Maintained by: NLnet Labs

[Unbound-users] unbound failed lookups?

Carsten Strotmann
Sat Jul 26 08:27:44 CEST 2014


Hello Patrick,

pcl-associates writes:

> Hi,
>
> Unbound seems to be handling failed lookups in a strange manner.  Certain lookups provide my external IP as the answer.  I'm interpreting that as a failed lookup.  If that's the case, then how can I get unbound to provide an actual "failed lookup" response rather than my own external IP address?  
>
> I've looked all over the unbound.conf site and found nothing with respect to this particular problem.  The logs don't give me 
>
> Machine w Unbound# nslookup 96.94.160.167.sbl-xbl.spamhaus.org
> Server:		127.0.0.2
> Address:	127.0.0.2#53
>
> Non-authoritative answer:
> Name:	96.94.160.167.sbl-xbl.spamhaus.org.aquawest.net
> Address: 1xx.1xx.1xx.1xx  [my external IP address]
>

There is probably nothing wrong with Unbound, but your query tool
(nslookup) appends a local domain name ".aquawest.net" to the
query. nslookup, as well as the operating system stub-resolver, appends
the local domain and/or any DNS searchlist in case the original query
gives a negative response (NXDOMAIN).

You have a wildcard-record on ".aquawest.net" 

dig "*.aquawest.net" +noall +answer

; <<>> DiG 9.10.0-P1 <<>> *.aquawest.net +noall +answer
;; global options: +cmd
*.aquawest.net.         5992    IN      A       109.164.249.126

that IP address will be returned on all queries that end in
".aquawest.net".

If you don't want that, you can

a) make the domain name you query full qualified by ending with a dot: 
"nslookup 96.94.160.167.sbl-xbl.spamhaus.org."

b) use better DNS query tools than "nslookup" ("dig" or "drill" or
"unbound-host")

c) remove the local domain/searchlist from the computer's TCP/IP
configuration you're sending the query from.

-- 
Carsten Strotmann
Email: cas at strotmann.de
Blog: strotmann.de