Maintained by: NLnet Labs

Unbound not returning MX record from NSD

Ichigo Kurosaki
Thu Sep 14 07:41:51 CEST 2017


Hi,

I have master slave setup of NSD and Unbound, which is running just fine
for the most part except that machines making use of the DNS is unable to
retrieve the MX record.

Both master and slave NSD runs on port 8053, while Unbound is on port 53,
see config gist below.

#Unbound conf
server:
        verbosity: 2
        interface: 192.168.1.2
        interface: 127.0.0.1
        port: 53
        do-ip4: yes
        do-ip6: no
        do-udp: yes
        access-control: 192.168.0.0/16 allow
        access-control: 127.0.0.0/8 allow
        access-control: 172.16.0.0/12 allow
        access-control: 10.100.10.0/24 allow
        root-hints: "/var/lib/unbound/root.hints"
        #auto-trust-anchor-file: "/var/lib/unbound/root.key"
        hide-identity: yes
        hide-version: yes
        harden-glue: yes
        harden-dnssec-stripped: yes
        cache-min-ttl: 3600
        cache-max-ttl: 86400
        private-domain: "example.com"
        do-not-query-localhost: no
        prefetch: yes
        logfile: "/var/log/unbound/unbound.log"

local-zone: "1.168.192.in-addr.arpa" nodefault

python:

# Remote control config section.
remote-control:
        control-enable: yes

# Stub zones.
stub-zone:
        name: "example.com"
        stub-addr: 192.168.1.2 at 8053
        stub-addr: 127.0.0.1 at 8053

stub-zone:
        name: "1.168.192.in-addr.arpa."
        stub-addr: 127.0.0.1 at 8053
        stub-addr: 192.168.1.2 at 8053

# NSD zone file

;## NSD authoritative only DNS

$ORIGIN example.com.
$TTL 86400      ; 1 day
@       IN SOA  nsd1.example.    postmaster.example.com. (
                                2017081004 ; serial number date plus last
two digit increment
                                86400      ; refresh (1 day)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )
; Name Servers
        IN      NS      nsd1.example.com.
        IN      NS      nsd2.example.com.

; A Records for Name Servers
nsd1    IN      A       192.168.1.2
nsd2    IN      A       192.168.1.3

; MX Record

        IN      MX      10 mail.example.com.

; A Records L20 servers
mail                    A       192.168.1.8
www                   A       192.168.1.9
webmail             CNAME   mail

When I try to query for the MX record of example.com e.g., $ dig mx  +short
example.com, it does not return anything. The above zone file was copied
from a working old BIND, the same query still works for the latter.

Hope someone could point the fix.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20170914/1b8ab04f/attachment.html>