Hi,
I'm new to nsd/unbound, and maybe I did something wrong, however:
I run i386 snapshot, with nsd/unbound on the same host.
NSD listening on port 5353 is authoritative for 1 forward zone, and two
reverse zones, one IPv4 private addresses, and another IPv6 zone.
The forward zone, and the reverse IPv6 zone, there is no problem.
My unbound config, with the IPv6 zone removed, looks like this:
server:
#interface: 127.0.0.1
#interface: 127.0.0.1@5353 # listen on alternative port
#interface: ::1
# want to listen on all interfaces
interface: 0.0.0.0
interface: ::0
#do-ip6: no
# needed to query nsd on localhost for authoritative answers
do-not-query-localhost: no
# want to allow queries from local subnet and localhost
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 10.0.0.0/24 allow
access-control: ::0/0 refuse
access-control: ::1 allow
hide-identity: yes
hide-version: yes
# Uncomment to enable DNSSEC validation.
#
#auto-trust-anchor-file: "/var/unbound/db/root.key"
# Serve zones authoritatively from Unbound to resolver clients.
# Not for external service.
#
#local-zone: "local." static
#local-data: "mycomputer.local. IN A 192.0.2.51"
# needed to allow resolving of private IP addresses
local-zone: "10.in-addr.arpa." nodefault
#local-data-ptr: "192.0.2.51 mycomputer.local"
# UDP EDNS reassembly buffer advertised to peers. Default 4096.
# May need lowering on broken networks with fragmentation/MTU issues,
# particularly if validating DNSSEC.
#
#edns-buffer-size: 1480
# Use TCP for "forward-zone" requests. Useful if you are making
# DNS requests over an SSH port forwarding.
#
#tcp-upstream: yes
# the stub zones I want to resolve via nsd on localhost
stub-zone:
name: "ds9"
stub-addr: 127.0.0.1@5353
stub-zone:
name: "10.in-addr.arpa."
stub-addr: 127.0.0.1@5353
However, after a reboot of the box, reverse lookup
of any of the configured 10.0.0.X addresses fails. When I
restart unbound, then it just works as expected.
sebastia@wormhole:~/bin> nslookup 10.0.0.27
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find 27.0.0.10.in-addr.arpa.: NXDOMAIN
sebastia@wormhole:~/bin> sudo /etc/rc.d/unbound restart
unbound(ok)
unbound(ok)
sebastia@wormhole:~/bin> nslookup 10.0.0.27
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
27.0.0.10.in-addr.arpa name = wormhole.ds9.
Authoritative answers can be found from:
0.0.10.in-addr.arpa nameserver = wormhole.ds9.
sebastia@wormhole:~> nslookup 10.0.0.37
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find 37.0.0.10.in-addr.arpa.: NXDOMAIN
sebastia@wormhole:~> nslookup 10.0.0.27
sebastia@wormhole:~> sudo /etc/rc.d/unbound restart
unbound(ok)
unbound(ok)
sebastia@wormhole:~> nslookup 10.0.0.37
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
37.0.0.10.in-addr.arpa name = communicator.ds9.
Authoritative answers can be found from:
0.0.10.in-addr.arpa nameserver = wormhole.ds9.
sebastia@wormhole:~>
I have about 30 hosts in that reverse zone configured. The more
often I restart unbound, the better it gets with returning results.
However, when I reboot the machine, then other lookups that
worked before might fail, and vice versa, others may work, I cannot
see a pattern.
Looking at the unbound logs, I see a large amounts of trying
to connect to NSD, and it also gets answers of type THROWAWAY,
until unbound then decides to ask the root servers.
Is maybe my box (soekris net5501) too slow, so that NSD doesn't answer fast
enough? Then, after some restarts of unbound, and queries to NSD, then
NSD has all in memory and then it just works? But then I don't understand
why it works without flaws for the forward zone, and also the IPv6 zone?
Someone has an idea?
Sebastian
OpenBSD 5.5-current (GENERIC) #112: Fri May 16 17:59:07 MDT 2014
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 500
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
real mem = 536375296 (511MB)
avail mem = 515190784 (491MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/80/26, BIOS32 rev. 0 @ 0xfac40
pcibios0 at bios0: rev 2.0 @ 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0: (uniprocessor)
mtrr: K6-family MTRR support (2 registers)
amdmsr0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
0:20:0: io address conflict 0x6100/0x100
0:20:0: io address conflict 0x6200/0x200
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address
00:00:24:c9:d4:98
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5, address
00:00:24:c9:d4:99
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
vr2 at pci0 dev 8 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 9, address
00:00:24:c9:d4:9a
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
vr3 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, address
00:00:24:c9:d4:9b
ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063,
model 0x0034
puc0 at pci0 dev 14 function 0 "Sunix 40XX" rev 0x01: ports: 8 com
com4 at puc0 port 0 irq 10: ti16750, 64 byte fifo
com4: probed fifo depth: 32 bytes
com5 at puc0 port 1 irq 10: ti16750, 64 byte fifo
com5: probed fifo depth: 32 bytes
com6 at puc0 port 2 irq 10: ti16750, 64 byte fifo
com6: probed fifo depth: 32 bytes
com7 at puc0 port 3 irq 10: ti16750, 64 byte fifo
com7: probed fifo depth: 32 bytes
com8 at puc0 port 4 irq 10: ti16750, 64 byte fifo
com8: probed fifo depth: 32 bytes
com9 at puc0 port 5 irq 10: ti16750, 64 byte fifo
com9: probed fifo depth: 32 bytes
com10 at puc0 port 6 irq 10: ti16750, 64 byte fifo
com10: probed fifo depth: 32 bytes
com11 at puc0 port 7 irq 10: ti16750, 64 byte fifo
com11: probed fifo depth: 32 bytes
glxpcib0 at pci0 dev 20 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 32-bit
3579545Hz timer, watchdog, gpio, i2c
gpio0 at glxpcib0: 32 pins
iic0 at glxpcib0
pciide0 at pci0 dev 20 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <SanDisk SDCFH-002G>
wd0: 1-sector PIO, LBA, 1918MB, 3928176 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 21 function 0 "AMD CS5536 USB" rev 0x02: irq 15, version 1.0,
legacy support
ehci0 at pci0 dev 21 function 1 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 10: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (a4df82fb1c05f4dd.a) swap on wd0b dump on wd0b
