I'm at my wits end. I'm ttrying to setup unbound on a mail server this
way:
* query internal DNS Servers for internal zones (forward/reverse)
* query special DNS Servers for spamhaus.org
* the rest: do directly
My config:
* Ralf Hildebrandt <Ralf.Hildebrandt@charite.de>:
use-caps-for-id: yes
Removing this doesn't help either.
If you are on Debian/Ubuntu you should check if /etc/default/unbound has
RESOLVCONF_FORWARDERS set to true as this would instruct Unbound to use
the nameservers from resolv.conf as forwarders.
Regards,
Simon
* Simon Deziel <simon+unbound@sdeziel.info>:
> Forwarding works OK, but on 141.42.2.22 I'm seeing queries in the
> query.log:
>
> 19-Jun-2014 15:23:05.172 client 141.42.202.200#18055: query: 1.2.3.4.b.baRRACudACEnTRal.org IN A +EDC (141.42.2.22)
> 19-Jun-2014 15:23:05.342 client 141.42.202.200#51273: query: 1.2.3.4.B.bARRACuDAcENtrAL.ORg IN A +EDC (141.42.2.22)
> 19-Jun-2014 15:23:05.422 client 141.42.202.200#61743: query: 1.2.3.4.b.BarracUDaCentraL.ORG IN A +EDC (141.42.2.22)
> 19-Jun-2014 15:23:05.582 client 141.42.202.200#47007: query: 1.2.3.4.b.BArRACudAceNtraL.ORg IN A +EDC (141.42.2.22)
>
> Why are these queries forwarded without any explicit forward-zone
> statement?If you are on Debian/Ubuntu you should check if /etc/default/unbound has
RESOLVCONF_FORWARDERS set to true as this would instruct Unbound to use
the nameservers from resolv.conf as forwarders.
I'm not sure I understand this correctly. My resolv.conf is:
nameserver 127.0.0.1
search charite.de
But to be on the safe side, I've set:
RESOLVCONF_FORWARDERS=false
now.
Hm, this seems to work.
Ralf Hildebrandt wrote:
* Simon Deziel <simon+unbound@sdeziel.info>:
> > Forwarding works OK, but on 141.42.2.22 I'm seeing queries in the
> > query.log:
> >
> > 19-Jun-2014 15:23:05.172 client 141.42.202.200#18055: query: 1.2.3.4.b.baRRACudACEnTRal.org IN A +EDC (141.42.2.22)
> > 19-Jun-2014 15:23:05.342 client 141.42.202.200#51273: query: 1.2.3.4.B.bARRACuDAcENtrAL.ORg IN A +EDC (141.42.2.22)
> > 19-Jun-2014 15:23:05.422 client 141.42.202.200#61743: query: 1.2.3.4.b.BarracUDaCentraL.ORG IN A +EDC (141.42.2.22)
> > 19-Jun-2014 15:23:05.582 client 141.42.202.200#47007: query: 1.2.3.4.b.BArRACudAceNtraL.ORg IN A +EDC (141.42.2.22)
> >
> > Why are these queries forwarded without any explicit forward-zone
> > statement?
>
> If you are on Debian/Ubuntu you should check if /etc/default/unbound has
> RESOLVCONF_FORWARDERS set to true as this would instruct Unbound to use
> the nameservers from resolv.conf as forwarders.
No, this is incorrect. Nothing in the unbound package reads forwarders
from /etc/resolv.conf. If RESOLVCONF_FORWARDERS is set, and the
resolvconf package is installed, then the non-loopback IPs provided to
the resolvconf facility will be configured as forwarders for Unbound at
runtime.
See /usr/share/doc/resolvconf/README.gz,
/etc/resolvconf/update.d/unbound.
I'm not sure I understand this correctly. My resolv.conf is:
nameserver 127.0.0.1
search charite.deBut to be on the safe side, I've set:
RESOLVCONF_FORWARDERS=false
now.Hm, this seems to work.
I would guess that you had a "dns-nameservers" line in
/etc/network/interfaces, and the resolvconf package installed.
I stand corrected, thanks for the precision.