Maintained by: NLnet Labs

[Unbound-users] rDNS for fd::/8

Arni Birgisson
Wed Mar 27 17:34:40 CET 2013


Oops - a little bit to quick to hit reply.
Didn't see that in your current config.

--Arni


On Mar 27, 2013, at 4:33 PM, Arni Birgisson <arnib at menandmice.com> wrote:

> This might be because of the default local-data in unbound for RFC4193 addresses.
> 
> http://www.unbound.net/documentation/unbound.conf.html (ctrl-F RFC4193)
> 
> If that is the cause, you can remove it with
>                    local-zone: D.F.ip6.arpa. nodefault
> 
> -- Arni
> 
> 
> Arni Birgisson
> Professional Services
> Men & Mice
> Hlidarsmari 15, IS-201, Kopavogur, Iceland
> Phone: +354 412 1500
> Email:  arnib at menandmice.com
> www.menandmice.com
>  
> First Choice in IP Address Management
>  
> Men & Mice Blog  | Follow us on Twitter  | Men & Mice on Facebook
>  
> Disclaimer : www.menandmice.com/disclaimer
>  
> 
> On Mar 27, 2013, at 4:14 PM, "Mike." <the.lists at mgm51.com> wrote:
> 
>> 
>> My unbound config file is:
>> 
>> -------------------------------------
>> server:
>> 	verbosity: 1
>> 
>> 	statistics-interval: 84600
>> 	statistics-cumulative: yes
>> 	extended-statistics: yes
>> 
>> 	interface:	10.20.1.1
>> 	interface:	127.0.0.1
>> 	interface:	fdcf:b715:2f4d:1::1
>> 	interface:	::1
>> 
>> 	access-control: 0.0.0.0/0		refuse
>> 	access-control:	10.0.0.0/8		allow
>> 	access-control: 127.0.0.1		allow
>> 
>> 	access-control: ::0/0			refuse
>> 	access-control: fdcf:b715:2f4d:1::/64	allow
>> 	access-control: fe80::/64		allow
>> 	access-control: ::1			allow
>> 	access-control:	::ffff:127.0.0.1	allow
>> 	access-control: 2001:xxxx:xxxx:1::/64	allow
>> 
>> 	cache-min-ttl: 	0
>> 
>> 	root-hints: "/var/unbound/etc/named.cache"
>> 
>> #	auto-trust-anchor-file:	"/var/unbound/etc/root.key"
>> 
>> 	domain-insecure:	"241acl.lan"
>> 
>> 	local-zone: "10.in-addr.arpa." nodefault
>> 	local-zone: "d.f.ip6.arpa." nodefault
>> 
>> 
>> stub-zone:
>> 	name: "241acl.lan"
>> 	stub-addr: fdcf:b715:2f4d:3::1
>> 
>> stub-zone:
>> 	name: "10.in-addr.arpa"
>> 	stub-addr: fdcf:b715:2f4d:3::1
>> 
>> stub-zone:
>> 	name: "d.f.ip6.arpa"
>> 	stub-addr: fdcf:b715:2f4d:3::1
>> 
>> 
>> 
>> remote-control:
>> 	control-enable: 	yes
>> 	control-interface:	::1
>> 
>> -----------------------------------------
>> 
>> and I am running unbound 1.4.17 on OpenBSD 5.2.
>> 
>> 
>> With the config file as above, all forward and reverse DNS lookups work
>> fine.   However, when I uncomment the auto-trust-anchor-file, then the
>> rDNS look ups for fd::/8 addresses stop working.   Increasing log
>> verbosity, it looks like unbound is traipsing to the root servers
>> looking for a DNSSEC key and not finding one.  Then the rDNS request is
>> rejected, and I cannot figure out why....
>> 
>> I know I am missing something obvious, but I just cannot see it ....
>> 
>> 
>> _______________________________________________
>> Unbound-users mailing list
>> Unbound-users at unbound.net
>> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130327/b727f365/attachment.html>