From owner-freebsd-questions@freebsd.org  Fri Jan  1 16:57:18 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C482A5D7CA
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri,  1 Jan 2016 16:57:18 +0000 (UTC)
 (envelope-from carlopmart@gmail.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 622AB1DDD
 for <freebsd-questions@freebsd.org>; Fri,  1 Jan 2016 16:57:18 +0000 (UTC)
 (envelope-from carlopmart@gmail.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 5FD7DA5D7C9; Fri,  1 Jan 2016 16:57:18 +0000 (UTC)
Delivered-To: questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F69FA5D7C8
 for <questions@mailman.ysv.freebsd.org>; Fri,  1 Jan 2016 16:57:18 +0000 (UTC)
 (envelope-from carlopmart@gmail.com)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com
 [IPv6:2a00:1450:400c:c09::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 044941DDB
 for <questions@freebsd.org>; Fri,  1 Jan 2016 16:57:17 +0000 (UTC)
 (envelope-from carlopmart@gmail.com)
Received: by mail-wm0-x231.google.com with SMTP id f206so85046913wmf.0
 for <questions@freebsd.org>; Fri, 01 Jan 2016 08:57:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=to:from:subject:message-id:date:user-agent:mime-version
 :content-type:content-transfer-encoding;
 bh=bhoeJMdT69fMLGHrCoLq8Hm2FTe/vFRDt7/s2kBfyrY=;
 b=mdSnf8HuaRw9Fen7/TonYqzxm6orsXZRpaCatEwrzlD3UxyinpvkWNuxaL1jJrsyqc
 SRq18eMv1zk0Sjw1/T152V9KxcQorGQzzfkJ0LEDZ5hyZUloIttgNgO87mQznU2m4tij
 hf4udl7Jr7Ie2otbyaQuFJ5ABqhci5vhJ8Q4rphAwbeILC60wzhLG9yoGQgoTwFLz6jr
 JPKM6lviTuUbbkNlMF/rTh+qDTJQ7A/DIuGw7ycKVuyUFFws3yX9U+0N01eg/C47lXtX
 AE35X2vL2GWfSF+rW4nAmXzzzkRdFjPzG9333TZ6w+6rUBV1TTE2hxcU/3Da9DKiwSHQ
 5Dxg==
X-Received: by 10.28.132.146 with SMTP id g140mr42929395wmd.49.1451667436044; 
 Fri, 01 Jan 2016 08:57:16 -0800 (PST)
Received: from inverness.bcn.sia.es (153.Red-83-45-194.dynamicIP.rima-tde.net.
 [83.45.194.153])
 by smtp.googlemail.com with ESMTPSA id r10sm49653126wjz.24.2016.01.01.08.57.15
 for <questions@freebsd.org> (version=TLSv1/SSLv3 cipher=OTHER);
 Fri, 01 Jan 2016 08:57:15 -0800 (PST)
To: questions@freebsd.org
From: "C.L. Martinez" <carlopmart@gmail.com>
Subject: SERVFAIL errors with FreeBSD using unbound only
Message-ID: <5686AFEA.2020501@gmail.com>
Date: Fri, 1 Jan 2016 16:57:14 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jan 2016 16:57:18 -0000

Hi all,

  I have configured unbound as a cache nameserver in a FreeBSD 10.2 
amd64 (fully patched) host. At the same time, I am using nsd to resolve 
names for my internal hosts.

  But there is a problem: unbound doesn't works/redirect reverse queries 
for IP address to nsd daemon.

  My current unbound.conf:

server:
	interface: 127.0.0.1
	interface: 172.21.55.14
	interface: ::1
	do-ip6: no
	username: unbound
	directory: /var/unbound
	chroot: /var/unbound
	pidfile: /var/run/local_unbound.pid
	auto-trust-anchor-file: /var/unbound/root.key
	access-control: 0.0.0.0/0 refuse
	access-control: 127.0.0.0/8 allow
	access-control: 172.21.55.0/28 allow
	access-control: ::0/0 refuse
	access-control: ::1 allow
	hide-identity: yes
	hide-version: yes
	do-not-query-localhost: no
	

include: /var/unbound/forward.conf
#include: /var/unbound/lan-zones.conf
include: /var/unbound/control.conf
#include: /var/unbound/conf.d/*.conf

stub-zone:
	name: "mydom.org"
	stub-addr: 127.0.0.1@5353

stub-zone:
	name: "21.172.in-addr.arpa"
	stub-addr: 127.0.0.1@5353


nsd is listening on localhost, port 5353. When I try to do some reverse 
query from a linux client:

[root@cstbbvn01 ~]# nslookup
 > 172.21.55.14
Server:		172.21.55.14
Address:	172.21.55.14#53

** server can't find 14.55.21.172.in-addr.arpa: SERVFAIL
 > 172.21.55.1
Server:		172.21.55.14
Address:	172.21.55.14#53

** server can't find 1.55.21.172.in-addr.arpa: SERVFAIL
 > exit


Every time, a servfail is displayed. All other queries works ok. 
Disabling unbound and using nsd only, all works ok also.

Then, what am I doing wrong with unbound??

Thanks.