Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jun 2016 16:49:51 +0100
From:      Frank Shute <frank@woodcruft.co.uk>
To:        Nagy =?iso-8859-1?B?TOFzemzz?= Zsolt <gandalf@shopzeus.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: local unbound SERVFAIL without visible reason
Message-ID:  <20160630154950.GB51480@lime.woodcruft.co.uk>
In-Reply-To: <20f8f670-5e19-bad0-c59e-c06daa1b799a@shopzeus.com>
References:  <20f8f670-5e19-bad0-c59e-c06daa1b799a@shopzeus.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jun 29, 2016 at 12:06:29PM +0200, Nagy Lszl Zsolt wrote:
>
> System: FreeBSD 10.2-RELEASE
> 
> /etc/rc.conf contains:
> 
> local_unbound_enable="yes"
> 
> My forwarders are: 80.249.168.18 and 87.229.108.201
> 
> Unbound seems to be running and listening:
> 
> # sockstat -l4 | grep :53
> unbound unbound 69063 5 udp4 127.0.0.1:53 *:*
> unbound unbound 69063 6 tcp4 127.0.0.1:53 *:*
> 
> Ports are open to the world (but they should not be):
> 
> # ipfw show | grep 2025
> 02025 12 750 allow udp from any to me dst-port 53
> 02025 0 0 allow tcp from any to me dst-port 53
> 
> Forwarder was setup correctly:
> 
> # cat /var/unbound/forward.conf
> forward-zone:
> name: .
> forward-addr: 80.249.168.18
> forward-addr: 87.229.108.201

I've got this in unbound.conf:

forward-zone:
      name: "."
      forward-addr: 8.8.4.4        # Google
      forward-addr: 8.8.8.8        # Google

Note that the period is quoted; maybe that's the problem.

> 
> But it is not working!
> 
> # host google.com 127.0.0.1
> Using domain server:
> Name: 127.0.0.1
> Address: 127.0.0.1#53
> Aliases:
> 
> Host google.com not found: 2(SERVFAIL)
> 
> It DOES work with any of the forwarders:
> 
> # host google.com 80.249.168.18
> Using domain server:
> Name: 80.249.168.18
> Address: 80.249.168.18#53
> Aliases:
> 
> google.com has address 216.58.209.206
> google.com has IPv6 address 2a00:1450:4001:810::200e
> google.com mail is handled by 30 alt2.aspmx.l.google.com.
> google.com mail is handled by 20 alt1.aspmx.l.google.com.
> google.com mail is handled by 40 alt3.aspmx.l.google.com.
> google.com mail is handled by 50 alt4.aspmx.l.google.com.
> google.com mail is handled by 10 aspmx.l.google.com.
> 
> There is no error message in log/messages.

By default, unbound uses syslog. In the server section of unbound.conf(5), I
set:

 verbosity: 1

which spits out any errors to: /var/log/debug.log

You can crank verbosity up to 4 but it shouldn't be necessary.

> 
> How should I find the problem?
> 

HTH.


Regards,

-- 

Frank

https://woodcruft.co.uk/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160630154950.GB51480>