Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Jun 2014 19:39:29 +0400 (MSK)
From:      Dmitry Morozovsky <marck@rinet.ru>
To:        Konstantin Belousov <kostikbel@gmail.com>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: stable/10: unbound refuses to forward some DNS queries
Message-ID:  <alpine.BSF.2.00.1406291933560.36231@woozle.rinet.ru>
In-Reply-To: <20140629145905.GG93733@kib.kiev.ua>
References:  <alpine.BSF.2.00.1406291514140.36231@woozle.rinet.ru> <20140629145905.GG93733@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Sun, 29 Jun 2014, Konstantin Belousov wrote:

> On Sun, Jun 29, 2014 at 03:28:26PM +0400, Dmitry Morozovsky wrote:
> > Dear colleagues,
> > 
> > after upgrading my home file server to stable/10 I found that after turning on 
> > local unbound reverse DNS queries for my RFC1918 zone stop working:

[snip]

> > Any hints? Or did I missed something trivial?
> 
> I think, yes, you are supposed to spend a hour reading the unbound.conf
> man page, without skipping of a single config option.  Otherwise, 
> making unbound(8) work as local caching resolver for the private
> network is impossible.  The 'log-queries' and 'verbosity' would
> allow to see what is going on.
> 
> For the fake home. TLD and 192.168/16 network, I have to tell
> unbound that the zones are not signed, and it is fine to forward
> RFC1918 addresses to the upstream.
> 
> I use the following magic (for upstream forwarder 192.168.102.80).
> No idea if this could be simplified.
> 
> 	domain-insecure: "home."
> 	domain-insecure: "168.192.in-addr.arpa."
> 	private-domain: "home."
> 	local-zone: "168.192.in-addr.arpa." transparent
> 	stub-zone:
> 		name:	"168.192.in-addr.arpa."
> 		stub-addr:	192.168.102.80

Thank you so much, it works like a charm.

I do not have special TLD for forward resolving, and for me the following 
subset seems to be enough:

        #suggested by kib@
        domain-insecure: "168.192.in-addr.arpa."
        local-zone: "168.192.in-addr.arpa." transparent


-- 
Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer:                                 marck@FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1406291933560.36231>