Maintained by: NLnet Labs

[Unbound-users] Unbound fails to stub-zone to localhost

martin f krafft
Wed Oct 1 14:44:20 CEST 2008


Hi,

I am trying to get unbound, bound to eth0, to forward queries for
local zones to nsd running on 127.0.0.1.

nsd works authoritatively, I have verified this with dig.

Also, when I use pdns-recursor to forward to nsd, it all works.

However, with unbound, I get SERVFAIL from unbound, which reports:

  unbound: [1269:0] info: processQueryTargets: <local.zone. NS IN>
  unbound: [1269:0] debug: out of query targets -- returning SERVFAIL

in the logs. My configuration is as follows. What could be the
problem?

  server:
    verbosity: 1
    interface: 192.168.14.1
    cache-max-ttl: 1800
    access-control: 0.0.0.0/0 refuse
    access-control: 127.0.0.0/8 allow
    access-control: 192.168.14.0/24 allow
    chroot: ""
    do-not-query-localhost: no
  stub-zone:
    name: "local.zone"
    stub-addr: 127.0.0.1

I have tried

(a) forward-zone for local.zone and .
(b) stub-zone for local.zone and forward-zone for .
(c) only stub-zone for local.zone and root-hints for .
(d) only forward-zone for local.zone and root-hints for .
(e)/(f) like (c)/(d) without explicit root-hints

but in none of these cases could I make it work.

Any clues?

-- 
martin | http://madduck.net/ | http://two.sentenc.es/
 
someday we'll find it
the rainbow connection
the lovers, the dreamers,
and me!
                                                             -- kermit
 
spamtraps: madduck.bogus at madduck.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20081001/d2d26431/attachment.pgp>