Help forwarding PTR queries from Unbound to Knot DNS
Yorgos Thessalonikefs
yorgos at nlnetlabs.nl
Mon Oct 7 15:50:23 UTC 2024
You would also need to unblock the reverse zone with something like
local-zone: 10.in-addr.arpa. transparent
if you want to use a subzone.
You can read about it at
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#unbound-conf-local-zone-type-nodefault
Best regards,
-- Yorgos
On 07/10/2024 16:49, Petr Menšík via Unbound-users wrote:
> I think you are hitting built-in empty zones for private AS112 address
> ranges. You can query local zone by:
>
> dig @localhost +norec 10.in-addr.arpa soa
>
> If it contains localhost, then unbound is serving own empty zone. You
> need to override 10.in-addr.arpa zone with you content. Local zone data
> is preferred over remote data. Easiest solution would be expanding it to
> whole 10.0.0.0/8, as have been already is recommeded.
>
> You would have to create built-in NS entry pointing to 10.0.0.14.
>
> 10.in-addr.arpa. 600 IN NS your-ns-name.example.net.
>
> Where your-ns-name.example.net. would be whatever10.0.0.14 has as its name.
>
> stub-zone:
> name: "10.in-addr.arpa."
> stub-addr: 10.0.0.14
>
> On 04. 10. 24 22:49, April Conger via Unbound-users wrote:
>> Hi all,
>>
>> I'm setting up Unbound in my home lab and am having trouble forwarding PTR
>> queries to my Knot DNS server. My A queries for `econger.net` work fine,
>> but reverse lookups for the 10.0.0.0/24 range appear to follow the normal
>> recursion path to the root servers, as indicated by my query logs.
>>
>> Here is my test configuration:
>>
>> remote-control:
>> control-enable: yes
>> control-interface: /run/unbound.ctl
>>
>> server:
>> verbosity: 3
>> log-servfail: yes
>> auto-trust-anchor-file: "/var/lib/unbound/root.key"
>> qname-minimisation: yes
>> interface: 10.0.0.11
>> access-control: 10.0.0.0/16 allow
>> private-address: 10.0.0.0/24
>> private-domain: econger.net.
>> private-domain: 0.0.10.in-addr.arpa.
>>
>> stub-zone:
>> name: "econger.net."
>> stub-addr: 10.0.0.14
>>
>> stub-zone:
>> name: "0.0.10.in-addr.arpa."
>> stub-addr: 10.0.0.14
>>
>> While the econger.net stub works fine, the 0.0.10.in-addr.arpa stub does
>> not. I also tried configuring these as forward-zone entries using
>> forward-addr, but I got the same result.
>>
>> Here’s the error I see during reverse lookups:
>>
>> root at raspy1:/etc/unbound# nslookup 10.0.0.1 10.0.0.11
>> ** server can't find 1.0.0.10.in-addr.arpa: NXDOMAIN
>>
>> However, querying the same address directly from my Knot DNS server works
>> fine:
>>
>> root at raspy1:/etc/unbound# nslookup 10.0.0.1 10.0.0.14
>> 1.0.0.10.in-addr.arpa name = fw1.econger.net.
>>
>> I'm using Unbound version 1.19.2-1ubuntu3.2 on Ubuntu 24.04.1 on a
>> Raspberry Pi 3 B+, and Knot DNS version 3.3.4-1.1build2 on the same
>> hardware/OS combo.
>>
>> Any advice on what might be wrong or how to resolve the issue would be
>> greatly appreciated!
>>
>> Thanks,
>> April
>>
> --
> Petr Menšík
> Software Engineer, RHEL
> Red Hat,http://www.redhat.com/
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>
More information about the Unbound-users
mailing list