Hi,
Unbound seems to be handling failed lookups in a strange manner. Certain lookups provide my external IP as the answer. I’m interpreting that as a failed lookup. If that’s the case, then how can I get unbound to provide an actual “failed lookup” response rather than my own external IP address?
I’ve looked all over the unbound.conf site and found nothing with respect to this particular problem. The logs don’t give me
Machine w Unbound**# nslookup 96.94.160.167.sbl-xbl.spamhaus.org**
Server: 127.0.0.2
Address: 127.0.0.2#53
Non-authoritative answer:
Name: 96.94.160.167.sbl-xbl.spamhaus.org.aquawest.net
Address: 1xx.1xx.1xx.1xx [my external IP address]
In addition, the following yields an answer that’s just wrong. I’ve tested this on an machine that doesn’t use unbound. You can see how the two answers differ.
Machine w Unbound**# nslookup 198.31.211.67.list.dnswl.org**
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: 198.31.211.67.list.dnswl.org
Address: 92.242.144.50
compare the result above with the result below:
Machine 2**# nslookup 198.31.211.67.list.dnswl.org 192.168.7.1**
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can’t find 198.31.211.67.list.dnswl.org: NXDOMAIN
Does anyone have any insight as to why this might be happening?
Thank you!
Patrick
Hello Patrick,
pcl-associates writes:
Hi,
Unbound seems to be handling failed lookups in a strange manner. Certain lookups provide my external IP as the answer. I'm interpreting that as a failed lookup. If that's the case, then how can I get unbound to provide an actual "failed lookup" response rather than my own external IP address?
I've looked all over the unbound.conf site and found nothing with respect to this particular problem. The logs don't give me
Machine w Unbound# nslookup 96.94.160.167.sbl-xbl.spamhaus.org
Server: 127.0.0.2
Address: 127.0.0.2#53
Non-authoritative answer:
Name: 96.94.160.167.sbl-xbl.spamhaus.org.aquawest.net
Address: 1xx.1xx.1xx.1xx [my external IP address]
There is probably nothing wrong with Unbound, but your query tool
(nslookup) appends a local domain name ".aquawest.net" to the
query. nslookup, as well as the operating system stub-resolver, appends
the local domain and/or any DNS searchlist in case the original query
gives a negative response (NXDOMAIN).
You have a wildcard-record on ".aquawest.net"
dig "*.aquawest.net" +noall +answer
; <<>> DiG 9.10.0-P1 <<>> *.aquawest.net +noall +answer
;; global options: +cmd
*.aquawest.net. 5992 IN A 109.164.249.126
that IP address will be returned on all queries that end in
".aquawest.net".
If you don't want that, you can
a) make the domain name you query full qualified by ending with a dot:
"nslookup 96.94.160.167.sbl-xbl.spamhaus.org."
b) use better DNS query tools than "nslookup" ("dig" or "drill" or
"unbound-host")
c) remove the local domain/searchlist from the computer's TCP/IP
configuration you're sending the query from.
Hello Carsten,
Thank you so very much. That was absolutely perfect. I would have gladly used option a) or b) but since it’s for a server application, it was easier to use option c) as there were also no drawbacks.
Many thanks again.
Patrick