Maintained by: NLnet Labs

private ipv6 address space

Eric Luehrsen
Tue Aug 1 18:29:51 CEST 2017


dnsmasq is a forwarding resolver and you need "forward" clauses instead of "stub" clauses. As you know its similar user configuration syntax, but different communication behaviors. "Stub" is a short cut to an authoritative server. Also, dnsmasq compiled with authoritative conditional compile options can pretend but it has limited function.

On 08/01/2017 04:16 AM, Stephane Guedon via Unbound-users wrote:

Good (insert your locale time of the day) all members of this list. I have a trouble with my instance of Unbound (OpenBSD 6.1 stable) with private ipv6 space. I have a local dns resolver/cache (Dnsmasq) which works perfect on my router. The Unbound instance is supposed to redirect all dns requests regarding private domains and address space to it: private-address: fd00:2016:22::/48 access-control: ::0/0 refuse access-control: ::1/128 allow access-control: fd00:2016:22::/48 allow local-zone: "2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa." nodefault domain-insecure: "22decembre.eu." domain-insecure: "22december.dk." domain-insecure: "2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa." stub-zone:        name: "22decembre.eu."        stub-addr: "fd00:2016:22:dec::1" stub-zone:        name: "22december.dk."        stub-addr: "fd00:2016:22:dec::1" stub-zone:        name: "d.f.ip6.arpa."        stub-addr: "fd00:2016:22:dec::1" stub-zone:        name: "2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa."        stub-addr: "fd00:2016:22:dec::1"

#domain-insecure: "6.7.5.1.0.0.0.4.6.0.a.2.ip6.arpa." #local-zone:     "6.7.5.1.0.0.0.4.6.0.a.2.ip6.arpa." stub-zone:        name:    "6.7.5.1.0.0.0.4.6.0.a.2.ip6.arpa."        stub-addr: "fd00:2016:22:dec::1"

(In the begining - aka before two days ago - I used forward zones pointing at fd00:2016:22:dec::1 aka dnsmasq and the whole thing worked smoothly as intended. It does not anymore and I tried to upgrade my conf according to the manual and my understanding is that this conf' is supposed to be done with stub-zones.)



But apparently, whenever I send request on 22decembre.eu or 2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa. I get blocked : ; <<>> DiG 9.4.2-P2 <<>> @unbound mirror.22decembre.eu ; (2 servers found) ;; global options:  printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6329 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mirror.22decembre.eu.          IN      A ;; Query time: 3 msec ;; SERVER: fd00:2016:22:dec::3#53(fd00:2016:22:dec::3) ;; WHEN: Tue Aug  1 10:10:01 2017 ;; MSG SIZE  rcvd: 38 stephane at blackblock:/home/stephane dig -t ptr @unbound 2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa. ; <<>> DiG 9.4.2-P2 <<>> -t ptr @unbound 2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa. ; (1 server found) ;; global options:  printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46873 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa. IN   PTR ;; AUTHORITY SECTION: d.f.ip6.arpa.           10800   IN      SOA     localhost. nobody.invalid. 1 3600 1200 604800 10800

Can anyone tell me what mistake(s) I make ? Thank you in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170801/6c92f3db/attachment.html>