Maintained by: NLnet Labs

[Unbound-users] rDNS for fd::/8

Arni Birgisson
Wed Mar 27 17:33:27 CET 2013


This might be because of the default local-data in unbound for RFC4193 addresses.

http://www.unbound.net/documentation/unbound.conf.html (ctrl-F RFC4193)

If that is the cause, you can remove it with
                   local-zone: D.F.ip6.arpa. nodefault

-- Arni


Arni Birgisson
Professional Services
Men & Mice
Hlidarsmari 15, IS-201, Kopavogur, Iceland
Phone: +354 412 1500
Email:  arnib at menandmice.com
www.menandmice.com
 
First Choice in IP Address Management
 
Men & Mice Blog  | Follow us on Twitter  | Men & Mice on Facebook
 
Disclaimer : www.menandmice.com/disclaimer
 

On Mar 27, 2013, at 4:14 PM, "Mike." <the.lists at mgm51.com> wrote:

> 
> My unbound config file is:
> 
> -------------------------------------
> server:
> 	verbosity: 1
> 
> 	statistics-interval: 84600
> 	statistics-cumulative: yes
> 	extended-statistics: yes
> 
> 	interface:	10.20.1.1
> 	interface:	127.0.0.1
> 	interface:	fdcf:b715:2f4d:1::1
> 	interface:	::1
> 
> 	access-control: 0.0.0.0/0		refuse
> 	access-control:	10.0.0.0/8		allow
> 	access-control: 127.0.0.1		allow
> 
> 	access-control: ::0/0			refuse
> 	access-control: fdcf:b715:2f4d:1::/64	allow
> 	access-control: fe80::/64		allow
> 	access-control: ::1			allow
> 	access-control:	::ffff:127.0.0.1	allow
> 	access-control: 2001:xxxx:xxxx:1::/64	allow
> 
> 	cache-min-ttl: 	0
> 
> 	root-hints: "/var/unbound/etc/named.cache"
> 
> #	auto-trust-anchor-file:	"/var/unbound/etc/root.key"
> 
> 	domain-insecure:	"241acl.lan"
> 
> 	local-zone: "10.in-addr.arpa." nodefault
> 	local-zone: "d.f.ip6.arpa." nodefault
> 
> 
> stub-zone:
> 	name: "241acl.lan"
> 	stub-addr: fdcf:b715:2f4d:3::1
> 
> stub-zone:
> 	name: "10.in-addr.arpa"
> 	stub-addr: fdcf:b715:2f4d:3::1
> 
> stub-zone:
> 	name: "d.f.ip6.arpa"
> 	stub-addr: fdcf:b715:2f4d:3::1
> 
> 
> 
> remote-control:
> 	control-enable: 	yes
> 	control-interface:	::1
> 
> -----------------------------------------
> 
> and I am running unbound 1.4.17 on OpenBSD 5.2.
> 
> 
> With the config file as above, all forward and reverse DNS lookups work
> fine.   However, when I uncomment the auto-trust-anchor-file, then the
> rDNS look ups for fd::/8 addresses stop working.   Increasing log
> verbosity, it looks like unbound is traipsing to the root servers
> looking for a DNSSEC key and not finding one.  Then the rDNS request is
> rejected, and I cannot figure out why....
> 
> I know I am missing something obvious, but I just cannot see it ....
> 
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20130327/ca01677b/attachment-0001.html>