Hello,
I am running unbound on CentOS 7 (latest) using Unbound 1.6.6. While doing a tcpdump to my destination DNS server I can see that unbound is appending my internal zone to everything.
Here is my config:
]# cat /etc/unbound/unbound.conf|grep -v ‘#’
server:
verbosity: 3
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 4
interface: x.x.x.x
interface-automatic: no
so-rcvbuf: 4m
so-sndbuf: 4m
cache-max-negative-ttl: 10
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
do-daemonize: yes
access-control: 0.0.0.0/0 refuse
access-control: x.x.x.x/16 allow
chroot: “”
username: “unbound”
directory: “/etc/unbound”
logfile: “/var/log/unbound.log”
log-time-ascii: yes
pidfile: “/var/run/unbound/unbound.pid”
harden-glue: yes
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
use-caps-for-id: no
unwanted-reply-threshold: 10000000
do-not-query-localhost: yes
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
module-config: “iterator”
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: “/var/lib/unbound/root.key”
val-clean-additional: yes
val-permissive-mode: no
val-log-level: 1
include: /etc/unbound/local.d/*.conf
include: /etc/unbound/conf.d/*.conf
19:12:51.822564 IP 10.1.6.247.49589 > 10.10.0.31.domain: 18798+% [1au] A? grafana.example.com.example.net. (70)
19:12:51.822735 IP 10.10.0.31.domain > 10.1.6.247.49589: 18798 NXDomain* 0/1/1 (132)
19:12:51.823203 IP 10.1.6.247.8795 > 10.10.0.31.domain: 14439+% [1au] AAAA? grafana.example.com.example.net. (70)
19:12:51.823280 IP 10.10.0.31.domain > 10.1.6.247.8795: 14439 NXDomain* 0/1/1 (132)
19:12:54.020532 IP 10.1.6.247.59429 > 10.10.0.31.domain: 3647+ A? unbound01.stl1.example.net. (49)
19:12:54.020640 IP 10.10.0.31.domain > 10.1.6.247.59429: 3647* 1/6/6 A 10.1.6.247 (315)
19:12:54.056951 IP 10.1.6.247.45906 > 10.10.0.31.domain: 52440+ A? unbound01.stl1.example.net. (49)