Maintained by: NLnet Labs

[Unbound-users] unbound-1.4.7 fails to resolve on simple configuration

Andrew Savchenko
Wed Dec 8 01:35:04 CET 2010


Hello,

I'm trying to setup simple caching resolver using unbound-1.4.7, but
it fails to work and seems to fall into infinite loop. This is my
config:

server:
    interface: 0.0.0.0
    access-control: 127.0.0.1/32 allow
    verbosity: 5
    do-ip6: no

Then I run unbound-host kernel.org -C /etc/unbound/unbound.conf >
unbound.log 2>&1 to test. You can see what happens in the attached
file unbound.log. Program was terminated using ^C eventually. Running
unbound daemon gives the same result.

Unbound-1.4.7 is compiled on Gentoo with expat-2.0.1-r3,
libevent-1.4.14b-r1, openssl-1.0.0c, ldns-1.6.7 (with ssl support).
It was compiled without python and threads support (target system has
single core CPU without HT, thus no need for threads). However, I
tried to rebuild it with threads support and it still fails in the
same way.

Via tcpdump I can see all these packets sent (see unbound.log), but
no replies. Bind on the same host works without any problems. I tried
to stop bind during testing using unbound-host to exclude any
interference, but this does not help.

I tried to fetch the latest root hints from
ftp://FTP.INTERNIC.NET/domain/named.cache and add a path to config
file:
    root-hints: "/etc/unbound/named.cache"
but this doesn't help a bit.

Of course, my final setup will be more complicated. It's a sore fact,
but more complicated things work, while simple resolver fails. When
I use nsd daemon for local zone it works well (for local zone
queries):

server:
    interface: 0.0.0.0
    access-control: 127.0.0.1/32 allow
    verbosity: 5
    do-ip6: no
    private-domain: "campus.local"
    do-not-query-localhost: no

stub-zone:
    name: "10.in-addr.arpa"
    name: "16.172.in-addr.arpa"
    name: "17.172.in-addr.arpa"
    name: "18.172.in-addr.arpa"
    name: "19.172.in-addr.arpa"
    name: "31.172.in-addr.arpa"
    name: "81.168.192.in-addr.arpa"
    name: "campus.local"
    stub-addr: 127.0.0.1 at 10053

And another note: without "do-not-query-localhost: no" option nsd
running on 127.0.0.1:10053 will not be queried, this is not so
obvious and it will be great to point it out somewhere in the
documentation.

With provider's dns or google open dns used as forwarders for "." zone
unbound works as well:

server:
    interface: 0.0.0.0
    access-control: 127.0.0.1/32 allow
    verbosity: 5
    do-ip6: no

forward-zone:
    name: "."
    forward-addr: 8.8.8.8

Output of unbound-host kernel.org -C /etc/unbound/unbound.conf >
unbound-forward.log 2>&1 is in the file unbound-forward.log.

But I want to use unbound's own resolver, and I have absolutely no
idea what to do now: either I hit some grave bug or I deeply
misunderstand how unbound should work. Any help will be appreciated.

Best regards,
Andrew Savchenko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound.log.bz2
Type: application/x-bzip
Size: 6276 bytes
Desc: not available
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20101208/6f957934/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound-forward.log.bz2
Type: application/x-bzip
Size: 2546 bytes
Desc: not available
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20101208/6f957934/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20101208/6f957934/attachment.pgp>