Maintained by: NLnet Labs

[Unbound-users] stub-zone reverse problem

john
Tue Jan 26 18:58:39 CET 2010


Hi,
I run unbound as a resolver and I've configured it with a stub zone for 
reverse DNS on a local subnet we use internally, however it doesn't seem 
to send the requests for the zone to the IP specified in the sub-zone 
config. I looked in the archives and found someone else with a similar 
problem:

  http://www.unbound.net/pipermail/unbound-users/2009-May/000583.html

The solution there also works for me. Before this, I had configured 
unbound with:

stub-zone:
   name: "10.10.10.in-addr.arpa."
   stub-addr: a.b.c.d

and with that config I get an answer like this from unbound:



; <<>> DiG 9.5.1-P3 <<>> -t ns 10.10.10.in-addr.arpa. @x.x.x.x
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16381
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;10.10.10.in-addr.arpa.         IN      NS

;; AUTHORITY SECTION:
10.in-addr.arpa.        10800   IN      SOA     localhost. nobody.invalid. 1 3600 1200 604800 10800


If I then apply the 'fix' from the post above:

"local-zone: "10.in-addr.arpa." nodefault"

It answers correctly with the details from the server specified in the 
stub address.

I am not serving any zones from unbound- it is acting purely as a resolver 
so this seems like unbound is serving the 10.in-addr.arpa. authority bit 
when it hasn't been configured to do so. Any ideas why it's doing this?

I'm using the Debian Lenny package (1.0.2-1+lenny1) on this box, but it 
seems to do the same with 1.4.1 built from source.

john