Am Donnerstag, den 25.06.2015, 11:42 +0100 schrieb Graham Stephens:
> I'm trying to replace several boxes (firewall, file server, mail
> server)
> with one virtualized one. [..]
So actually you do not want to serve names of a domain (say
"thestephensdomain.com") to the Internet, but you want the OpenBSD box
to resolve names on behalf of it's clients in the LAN.
Short answer: Do not use NSD, use unbound.
> ifconfig lo: [..]
I requested this information, because of your queries being resolved
sometimes, sometimes not. Just wanted to be sure that there are not
multiple kinds of DNS servers running on multiple lo interfaces.
> resolv.conf (no .tail):
>
> lookup bind files
> search domain.com
> nameserver 127.0.0.1
> nameserver 208.67.222.222
This explains, why a local lookup without specifying the resolvers name
works: nslookup will use the NSD first, NSD will return "forbidden",
nslookup will then proceed to 208.67.222.222 which gives you the
expected answer.
David
