On Sun, Jul 27, 2014 at 11:20:43AM +0200, Patrik Lundin wrote:
> How is/was the reverse zone configured in nsd? I am currently trying to
> debug an issue i've seen when the stub-zone in unbound is wider ("name:
> "10.in-addr.arpa") than the zone in nsd (name: "0.0.10.in-addr.arpa").
>
> To me the following is seen:
> # dig @127.0.0.1 -x 10.0.0.1 <-- works
> # dig @127.0.0.1 -x 10.0.0.2 <-- fails
> # dig @127.0.0.1 -x 10.0.0.3 <-- works
> # dig @127.0.0.1 -x 10.0.0.4 <-- works
>
> Basically the first lookup works, the second ends up at IANA (as if the
> stub-zone configuration did not exist), and any
> following lookups work again.
I have the same exact symptom, unbound.conf:
server:
interface: 127.0.0.1@53
interface: 10.10.10.1@53
verbosity: 1
do-not-query-localhost: no
do-ip6: no
auto-trust-anchor-file: "/var/unbound/etc/root.key"
access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: 10.10.0.0/16 allow
access-control: ::0/0 refuse
access-control: ::1 allow
hide-identity: yes
hide-version: yes
local-zone: "10.in-addr.arpa." nodefault
stub-zone:
name: "10.in-addr.arpa."
stub-addr: 127.0.0.1@5353
# dig -p53 @127.0.0.1 -x 10.10.10.2 +short # works
# dig -p53 @127.0.0.1 -x 10.10.10.1 +short # doesnt
If I dig directly to nsd, via -p5353
# dig -p5353 @127.0.0.1 -x 10.10.10.2 +short # works
# dig -p5353 @127.0.0.1 -x 10.10.10.1 +short # works
I have no good explanation as to what's going on. I've tried this on current
(as opposed to 5.5), and issue does NOT go away.
On the NSD side, I have two zones
zone:
name: 10.10.10.in-addr.arpa.
zonefile: "db.10.10.10"
zone:
name: 11.10.10.in-addr.arpa.
zonefile: "db.10.10.11"
