Maintained by: NLnet Labs

[Unbound-users] Unexpected results - Unbound results don't match external DNS

pcl-associates
Sun Jul 27 17:05:16 CEST 2014


Chris,

Yes.  Point well taken.  I thought I had carefully reviewed the unbound.conf prior to installation but evidently I missed this one.  In any case, I've fixed it in unbound.conf but after shutting down unbound and starting it again, I still get the same results:

# dig 158.24.39.46.zen.spamhaus.org.

; <<>> DiG 9.9.4-rpz2.13269.14-P2 <<>> 158.24.39.46.zen.spamhaus.org.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 533
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;158.24.39.46.zen.spamhaus.org.	IN	A

;; AUTHORITY SECTION:
zen.spamhaus.org.	3600	IN	SOA	need.to.know.only. hostmaster.spamhaus.org. 1407271455 3600 600 432000 150

;; Query time: 855 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jul 27 17:00:59 CEST 2014
;; MSG SIZE  rcvd: 122


# nslookup 158.24.39.46.zen.spamhaus.org.
Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find 158.24.39.46.zen.spamhaus.org.: NXDOMAIN

Patrick


On Jul 27, 2014, at 7:18 AM, Sonic <sonicsmith at gmail.com> wrote:

> On Sun, Jul 27, 2014 at 10:11 AM, Sonic <sonicsmith at gmail.com> wrote:
>> Suggest you simplify
>> your unbound.conf and use the man page as a guide vs a third party
>> site.
> 
> Indeed - I bet this is your problem.
> 
> Looking at the Calomel site they list these private address ranges:
> =================================
>    private-address: 10.0.0.0/8
>    private-address: 172.16.0.0/12
>    private-address: 10.0.0.0/16
>    private-address: 192.254.0.0/16
> =================================
> Which is incorrect.
> The default private address ranges should be:
> =================================
>    private-address: 10.0.0.0/8
>    private-address: 172.16.0.0/12
>    private-address: 192.168.0.0/16
>    private-address: 169.254.0.0/16
> =================================
> By including 192.254.0.0/16 you are blocking proper resolution of many
> valid IP blocks.
> 
> Blindly relying on third party sites for information can be dangerous.
> 
> Chris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140727/af6d8fe7/attachment-0001.html>