From owner-freebsd-questions@freebsd.org Wed Jun 29 10:06:32 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2BC5DB86ED1 for ; Wed, 29 Jun 2016 10:06:32 +0000 (UTC) (envelope-from gandalf@shopzeus.com) Received: from shopzeus.com (shopzeus.com [87.229.70.149]) by mx1.freebsd.org (Postfix) with ESMTP id E62952622 for ; Wed, 29 Jun 2016 10:06:31 +0000 (UTC) (envelope-from gandalf@shopzeus.com) Received: from [127.127.127.127] (localhost [127.127.127.127]) (Authenticated sender: gandalf) by shopzeus.com (Postfix) with ESMTPSA id 867C0889CCEC for ; Wed, 29 Jun 2016 06:06:29 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shopzeus.com; s=shopzeus_com; t=1467194789; bh=H3QB2ymlnJB38q79/ukjFRIiDO0YGWsr4lSbbntwzNM=; h=To:From:Subject:Date:From; b=TbRfF6DgvJv+EXHGImhk501CSyqKHfplfahESMnJ54G1RCPmOdY9/jmozeJv7HsR6 SVvnTfYwibuZJvBuKRtoLH/wiA/JvsZcJWQD+P3F+QsqFplZrXVTtHADAg3OENIF96 tflZD3vPeHtMARkTkWYeG/qYmaBNBQ8bmHuSIsZQnQqnZR1pc05kqApXEKXrxn/efl /eQ2mIdo6+Rclzq7X2uMOBRRnKLh92NGazrIy29fPTJUKETuiIGJSfRqNEVI9K3bzM gkEEYXuIbLwV4vNVH1+3bowJFmHuQqMclLG+n49Ny4fEEn20qrm6hPwdQLoXCUWEwL T3eUwagN0CWhg== To: freebsd-questions@freebsd.org From: =?UTF-8?Q?Nagy_L=c3=a1szl=c3=b3_Zsolt?= Subject: local unbound SERVFAIL without visible reason Message-ID: <20f8f670-5e19-bad0-c59e-c06daa1b799a@shopzeus.com> Date: Wed, 29 Jun 2016 12:06:29 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 10:06:32 -0000 System: FreeBSD 10.2-RELEASE /etc/rc.conf contains: local_unbound_enable=3D"yes" My forwarders are: 80.249.168.18 and 87.229.108.201 Unbound seems to be running and listening: # sockstat -l4 | grep :53 unbound unbound 69063 5 udp4 127.0.0.1:53 *:* unbound unbound 69063 6 tcp4 127.0.0.1:53 *:* Ports are open to the world (but they should not be): # ipfw show | grep 2025 02025 12 750 allow udp from any to me dst-port 53 02025 0 0 allow tcp from any to me dst-port 53 Forwarder was setup correctly: # cat /var/unbound/forward.conf forward-zone: name: . forward-addr: 80.249.168.18 forward-addr: 87.229.108.201 But it is not working! # host google.com 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: Host google.com not found: 2(SERVFAIL) It DOES work with any of the forwarders: # host google.com 80.249.168.18 Using domain server: Name: 80.249.168.18 Address: 80.249.168.18#53 Aliases: google.com has address 216.58.209.206 google.com has IPv6 address 2a00:1450:4001:810::200e google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. There is no error message in log/messages. How should I find the problem?