Help Needed with Unbound
Yogesh Sharma
yks0000 at gmail.com
Thu Jan 24 09:17:36 UTC 2019
Thank you Ralph. I will check and get back to you.
*Thanks & Regards,Yogesh Sharma*
On Wed, Jan 23, 2019 at 3:40 PM Ralph Dolmans via Unbound-users <
unbound-users at nlnetlabs.nl> wrote:
> Hi Yogesh,
>
> On 23-01-19 06:15, Yogesh Sharma via Unbound-users wrote:
> > I am able to test 2nd scenario and all resolution will be done by dns
> > server as mentioned in name: "." (dot). Can some please guide how can we
> > route few zones to specific dns server and rest all to google dns.
>
> The most specific match will be used. So in your example all queries
> except example.com, example.org and its subdomains will go to the "."
> forward-zone.
>
> >
> > However, first one is still a problem, when I am using
> >
> > forward-zone:
> > name: "."
> > forward-addr: 127.0.0.1 at 5353
> >
> > it appends search string from resolv.conf.
> >
> > Eg: is search string is internal.localhost then All example.com
> > <http://example.com> name is changing to example.com.internal.localhost.
>
> This is done by the client querying Unbound. Unbound itself does not use
> your resolv.conf.
>
> >
> > if I put example.com <http://example.com>. (dot at the end) then it
> > return server fail.
>
> Check your Unbound logs to see why it is a SERVFAIL. My first guess is
> that this is because your zone does not DNSSEC validate. In that case
> you might want to have a look at the domain-insecure configuration option.
>
> -- Ralph
>
> >
> >
> > /Thanks & Regards,
> >
> > Yogesh Sharma
> > /
> >
> >
> > On Wed, Jan 23, 2019 at 9:48 AM Yogesh Sharma <yks0000 at gmail.com
> > <mailto:yks0000 at gmail.com>> wrote:
> >
> > Hi ,
> >
> > Any suggestion.
> >
> > /Thanks & Regards,
> >
> > Yogesh Sharma | yks0000 at gmail.com <mailto:yks0000 at gmail.com> |
> > LinkedIn <http://linkedin.com/in/yks0000> | Portal
> > <https://yogeshsharma.me/>
> > /
> >
> >
> > On Tue, Jan 22, 2019 at 11:44 PM Yogesh Sharma <yks0000 at gmail.com
> > <mailto:yks0000 at gmail.com>> wrote:
> >
> > Hi Team,
> >
> > I am new to Unbound and need some help.
> >
> > I need to forward all of request to local dnsmasq running on
> > 127.0.0.1 at 5353.
> >
> > Once I do that, I see all lookup are suffixed with search string
> > as present in /etc/resolv.conf and return server fail. If I do
> > resolve by explicitly putting "." (dot) at the end, even though
> > I get server fail.
> >
> >
> > Version: 1.6.6
> >
> > Config:
> >
> >
> > server:
> > verbosity: 1
> > username: root
> > interface: 127.0.0.1
> > port: 53
> > chroot: ""
> > do-ip4: yes
> > do-udp: yes
> > do-tcp: yes
> > hide-identity: yes
> > hide-version: yes
> > msg-cache-size: 50m
> > msg-cache-slabs: 4
> > rrset-cache-size: 100m
> > rrset-cache-slabs: 4
> > cache-min-ttl: 300
> > cache-max-negative-ttl: 300
> > access-control: 0.0.0.0/0 <http://0.0.0.0/0> allow
> > logfile: "/var/log/unbound/unbound.log"
> > log-identity: root
> > log-queries: yes
> > log-replies: yes
> > pidfile: "/var/log/unbound/unbound.pid"
> > prefetch: yes
> >
> > forward-zone:
> > name: "."
> > forward-addr: 127.0.0.1 at 5353
> >
> >
> >
> > 2nd Question:
> >
> > considering below forward-zone configuration, will all of name
> > lookup will be forwarded to open dns servers
> > (208.67.222.222/208.67.220.220
> > <http://208.67.222.222/208.67.220.220>) or it will send only
> > those name server which are not part of example.com
> > <http://example.com> and example.org <http://example.org>
> >
> > forward-zone:
> > name: "."
> > forward-addr: 208.67.222.222
> > forward-addr: 208.67.220.220
> >
> > forward-zone:
> > name: "example.com <http://example.com>"
> > forward-addr: 8.8.8.8
> >
> > forward-zone:
> > name: "example.org <http://example.org>"
> > forward-addr: 8.8.4.4
> >
> >
> > Thanks for help.
> >
> >
> >
> > /Thanks & Regards,
> >
> > Yogesh Sharma
> > /
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190124/45e909aa/attachment.htm>
More information about the Unbound-users
mailing list