Maintained by: NLnet Labs

inconsistent forward-zone behavior between config files, unbound-control

W.C.A. Wijngaards
Wed Sep 23 11:47:31 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mike,

On 09/22/2015 07:02 PM, Mike Brown via Unbound-users wrote:
> It is quite possible I am just clueless and doing things all wrong,
> so please forgive me if this is a waste of your time. I've Googled
> and experimented for hours, and am no closer to understanding
> what's going wrong here.

Not a clue about comcast or uribl, but your unbound.conf looks weird:

> # cat /var/unbound/conf.d/uribl.conf forward-zone: name:
> multi.uribl.com forward-host: multi.uribl.com
> 

This entry creates a loop, where unbound has to lookup multi.uribl.com
to lookup multi.uribl.com, and to do that it has to lookup
multi.uribl.com ...  And that causes it to fail.

Also multi.uribl.com is a website, and unbound wants nameservers (the
right hand side of the dig multi.uribl.com NS lookup).

To remove the endless loop you can type IP adresses (with
forward-addr: ip), but in this case, uribl has nameservers that do not
cause a loop:
forward-host: aa.uribl.com.
forward-host: bb.uribl.com.
..
forward-host: hh.uribl.com.

Another point, it should be a stub-zone, because those are
authoritative servers that you are listing in the config.  Use
stub-zone: and stub-host: in the uribl.conf file.

Best regards, Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWAnUzAAoJEJ9vHC1+BF+NrNMQAKomkrICyWOtW3e6icefjDIr
0Po9MhUjUNJvngSriUk8rO0keved8wERUcrVnIxq93Ulnl4NJHdiT97NuSUI+hzC
aXZncrJeTmEG+JvgHrwkHJDkErs4DpokItnVj1YrzUV18tuC05f2U4yCaeV1kVem
5yjQ+iTkmPpmJHohE+QpTtfWyIfZrr6ZK3ZROzcURBWQ1t70+iGHDbtQqDdxADXi
D30teF28Qy6AquK+uoG72TDcnSfbfSYcKdNjl8evnNS16tq8rrvGlcKuu+Sk4vi+
4i7h1U7fwq0/C/ZgtPprMWvr1uemjNH7eE6OOw/KBbq6NNiUfWj8IoVGJ697OJib
VzLOGFXoN/YI/gVnhXq7XM0y/S/ifyErd5vGWzGe/EJH7teOm8VNdtzCSun1IPr4
w2HNUZmu5ch/W5kpyxJq+/33hDlS6g9xK9coUXLOlwUE1WEZinZxr8/jg/GmRRLG
CUSnMkZktw9Lxy58LnPm/dwmVSj1wv2R+vhH5+gBI4cJFXvRtzOziiQnE3jdtNGc
VtOmehRLHpti3Lqovi9r29AqDAXsx5rStIVs1IeYIqWq5649kdCKSYQ2sZpUFun9
ug4pzyclOhBuwFzJGwAV0yZ+bADyOP4pfdYfoBKPoaZ8qpKfT+j5YS3mtOdGh9kV
K6xEVsbtkl2RrYCqM7wA
=Fwii
-----END PGP SIGNATURE-----