SERVFAIL errors with FreeBSD using unbound only

Solène Rapenne solene at bsd.zplay.eu
Fri Jan 1 17:25:46 UTC 2016 

Le 2016-01-01 17:57, C.L. Martinez a écrit :
> Hi all,
> 
>  I have configured unbound as a cache nameserver in a FreeBSD 10.2
> amd64 (fully patched) host. At the same time, I am using nsd to
> resolve names for my internal hosts.
> 
>  But there is a problem: unbound doesn't works/redirect reverse
> queries for IP address to nsd daemon.
> 
>  My current unbound.conf:
> 
> server:
> 	interface: 127.0.0.1
> 	interface: 172.21.55.14
> 	interface: ::1
> 	do-ip6: no
> 	username: unbound
> 	directory: /var/unbound
> 	chroot: /var/unbound
> 	pidfile: /var/run/local_unbound.pid
> 	auto-trust-anchor-file: /var/unbound/root.key
> 	access-control: 0.0.0.0/0 refuse
> 	access-control: 127.0.0.0/8 allow
> 	access-control: 172.21.55.0/28 allow
> 	access-control: ::0/0 refuse
> 	access-control: ::1 allow
> 	hide-identity: yes
> 	hide-version: yes
> 	do-not-query-localhost: no
> 
> 
> include: /var/unbound/forward.conf
> #include: /var/unbound/lan-zones.conf
> include: /var/unbound/control.conf
> #include: /var/unbound/conf.d/*.conf
> 
> stub-zone:
> 	name: "mydom.org"
> 	stub-addr: 127.0.0.1 at 5353
> 
> stub-zone:
> 	name: "21.172.in-addr.arpa"
> 	stub-addr: 127.0.0.1 at 5353
> 
> 
> nsd is listening on localhost, port 5353. When I try to do some
> reverse query from a linux client:
> 
> [root at cstbbvn01 ~]# nslookup
>> 172.21.55.14
> Server:		172.21.55.14
> Address:	172.21.55.14#53
> 
> ** server can't find 14.55.21.172.in-addr.arpa: SERVFAIL
>> 172.21.55.1
> Server:		172.21.55.14
> Address:	172.21.55.14#53
> 
> ** server can't find 1.55.21.172.in-addr.arpa: SERVFAIL
>> exit
> 
> 
> Every time, a servfail is displayed. All other queries works ok.
> Disabling unbound and using nsd only, all works ok also.
> 
> Then, what am I doing wrong with unbound??
> 
> Thanks.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"


Hi,

You should add this in your unbound config file :

local-zone: 21.172.in-addr.arpa. transparent


Also, I am using unbound + nsd and in my config file I have forward-addr 
instead of stub-zone but I don't remember the difference, and as far as 
I remember I was using stub-zone before and it was working.

More information about the freebsd-questions mailing list