stable/10: unbound refuses to forward some DNS queries
Dmitry Morozovsky
marck at rinet.ru
Sun Jun 29 15:39:33 UTC 2014
On Sun, 29 Jun 2014, Konstantin Belousov wrote:
> On Sun, Jun 29, 2014 at 03:28:26PM +0400, Dmitry Morozovsky wrote:
> > Dear colleagues,
> >
> > after upgrading my home file server to stable/10 I found that after turning on
> > local unbound reverse DNS queries for my RFC1918 zone stop working:
[snip]
> > Any hints? Or did I missed something trivial?
>
> I think, yes, you are supposed to spend a hour reading the unbound.conf
> man page, without skipping of a single config option. Otherwise,
> making unbound(8) work as local caching resolver for the private
> network is impossible. The 'log-queries' and 'verbosity' would
> allow to see what is going on.
>
> For the fake home. TLD and 192.168/16 network, I have to tell
> unbound that the zones are not signed, and it is fine to forward
> RFC1918 addresses to the upstream.
>
> I use the following magic (for upstream forwarder 192.168.102.80).
> No idea if this could be simplified.
>
> domain-insecure: "home."
> domain-insecure: "168.192.in-addr.arpa."
> private-domain: "home."
> local-zone: "168.192.in-addr.arpa." transparent
> stub-zone:
> name: "168.192.in-addr.arpa."
> stub-addr: 192.168.102.80
Thank you so much, it works like a charm.
I do not have special TLD for forward resolving, and for me the following
subset seems to be enough:
#suggested by kib@
domain-insecure: "168.192.in-addr.arpa."
local-zone: "168.192.in-addr.arpa." transparent
--
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer: marck at FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru ***
------------------------------------------------------------------------
More information about the freebsd-stable
mailing list