unbound refuses all requests

Wed Nov 10 16:50:11 UTC 2021

get a little bit more weird....
now i restored my old /etc/unbound after recompiling unbound ( gentoo here )

and now it works, for 3-5 requests, the all gets refused for 2-5 time, then
again it works .............

Nov 10 17:45:40 supabunka unbound: [25308:1] debug: refused query from ip4
192.168.100.250 port 46375 (len 16)
Nov 10 17:45:40 supabunka unbound: [25308:1] debug: refuse[49:0]
F8EF012000010000000000010568656973650264650000010001000029100000000000000C000A00088C5B88DE810B4E51

Nov 10 17:45:41 supabunka unbound: [25308:0] debug: refused query from ip4
192.168.100.250 port 35973 (len 16)
Nov 10 17:45:41 supabunka unbound: [25308:0] debug: refuse[49:0]
E435012000010000000000010568656973650264650000010001000029100000000000000C000A00086F442F3E1085BEC4

Nov 10 17:45:42 supabunka unbound: [25308:0] debug: refused query from ip4
192.168.100.250 port 47549 (len 16)
Nov 10 17:45:42 supabunka unbound: [25308:0] debug: refuse[49:0]
E282012000010000000000010568656973650264650000010001000029100000000000000C000A0008164EF19ADE91C82B

Nov 10 17:45:43 supabunka unbound: [15016:0] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:43 supabunka unbound: [15016:0] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:44 supabunka unbound: [15016:1] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:44 supabunka unbound: [15016:0] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:45 supabunka unbound: [25308:1] debug: refused query from ip4
192.168.100.250 port 42903 (len 16)
Nov 10 17:45:45 supabunka unbound: [25308:1] debug: refuse[49:0]
0405012000010000000000010568656973650264650000010001000029100000000000000C000A000802A39D4249FC8122

Nov 10 17:45:46 supabunka unbound: [15016:1] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:46 supabunka unbound: [15016:0] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:47 supabunka unbound: [15016:0] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:48 supabunka unbound: [25308:0] debug: refused query from ip4
192.168.100.250 port 60897 (len 16)
Nov 10 17:45:48 supabunka unbound: [25308:0] debug: refuse[49:0]
94F8012000010000000000010568656973650264650000010001000029100000000000000C000A0008FDE3D3761C97A8E6

Nov 10 17:45:48 supabunka unbound: [15016:1] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:49 supabunka unbound: [25308:1] debug: refused query from ip4
192.168.100.250 port 56333 (len 16)
Nov 10 17:45:49 supabunka unbound: [25308:1] debug: refuse[49:0]
5BA0012000010000000000010568656973650264650000010001000029100000000000000C000A0008E6D09CF006EB79CA

Nov 10 17:45:50 supabunka unbound: [25308:1] debug: refused query from ip4
192.168.100.250 port 51644 (len 16)
Nov 10 17:45:50 supabunka unbound: [25308:1] debug: refuse[49:0]
D265012000010000000000010568656973650264650000010001000029100000000000000C000A000806A0F484B7116F44

Nov 10 17:45:50 supabunka unbound: [25308:0] debug: refused query from ip4
192.168.100.250 port 43169 (len 16)
Nov 10 17:45:50 supabunka unbound: [25308:0] debug: refuse[49:0]
B03F012000010000000000010568656973650264650000010001000029100000000000000C000A00086D6B50DB2A5D793A

Nov 10 17:45:51 supabunka unbound: [25308:1] debug: refused query from ip4
192.168.100.250 port 46039 (len 16)
Nov 10 17:45:51 supabunka unbound: [25308:1] debug: refuse[49:0]
E9C4012000010000000000010568656973650264650000010001000029100000000000000C000A0008E0C502BE546710D5

Nov 10 17:45:51 supabunka unbound: [25308:0] debug: refused query from ip4
192.168.100.250 port 58388 (len 16)
Nov 10 17:45:51 supabunka unbound: [25308:0] debug: refuse[49:0]
57E5012000010000000000010568656973650264650000010001000029100000000000000C000A00082D348BC4E793E329

Nov 10 17:45:52 supabunka unbound: [15016:1] info: 192.168.100.250 heise.de.
A IN
Nov 10 17:45:53 supabunka unbound: [25308:1] debug: refused query from ip4
192.168.100.250 port 60796 (len 16)
Nov 10 17:45:53 supabunka unbound: [25308:1] debug: refuse[49:0]
C4C1012000010000000000010568656973650264650000010001000029100000000000000C000A0008EB597D2D491C91B6

Nov 10 17:45:53 supabunka unbound: [25308:1] debug: refused query from ip4
192.168.100.250 port 58593 (len 16)
Nov 10 17:45:53 supabunka unbound: [25308:1] debug: refuse[49:0]
774B012000010000000000010568656973650264650000010001000029100000000000000C000A00085C4AD0BCF67BE7E9

Nov 10 17:45:54 supabunka unbound: [15016:0] info: 192.168.100.250 heise.de.
A IN

any ideas?

marko

Am Mi., 10. Nov. 2021 um 16:51 Uhr schrieb Johannes B. Kernel <
weberzbf at gmail.com>:

> even when i add your access config line:
>
> supabunka /etc/unbound # dig @192.168.110.250 heise.de
>
> ; <<>> DiG 9.16.15 <<>> @192.168.110.250 heise.de
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 21149
> ;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; Query time: 0 msec
> ;; SERVER: 192.168.110.250#53(192.168.110.250)
> ;; WHEN: Wed Nov 10 16:50:37 CET 2021
> ;; MSG SIZE  rcvd: 12
>
>
>
> Am Mi., 10. Nov. 2021 um 16:48 Uhr schrieb George Thessalonikefs via
> Unbound-users <unbound-users at lists.nlnetlabs.nl>:
>
>> Hi Johannes,
>>
>> Unbound by default only listens on localhost.
>> You would need to configure 'access-control:' to allow client netblocks
>> to query Unbound.
>>
>>  From your example I guess that something like
>>         access-control: 192.168.0.0/16 allow
>> would allow most of your clients to connect.
>>
>> Best regards,
>> -- George
>>
>> On 10/11/2021 16:39, Johannes B. Kernel via Unbound-users wrote:
>> > hello list,
>> >
>> > unbound refuses all requests on my machine.
>> > google dns server works fine, tested already.
>> >
>> >
>> > my unbound.conf looks like:
>> >
>> > server:
>> >
>> > statistics-cumulative: yes
>> > extended-statistics: yes
>> > log-queries: yes
>> > log-servfail: yes
>> > verbosity: 9
>> > val-log-level: 2
>> >
>> > interface: 192.168.100.250
>> > interface: 116.202.87.165
>> > interface: 192.168.120.251
>> > interface: 192.168.110.250
>> >
>> > outgoing-interface: 192.168.100.250
>> > outgoing-interface: 192.168.110.250
>> > outgoing-interface: 192.168.120.251
>> > outgoing-interface: 116.202.87.165
>> > num-threads: 2
>> >
>> > include: /etc/unbound/unbound.conf.d/name_solving.conf
>> > include: /etc/unbound/unbound.conf.d/privacy_options.conf
>> > include: /etc/unbound/unbound.conf.d/cache_options.conf
>> > include: /etc/unbound/unbound.conf.d/dnssec_options.conf
>> > include: /etc/unbound/unbound.conf.d/blacklist.conf
>> > include: /etc/unbound/unbound.conf.d/local_names.conf
>> > include: /etc/unbound/unbound.conf.d/opennic_names.conf
>> > include: /etc/unbound/unbound.conf.d/forwarders.conf
>> >
>> > remote-control:
>> >        control-enable: yes
>> >
>> >
>> > can anyone help with am idea?
>> >
>> > best regards
>> > marko
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20211110/0bf1daf8/attachment.htm>