Re: unbound reverse DNS problem to local stub zone

Mon, 01 Sep 2014 14:49:25 -0700 

On Monday, September 1, 2014 17:58 CEST, Arthur Mesh <arthurm...@gmail.com> 
wrote: 
 
> On Sun, Jul 27, 2014 at 11:20:43AM +0200, Patrik Lundin wrote:
> > How is/was the reverse zone configured in nsd? I am currently trying to
> > debug an issue i've seen when the stub-zone in unbound is wider ("name:
> > "10.in-addr.arpa") than the zone in nsd (name: "0.0.10.in-addr.arpa").
> > 
> > To me the following is seen:
> > # dig @127.0.0.1 -x 10.0.0.1 <-- works
> > # dig @127.0.0.1 -x 10.0.0.2 <-- fails
> > # dig @127.0.0.1 -x 10.0.0.3 <-- works
> > # dig @127.0.0.1 -x 10.0.0.4 <-- works
> > 
> > Basically the first lookup works, the second ends up at IANA (as if the
> > stub-zone configuration did not exist), and any
> > following lookups work again.
> 
> I have the same exact symptom, unbound.conf:
> 
> server:
>         interface: 127.0.0.1@53
>         interface: 10.10.10.1@53
>         verbosity: 1
>         do-not-query-localhost: no
>         do-ip6: no
>         auto-trust-anchor-file: "/var/unbound/etc/root.key"
> 
>         access-control: 0.0.0.0/0 refuse
>         access-control: 127.0.0.0/8 allow
>         access-control: 10.10.0.0/16 allow
>         access-control: ::0/0 refuse
>         access-control: ::1 allow
> 
>         hide-identity: yes
>         hide-version: yes
> 
> local-zone: "10.in-addr.arpa." nodefault
> 
> stub-zone:
>         name: "10.in-addr.arpa."
>         stub-addr: 127.0.0.1@5353
> 
> 
> # dig -p53 @127.0.0.1 -x 10.10.10.2 +short # works
> # dig -p53 @127.0.0.1 -x 10.10.10.1 +short # doesnt
> 
> If I dig directly to nsd, via -p5353
> # dig -p5353 @127.0.0.1 -x 10.10.10.2 +short # works
> # dig -p5353 @127.0.0.1 -x 10.10.10.1 +short # works
> 
> I have no good explanation as to what's going on. I've tried this on current
> (as opposed to 5.5), and issue does NOT go away.
> 
> On the NSD side, I have two zones
> 
> zone:
>         name: 10.10.10.in-addr.arpa.
>         zonefile: "db.10.10.10"
> 
> zone:
>         name: 11.10.10.in-addr.arpa.
>         zonefile: "db.10.10.11"
> 
 
 Not that I can explain it, but for me it helped on the unbound side to:

1. switch the local-zone from nondefault to transparent
2. make the stub-zone: name: match the zone names in nsd, for you
means, create two stub zones, for each of your zones you have in nsd.

Sebastian

Reply via email to