Re: FreeBSD Trust Chain
- In reply to: Tomasz CEDRO : "Re: FreeBSD Trust Chain"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 13 Jan 2022 14:06:01 UTC
On 1/13/22 3:42 AM, Tomasz CEDRO wrote: <SNIP> > Do you use local_unbound? Some people (including me) recently noticed > resolve problems with local_unbound when using local LAN dns servers > (i.e. 192.168.0.1) on a desktop machine, when using external dns only > for local_unbound all seems to work fine, when using that local LAN > resolver directly without local_unbound also all seems to work fine. > Looks a bit similar issue somewhere out there maybe? :-) > Nope, we're not using local_unbound. The machine in question is a public facing DNS server behind a static IP on the Comcast Business network. It also acts as a nating firewall to one of our LANs. The bind instance there properly resolves queries for our zone. But when it is asked to lookup something outside our own domain, it intermittently fails to do so with no predictable pattern. Adding a forwarder - either Cloudflare's or one of our other master DNS servers not on the same network, everything resolves just fine. This configuration has been in place and working for years so we surmise that either something got broken by a recent bind update, or Comcast is doing evil things with DNS queries. -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/