Help forwarding PTR queries from Unbound to Knot DNS

Petr Menšík pemensik at redhat.com
Mon Oct 7 14:49:22 UTC 2024 

I think you are hitting built-in empty zones for private AS112 address 
ranges. You can query local zone by:

dig @localhost +norec 10.in-addr.arpa soa

If it contains localhost, then unbound is serving own empty zone. You 
need to override 10.in-addr.arpa zone with you content. Local zone data 
is preferred over remote data. Easiest solution would be expanding it to 
whole 10.0.0.0/8, as have been already is recommeded.

You would have to create built-in NS entry pointing to 10.0.0.14.

10.in-addr.arpa. 600 IN NS your-ns-name.example.net.

Where your-ns-name.example.net. would be whatever10.0.0.14 has as its name.

stub-zone:
   name: "10.in-addr.arpa."
   stub-addr: 10.0.0.14

On 04. 10. 24 22:49, April Conger via Unbound-users wrote:
> Hi all,
>
> I'm setting up Unbound in my home lab and am having trouble forwarding PTR
> queries to my Knot DNS server. My A queries for `econger.net` work fine,
> but reverse lookups for the 10.0.0.0/24 range appear to follow the normal
> recursion path to the root servers, as indicated by my query logs.
>
> Here is my test configuration:
>
> remote-control:
>    control-enable: yes
>    control-interface: /run/unbound.ctl
>
> server:
>    verbosity: 3
>    log-servfail: yes
>    auto-trust-anchor-file: "/var/lib/unbound/root.key"
>    qname-minimisation: yes
>    interface: 10.0.0.11
>    access-control: 10.0.0.0/16 allow
>    private-address: 10.0.0.0/24
>    private-domain: econger.net.
>    private-domain: 0.0.10.in-addr.arpa.
>
> stub-zone:
>    name: "econger.net."
>    stub-addr: 10.0.0.14
>
> stub-zone:
>    name: "0.0.10.in-addr.arpa."
>    stub-addr: 10.0.0.14
>
> While the econger.net stub works fine, the 0.0.10.in-addr.arpa stub does
> not. I also tried configuring these as forward-zone entries using
> forward-addr, but I got the same result.
>
> Here’s the error I see during reverse lookups:
>
> root at raspy1:/etc/unbound# nslookup 10.0.0.1 10.0.0.11
> ** server can't find 1.0.0.10.in-addr.arpa: NXDOMAIN
>
> However, querying the same address directly from my Knot DNS server works
> fine:
>
> root at raspy1:/etc/unbound# nslookup 10.0.0.1 10.0.0.14
> 1.0.0.10.in-addr.arpa name = fw1.econger.net.
>
> I'm using Unbound version 1.19.2-1ubuntu3.2 on Ubuntu 24.04.1 on a
> Raspberry Pi 3 B+, and Knot DNS version 3.3.4-1.1build2 on the same
> hardware/OS combo.
>
> Any advice on what might be wrong or how to resolve the issue would be
> greatly appreciated!
>
> Thanks,
> April
>
-- 
Petr Menšík
Software Engineer, RHEL
Red Hat,http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20241007/901d49e3/attachment-0001.htm>

More information about the Unbound-users mailing list