Maintained by: NLnet Labs

[Unbound-users] failing to stub an in-addr.arpa zone

W.C.A. Wijngaards
Tue Oct 21 16:39:47 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

local-zone: "168.192.in-addr.arpa" nodefault

is the entry you need to remove the default NXDOMAIN for queries that
should not be sent to the greater internet by default.

Best regards,
   Wouter

martin f krafft wrote:
> Hi folks,
> 
> I have nsd3 serving on ::1 and unbound stubbing three zones to it.
> Two of those zones work just fine, but the in-addr.arpa zone
> I cannot get to work. Here is the configuration and the zone:
> 
>   stub-zone:
>         name: "14.168.192.in-addr.arpa"
>         stub-addr: ::1
> 
>   * * *
> 
>   $ORIGIN @
>           86400   IN      SOA     ns hostmaster 155299844 7200 3600 604800 3600
>           86400   IN      NS      ns
>   ns      86400   IN      A       127.0.0.1
>   ns      86400   IN      AAAA    ::1
>   [...]
> 
> I can query nsd3 fine with dig @::1.
> 
> When unbound forwards queries to the zone, however, it fails to send
> them to nsd3, even though it seems like it found the delegation.
> Upon startup, unbound seems to determine the delegation point just
> fine:
> 
>   info: DelegationPoint<14.168.192.in-addr.arpa.>: 0 names (0 missing), 1 addrs (0 result, 1 avail)
>   info:    ip6 ::1 port 53 (len 28)
> 
> But when I ask it for data from that zone, I just keep getting
> NXDOMAIN without any entries in the unbound log @verbosity 9.
> 
> piper:~|master|% dig @2001:41e0:ff12::1 a ns.14.168.192.in-addr.arpa
> [...]
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7517
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> [...]
> 
> I see the same problem using 127.0.0.1 instead of ::1. Any idea
> what's going on?
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkj96bMACgkQkDLqNwOhpPgyDQCfdZ0S78M2s8aS2wzl2e2zJxat
+IQAnjZT8d4z4Uz2M4DV0dxADsFme2bN
=VRoL
-----END PGP SIGNATURE-----