Maintained by: NLnet Labs

unbound not accepting a stub or forward pointing to a loopback interface.

Eduardo Schoedler
Sat May 21 02:04:28 CEST 2016


Try:

server:
       do-not-query-localhost: no


Regards,



2016-05-20 20:13 GMT-03:00 Måns Nilsson via Unbound-users <
unbound-users at unbound.net>:

> Greetings,
>
> I've got a resolve server setup, using OpenBSD, unbound, and nsd. (hence
> the crosspost)
>
> The setup is as follows;
>
> unbound is listening on a loopback interface, lo1, using an address that
> is anycast, let's call it 192.0.2.53/32. This address is configured as
> resolver in clients. This works.
>
> However, this particular machine is slated to go walkabout in a travel
> kit to a place where it might lose its connection. We still want it to
> work and keep on serving names, since some resources will be local.
>
> Therefore, we've got a nsd instance running on the same host. The nsd is
> slaving a number of the important zones we need off of the normal servers,
> and we intend to use stub/forward in unbound to prefer this instance --
> a lot of firewalling means we can't freely recurse from the root anyway,
> so such a setup is required regardless. We're forwarding to a pair of
> DMZ resolver hosts for external names, and to internal name servers for
> our own stuff.
>
> I initially tried to make nsd listen on 127.0.0.53 using an extra
> loopback interface (in contrast to a statement by a PFY working at a
> Swedish ISP back in the dotcom bubble days, we feel that we can afford
> loopback interfaces... True story.) and it works. Half-way. I can dig
> @127.0.0.53 and get excellent answers back. But unbound refuses to use
> the address, and returns SERVFAIL.  As soon as I make nsd listen on a
> physical interface on the host and change the unbound config accordingly
> so that it points to that address for forwarding/stub address, things
> start working.
>
> Is this an issue in unbound or OpenBSD (5.9)?
>
> Bonus question: Forward or Stub? I never really got through to understand
> the differences ;-)
>
> Thanks for any pointers in this.
> --
> Måns Nilsson     primary/secondary/besserwisser/machina
> MN-1334-RIPE                             +46 705 989668
> We have DIFFERENT amounts of HAIR --
>



-- 
Eduardo Schoedler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20160520/de23206c/attachment.html>