SERVFAIL on one domain, correct response on another

Toni Mueller support+unbound at oeko.net
Tue Jul 30 16:29:02 UTC 2019


Hi,

I am having a strange problem with Unbound 1.6.0-3+deb9u2 on a Debian
Stretch VM.

I have two private zones, zone1 and zone1.net. Since both zones mostly
contain RFC1918 numbers, I have configured:

---------------------
server:
        ...

        private-domain: zone1.
        private-domain: zone1.net.
        do-not-query-localhost: no

forward-zone:
        name: "zone1."
        forward-addr: 127.0.0.1 at 55

forward-zone:
        name: "zone1.net."
        forward-addr: 127.0.0.1 at 55
---------------------


On the same host, on port 55, I have coredns running, which serves these
two zones from zone files. Using dig against coredns directly gives me
the answers I want within 50ms. Asking the same questions through unbound for
zone1.net works the same (~50ms), but for zone1, the result is a
SERVFAIL. Using tcpdump on 'lo', I can see that the upstream server
gives the correct reply, it's just unbound somehow not understanding it.

But leaving the dot off does not make any difference.


What gives?


Cheers,
Toni




More information about the Unbound-users mailing list