unbound and nsd on the same machine - what am I missing?

Jan Komissar (jkomissa) jkomissa at cisco.com
Tue Apr 28 18:53:53 UTC 2020


If you are using a stub-zone for any of the as112 zones (incl. rfc-1918 zones) You must do one of three things.

  1.  You can set “unblock-lan-zones: yes”, but that will make *all* lan zone queries be resolved upstream (this may be frowned upon).
  2.  If you don’t want that, your choices are:

     *   If your zone is a subzone of one of the as112 zones, you must add “local-zone: <your .arpa zone> transparent”.
     *   If your zone equals or encloses one those zones, you must add:  “local-zone: <your .arpa zone> nodefault”.

Good Luck,


From: Unbound-users <unbound-users-bounces at lists.nlnetlabs.nl> on behalf of bofh via Unbound-users <unbound-users at lists.nlnetlabs.nl>
Reply-To: bofh <goodb0fh at gmail.com>
Date: Tuesday, April 28, 2020 at 1:37 PM
To: Mike Kazantsev <mk.fraggod at gmail.com>
Cc: "unbound-users at lists.nlnetlabs.nl" <unbound-users at lists.nlnetlabs.nl>
Subject: Re: unbound and nsd on the same machine - what am I missing?

I took out local-zone: 10.10.10.in-addr.arpa and no changes.

I added private-address:<> and no changes.
I changed private-address to<> and I can't look up hosts on my internal network any more (both reverse and forward lookups failed).

This is driving me nuts... :(
Does anyone have a simple working config that they are willing to share, with unbound and bind or unbound and nsd on the same server?  In a private address space.

Thank you so much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200428/4c16a9dd/attachment.htm>

More information about the Unbound-users mailing list