SERVFAIL on one domain, correct response on another

Toni Mueller support+unbound at
Tue Jul 30 16:29:02 UTC 2019


I am having a strange problem with Unbound 1.6.0-3+deb9u2 on a Debian
Stretch VM.

I have two private zones, zone1 and Since both zones mostly
contain RFC1918 numbers, I have configured:


        private-domain: zone1.
        do-not-query-localhost: no

        name: "zone1."
        forward-addr: at 55

        name: ""
        forward-addr: at 55

On the same host, on port 55, I have coredns running, which serves these
two zones from zone files. Using dig against coredns directly gives me
the answers I want within 50ms. Asking the same questions through unbound for works the same (~50ms), but for zone1, the result is a
SERVFAIL. Using tcpdump on 'lo', I can see that the upstream server
gives the correct reply, it's just unbound somehow not understanding it.

But leaving the dot off does not make any difference.

What gives?


More information about the Unbound-users mailing list