Maintained by: NLnet Labs

[Unbound-users] Problem with forward-zone

Robert Edmonds
Sat Jun 28 19:54:23 CEST 2014


Ralf Hildebrandt wrote:
> * Simon Deziel <simon+unbound at sdeziel.info>:
> > On 14-06-19 09:27 AM, Ralf Hildebrandt wrote:
> > > Forwarding works OK, but on 141.42.2.22 I'm seeing queries in the
> > > query.log:
> > > 
> > > 19-Jun-2014 15:23:05.172 client 141.42.202.200#18055: query: 1.2.3.4.b.baRRACudACEnTRal.org IN A +EDC (141.42.2.22)
> > > 19-Jun-2014 15:23:05.342 client 141.42.202.200#51273: query: 1.2.3.4.B.bARRACuDAcENtrAL.ORg IN A +EDC (141.42.2.22)
> > > 19-Jun-2014 15:23:05.422 client 141.42.202.200#61743: query: 1.2.3.4.b.BarracUDaCentraL.ORG IN A +EDC (141.42.2.22)
> > > 19-Jun-2014 15:23:05.582 client 141.42.202.200#47007: query: 1.2.3.4.b.BArRACudAceNtraL.ORg IN A +EDC (141.42.2.22)
> > > 
> > > Why are these queries forwarded without any explicit forward-zone
> > > statement?
> > 
> > If you are on Debian/Ubuntu you should check if /etc/default/unbound has
> > RESOLVCONF_FORWARDERS set to true as this would instruct Unbound to use
> > the nameservers from resolv.conf as forwarders.

No, this is incorrect.  Nothing in the unbound package reads forwarders
from /etc/resolv.conf.  If RESOLVCONF_FORWARDERS is set, and the
resolvconf package is installed, then the non-loopback IPs provided to
the resolvconf facility will be configured as forwarders for Unbound at
runtime.

See /usr/share/doc/resolvconf/README.gz,
/etc/resolvconf/update.d/unbound.

> I'm not sure I understand this correctly. My resolv.conf is:
> 
> nameserver 127.0.0.1
> search charite.de
> 
> But to be on the safe side, I've set:
> RESOLVCONF_FORWARDERS=false
> now.
> 
> Hm, this seems to work.

I would guess that you had a "dns-nameservers" line in
/etc/network/interfaces, and the resolvconf package installed.

-- 
Robert Edmonds
edmonds at debian.org