <http://208.67.222.222/208.67.220.220>) or it will send only
> those name server which are not part of example.com
> <http://example.com> and example.org <http://example.org>
>
> forward-zone:
> name: "."
> forward-addr: 208.67.222.222
> forward-addr: 208.67.220.220
>
> forward-zone:
> name: "example.com <http://example.com>"
> forward-addr: 8.8.8.8
>
> forward-zone:
> name: "example.org <http://example.org>"
> forward-addr: 8.8.4.4
>
>
> Thanks for help.
>
>
>
> /Thanks & Regards,
>
> Yogesh Sharma
> /
>
More information about the Unbound-users
mailing list