Maintained by: NLnet Labs

[Unbound-users] Unbound fails to stub-zone to localhost

W.C.A. Wijngaards
Wed Oct 1 15:28:39 CEST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

What is the NS RRset of local.zone ?
dig @127.0.0.1 local.zone NS
Unbound will send to the servers named in the NS set in preference to
the configured 127.0.0.1.   From the below, it could be that the NS set
is either empty or 192.168.14.1 for example.

This may help you. In svn trunk I recently fixed unbound so that you can
run with stub-addr: 127.0.0.1 at 10053  with NSD running on port 10053 on
localhost.   When you use the '@' for port notation (in the svn trunk
version) the NS record set is not used in preference.

option (d) should have worked, I think.  Maybe there is something else
amiss.  If this doesn't work, tell me what unbound says when verbosity:
4 is set.

Best regards,
   Wouter

martin f krafft wrote:
> Hi,
> 
> I am trying to get unbound, bound to eth0, to forward queries for
> local zones to nsd running on 127.0.0.1.
> 
> nsd works authoritatively, I have verified this with dig.
> 
> Also, when I use pdns-recursor to forward to nsd, it all works.
> 
> However, with unbound, I get SERVFAIL from unbound, which reports:
> 
>   unbound: [1269:0] info: processQueryTargets: <local.zone. NS IN>
>   unbound: [1269:0] debug: out of query targets -- returning SERVFAIL
> 
> in the logs. My configuration is as follows. What could be the
> problem?
> 
>   server:
>     verbosity: 1
>     interface: 192.168.14.1
>     cache-max-ttl: 1800
>     access-control: 0.0.0.0/0 refuse
>     access-control: 127.0.0.0/8 allow
>     access-control: 192.168.14.0/24 allow
>     chroot: ""
>     do-not-query-localhost: no
>   stub-zone:
>     name: "local.zone"
>     stub-addr: 127.0.0.1
> 
> I have tried
> 
> (a) forward-zone for local.zone and .
> (b) stub-zone for local.zone and forward-zone for .
> (c) only stub-zone for local.zone and root-hints for .
> (d) only forward-zone for local.zone and root-hints for .
> (e)/(f) like (c)/(d) without explicit root-hints
> 
> but in none of these cases could I make it work.
> 
> Any clues?
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjjewcACgkQkDLqNwOhpPgtUACgiLjwPa/YZubbwMV2dqOZO3hR
FzwAmwaiOQH3GnGZ6SaMRnvwVE4YTHee
=E/Qb
-----END PGP SIGNATURE-----