Unbound does not forward query to NSD

François RONVAUX francois.ronvaux at gmail.com
Wed Mar 24 22:33:55 UTC 2021 

Hello,


I have a server running both NSD and Unbound.

The problem is that Unbound does not seem to redirect the queries for "
mydomain.net" to NSD as it should.


NSD listening interface : "ip_address_ns1" (this is the external interface
facing Internet)
NSD master authoritative zone : "mydomain.net"
NSD master server of the zone : "ns1.mydomain.net"



# Unbound config file.
#=====================
server:
        do-ip6: no
        do-ip4: yes
        do-tcp: yes
        do-udp: yes

        interface: 127.0.0.1
        port: 53

        verbosity: 1
        statistics-cumulative: yes
        extended-statistics: yes

        access-control: 0.0.0.0/0 refuse
        access-control: 127.0.0.0/8 allow

        hide-identity: yes
        hide-version: yes

        root-hints: "/var/unbound/db/root.hints"
        auto-trust-anchor-file: "/var/unbound/db/root.key"
        module-config: "validator iterator"

        harden-glue: yes
        harden-algo-downgrade: no
        harden-dnssec-stripped: yes
        harden-below-nxdomain: yes
        harden-referral-path: yes
        aggressive-nsec: yes
        use-caps-for-id: yes
        qname-minimisation: yes
        val-clean-additional: yes

        cache-min-ttl: 3600
        cache-max-ttl: 86400
        prefetch: yes
        prefetch-key: yes

        unwanted-reply-threshold: 10000

        do-not-query-localhost: no

forward-zone:
       name: "mydomain.net."
       forward-addr: ip_address_ns1     # ns1.mydomain.net
       forward-addr: ip_address_ns2     # ns2.mydomain.net

# End of File.
#=============



If I understand well the result of a "dig +trace mydomain.net", it seems
that the query goes outside my server to the "." DNS servers and after
".net" DNS servers instead of going directly to "address_ip_ns1" or
"address_ip_ns2" :


root at ns1 [23:07:48]:~$ dig +trace mydomain.net

; <<>> dig 9.10.8-P1 <<>> +trace mydomain.net
;; global options: +cmd
[...]
.                       518400  IN      NS      m.root-servers.net.
;; Received 1097 bytes from 198.41.0.4#53(198.41.0.4) in 12 ms

[...]
net.                    172800  IN      NS      m.gtld-servers.net.
;; Received 1169 bytes from 199.7.83.42#53(l.root-servers.net) in 8 ms

mydomain.net.           172800  IN      NS      ns1.mydomain.net.
mydomain.net.           172800  IN      NS      ns2.mydomain.net.
;; Received 658 bytes from 192.31.80.30#53(d.gtld-servers.net) in 6 ms

mydomain.net.           3600    IN      A       ip_address
mydomain.net.           3600    IN      NS      ns1.mydomain.net.
mydomain.net.           3600    IN      NS      ns2.mydomain.net.
;; Received 125 bytes from ip_address_ns1#53(ns1.mydomain.net) in 0 ms


Do you have any suggestions ?


Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20210324/65796510/attachment.htm>

More information about the Unbound-users mailing list