From owner-freebsd-questions@freebsd.org Thu Jun 30 16:29:35 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5037CB871CC for ; Thu, 30 Jun 2016 16:29:35 +0000 (UTC) (envelope-from frank@woodcruft.co.uk) Received: from b.painless.aa.net.uk (b.painless.aa.net.uk [81.187.30.52]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1DF4525AA for ; Thu, 30 Jun 2016 16:29:34 +0000 (UTC) (envelope-from frank@woodcruft.co.uk) Received: from woodcruft.co.uk ([81.187.49.114] helo=lime.woodcruft.co.uk) by b.painless.aa.net.uk with esmtp (Exim 4.77) (envelope-from ) id 1bIeDv-00071f-Gg; Thu, 30 Jun 2016 16:49:51 +0100 Received: by lime.woodcruft.co.uk (Postfix, from userid 1001) id 2CCA049FDD; Thu, 30 Jun 2016 16:49:51 +0100 (BST) Date: Thu, 30 Jun 2016 16:49:51 +0100 From: Frank Shute To: Nagy =?iso-8859-1?B?TOFzemzz?= Zsolt Cc: freebsd-questions@freebsd.org Subject: Re: local unbound SERVFAIL without visible reason Message-ID: <20160630154950.GB51480@lime.woodcruft.co.uk> Reply-To: Frank Shute Mail-Followup-To: Nagy =?iso-8859-1?B?TOFzemzz?= Zsolt , freebsd-questions@freebsd.org References: <20f8f670-5e19-bad0-c59e-c06daa1b799a@shopzeus.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20f8f670-5e19-bad0-c59e-c06daa1b799a@shopzeus.com> X-Face: *}~{PHnDTzvXPe'wl_-f%!@+r5; VLhb':*DsX%wEOPg\fDrXWQJf|2\,92"DdS%63t*BHDyQ|OWo@Gfjcd72eaN!4%NE{0]p)ihQ1MyFNtWL X-Operating-System: FreeBSD 10.3-RELEASE-p4 amd64 X-Organisation: 'woodcruft.co.uk' User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2016 16:29:35 -0000 On Wed, Jun 29, 2016 at 12:06:29PM +0200, Nagy Lszl Zsolt wrote: > > System: FreeBSD 10.2-RELEASE > > /etc/rc.conf contains: > > local_unbound_enable="yes" > > My forwarders are: 80.249.168.18 and 87.229.108.201 > > Unbound seems to be running and listening: > > # sockstat -l4 | grep :53 > unbound unbound 69063 5 udp4 127.0.0.1:53 *:* > unbound unbound 69063 6 tcp4 127.0.0.1:53 *:* > > Ports are open to the world (but they should not be): > > # ipfw show | grep 2025 > 02025 12 750 allow udp from any to me dst-port 53 > 02025 0 0 allow tcp from any to me dst-port 53 > > Forwarder was setup correctly: > > # cat /var/unbound/forward.conf > forward-zone: > name: . > forward-addr: 80.249.168.18 > forward-addr: 87.229.108.201 I've got this in unbound.conf: forward-zone: name: "." forward-addr: 8.8.4.4 # Google forward-addr: 8.8.8.8 # Google Note that the period is quoted; maybe that's the problem. > > But it is not working! > > # host google.com 127.0.0.1 > Using domain server: > Name: 127.0.0.1 > Address: 127.0.0.1#53 > Aliases: > > Host google.com not found: 2(SERVFAIL) > > It DOES work with any of the forwarders: > > # host google.com 80.249.168.18 > Using domain server: > Name: 80.249.168.18 > Address: 80.249.168.18#53 > Aliases: > > google.com has address 216.58.209.206 > google.com has IPv6 address 2a00:1450:4001:810::200e > google.com mail is handled by 30 alt2.aspmx.l.google.com. > google.com mail is handled by 20 alt1.aspmx.l.google.com. > google.com mail is handled by 40 alt3.aspmx.l.google.com. > google.com mail is handled by 50 alt4.aspmx.l.google.com. > google.com mail is handled by 10 aspmx.l.google.com. > > There is no error message in log/messages. By default, unbound uses syslog. In the server section of unbound.conf(5), I set: verbosity: 1 which spits out any errors to: /var/log/debug.log You can crank verbosity up to 4 but it shouldn't be necessary. > > How should I find the problem? > HTH. Regards, -- Frank https://woodcruft.co.uk/