Unbound can't resolve certain domains

Robert Senger robert.senger at lists.microscopium.de
Thu Oct 17 12:36:46 UTC 2019 

Hint: freebsd.org is dnssec enabled, google.com is not.

Can you resolve other dnssec enabled domains, e.g. internetsociety.org?

R.

Am Donnerstag, den 17.10.2019, 15:29 +0330 schrieb Javad Kouhi via
Unbound-users:
> Hello, unbound-users.
> 
> I'm using Unbound 1.8.1 on FreeBSD 12.0-RELEASE. It works fine with
> the majority of domains, but it can't resolve one particular domain,
> FreeBSD.org. Everything else works perfectly. I'm able to resolve the
> FreeBSD.org domain when using another nameserver (8.8.8.8 for
> example).
> 
> ~ # cat /etc/resolv.conf
> nameserver 127.0.0.1
> ========================
> ~ # drill google.com
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26913
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;; google.com.  IN      A
> 
> ;; ANSWER SECTION:
> google.com.     126     IN      A       216.58.206.206
> 
> ;; AUTHORITY SECTION:
> 
> ;; ADDITIONAL SECTION:
> 
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1
> ;; WHEN: Thu Oct 17 13:58:11 2019
> ;; MSG SIZE  rcvd: 44
> ==========================
> ~ # drill freebsd.org
> Error: error sending query: Could not send or receive, because of
> network
> error
> ==========================
> ~ # echo "nameserver 8.8.8.8" > /etc/resolv.conf
> 
> ~ # drill freebsd.org
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 41634
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;; freebsd.org. IN      A
> 
> ;; ANSWER SECTION:
> freebsd.org.    3454    IN      A       96.47.72.84
> 
> ;; AUTHORITY SECTION:
> 
> ;; ADDITIONAL SECTION:
> 
> ;; Query time: 45 msec
> ;; SERVER: 8.8.8.8
> ;; WHEN: Thu Oct 17 14:00:02 2019
> ;; MSG SIZE  rcvd: 45
> 
> It works when I change the nameserver to 8.8.8.8. It's strange
> because
> other domains work fine with local unbound, it's just the
> FreeBSD.org.
> 
> This is my config (generated by local-unbound-setup):
> ~ # cat /etc/unbound/unbound.conf /etc/unbound/lan-zones.conf
> /etc/unbound/control.conf
> # This file was generated by local-unbound-setup.
> # Modifications will be overwritten.
> server:
>         username: unbound
>         directory: /var/unbound
>         chroot: /var/unbound
>         pidfile: /var/run/local_unbound.pid
>         auto-trust-anchor-file: /var/unbound/root.key
>         interface: 0.0.0.0
>         access-control: 10.8.0.0/16 allow
> 
> include: /var/unbound/lan-zones.conf
> include: /var/unbound/control.conf
> # This file was generated by local-unbound-setup.
> # Modifications will be overwritten.
> server:
>         # Unblock reverse lookups for LAN addresses
>         unblock-lan-zones: yes
>         insecure-lan-zones: yes
> # This file was generated by local-unbound-setup.
> # Modifications will be overwritten.
> remote-control:
>         control-enable: yes
>         control-interface: /var/run/local_unbound.ctl
>         control-use-cert: no
-- 
Robert Senger

More information about the Unbound-users mailing list