unbound and nsd on the same machine - what am I missing?

Jan Komissar (jkomissa) jkomissa at cisco.com
Tue Apr 28 19:29:49 UTC 2020 

Oops, In B.2 It should be “local-zone: <AS112 .arpa zone> nodefault”.

Sorry,

Jan.

From: Unbound-users <unbound-users-bounces at lists.nlnetlabs.nl> on behalf of "Jan Komissar (jkomissa) via Unbound-users" <unbound-users at lists.nlnetlabs.nl>
Reply-To: "Jan Komissar (jkomissa)" <jkomissa at cisco.com>
Date: Tuesday, April 28, 2020 at 3:02 PM
To: bofh <goodb0fh at gmail.com>, Mike Kazantsev <mk.fraggod at gmail.com>
Cc: "unbound-users at lists.nlnetlabs.nl" <unbound-users at lists.nlnetlabs.nl>
Subject: Re: unbound and nsd on the same machine - what am I missing?

Hi,

If you are using a stub-zone for any of the as112 zones (incl. rfc-1918 zones) You must do one of three things.

  1.  You can set “unblock-lan-zones: yes”, but that will make *all* lan zone queries be resolved upstream (this may be frowned upon).
  2.  If you don’t want that, your choices are:

     *   If your zone is a subzone of one of the as112 zones, you must add “local-zone: <your .arpa zone> transparent”.
     *   If your zone equals or encloses one those zones, you must add:  “local-zone: <your .arpa zone> nodefault”.

Good Luck,

Jan.

From: Unbound-users <unbound-users-bounces at lists.nlnetlabs.nl> on behalf of bofh via Unbound-users <unbound-users at lists.nlnetlabs.nl>
Reply-To: bofh <goodb0fh at gmail.com>
Date: Tuesday, April 28, 2020 at 1:37 PM
To: Mike Kazantsev <mk.fraggod at gmail.com>
Cc: "unbound-users at lists.nlnetlabs.nl" <unbound-users at lists.nlnetlabs.nl>
Subject: Re: unbound and nsd on the same machine - what am I missing?

I took out local-zone: 10.10.10.in-addr.arpa and no changes.

I added private-address: 10.10.10.0/24<http://10.10.10.0/24> and no changes.
I changed private-address to 10.0.0.0/8<http://10.0.0.0/8> and I can't look up hosts on my internal network any more (both reverse and forward lookups failed).

This is driving me nuts... :(
Does anyone have a simple working config that they are willing to share, with unbound and bind or unbound and nsd on the same server?  In a private address space.

Thank you so much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20200428/bf3e16f9/attachment-0001.htm>

More information about the Unbound-users mailing list