Unbound can't resolve certain domains

Javad Kouhi javad.kouhi at gmail.com
Thu Oct 17 17:05:13 UTC 2019


Thank you for the hint.

internetsociety.org works fine. But I just noticed many of the DNSSEC-enabled
domains don't work. Also, some domains that don't use DNSSEC don't work.
lucidsolutions.co.nz is an example.

On Thu, Oct 17, 2019 at 4:06 PM Robert Senger
<robert.senger at lists.microscopium.de> wrote:
>
> Hint: freebsd.org is dnssec enabled, google.com is not.
>
> Can you resolve other dnssec enabled domains, e.g. internetsociety.org?
>
> R.
>
> Am Donnerstag, den 17.10.2019, 15:29 +0330 schrieb Javad Kouhi via
> Unbound-users:
> > Hello, unbound-users.
> >
> > I'm using Unbound 1.8.1 on FreeBSD 12.0-RELEASE. It works fine with
> > the majority of domains, but it can't resolve one particular domain,
> > FreeBSD.org. Everything else works perfectly. I'm able to resolve the
> > FreeBSD.org domain when using another nameserver (8.8.8.8 for
> > example).
> >
> > ~ # cat /etc/resolv.conf
> > nameserver 127.0.0.1
> > ========================
> > ~ # drill google.com
> > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26913
> > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> > ;; QUESTION SECTION:
> > ;; google.com.  IN      A
> >
> > ;; ANSWER SECTION:
> > google.com.     126     IN      A       216.58.206.206
> >
> > ;; AUTHORITY SECTION:
> >
> > ;; ADDITIONAL SECTION:
> >
> > ;; Query time: 1 msec
> > ;; SERVER: 127.0.0.1
> > ;; WHEN: Thu Oct 17 13:58:11 2019
> > ;; MSG SIZE  rcvd: 44
> > ==========================
> > ~ # drill freebsd.org
> > Error: error sending query: Could not send or receive, because of
> > network
> > error
> > ==========================
> > ~ # echo "nameserver 8.8.8.8" > /etc/resolv.conf
> >
> > ~ # drill freebsd.org
> > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 41634
> > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> > ;; QUESTION SECTION:
> > ;; freebsd.org. IN      A
> >
> > ;; ANSWER SECTION:
> > freebsd.org.    3454    IN      A       96.47.72.84
> >
> > ;; AUTHORITY SECTION:
> >
> > ;; ADDITIONAL SECTION:
> >
> > ;; Query time: 45 msec
> > ;; SERVER: 8.8.8.8
> > ;; WHEN: Thu Oct 17 14:00:02 2019
> > ;; MSG SIZE  rcvd: 45
> >
> > It works when I change the nameserver to 8.8.8.8. It's strange
> > because
> > other domains work fine with local unbound, it's just the
> > FreeBSD.org.
> >
> > This is my config (generated by local-unbound-setup):
> > ~ # cat /etc/unbound/unbound.conf /etc/unbound/lan-zones.conf
> > /etc/unbound/control.conf
> > # This file was generated by local-unbound-setup.
> > # Modifications will be overwritten.
> > server:
> >         username: unbound
> >         directory: /var/unbound
> >         chroot: /var/unbound
> >         pidfile: /var/run/local_unbound.pid
> >         auto-trust-anchor-file: /var/unbound/root.key
> >         interface: 0.0.0.0
> >         access-control: 10.8.0.0/16 allow
> >
> > include: /var/unbound/lan-zones.conf
> > include: /var/unbound/control.conf
> > # This file was generated by local-unbound-setup.
> > # Modifications will be overwritten.
> > server:
> >         # Unblock reverse lookups for LAN addresses
> >         unblock-lan-zones: yes
> >         insecure-lan-zones: yes
> > # This file was generated by local-unbound-setup.
> > # Modifications will be overwritten.
> > remote-control:
> >         control-enable: yes
> >         control-interface: /var/run/local_unbound.ctl
> >         control-use-cert: no
> --
> Robert Senger
>
>



More information about the Unbound-users mailing list