Maintained by: NLnet Labs

[Unbound-users] private-address behaviour

Aaron Hopkins
Thu Jan 27 22:50:41 CET 2011


On Thu, 27 Jan 2011, W.C.A. Wijngaards wrote:

> ##########################################################################
> ## ez-pine-gpg v0.4h ## http://Business-PHP.com/opensource/ez-pine-gpg/
> ## Thu Jan 27 13:50:31 PST 2011 ## namshub.die.net
> ##########################################################################
> gpg: Signature made Thu Jan 27 04:26:16 2011 PST using DSA key ID 03A1A4F8
> gpg: Can't check signature: public key not found
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> %%%%%%%%%%%% Something went wrong --- See above for more info %%%%%%%%%%%%
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Jakub,
>
> On 01/27/2011 11:57 AM, Jakub Heichman wrote:
>> Greetings,
>>
>> After configuring private-address (and private-domain) entries I was
>> hoping that unbound would simply strip the private IP addresses from
>> responses.
>> However in my testing (unbound 1.4.8 and previous versions) I'm seeing
>> that the queries will SERVFAIL, also for domains whose NS records point
>> to a name that resolves to a private address, for example:
>
> Yes this is caused by line 648 of iterator/iter_scrub.c.  This is
> extra-paranoid, since it can also just strip off the offending record.
>
>> I'm wondering if this is expected behaviour? Should I be seeing SERVFAIL
>> (note long query time) or NOERROR/NODATA with private data stripped?
>
> If you comment out that line you get the behaviour with NOERROR/NODATA
> with private data stripped.
>
> Best regards,
>   Wouter
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk1BZGgACgkQkDLqNwOhpPiGLwCeJ4Cv3je+RXR3Ordsmsanq6zw
> jDMAnRwlwzcBC6zvdebb5+PgN0TEHNzm
> =DSZd
> -----END PGP SIGNATURE-----
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 


                                     -- Aaron