While debugging an issue I have with unbound(8) on OpenBSD I found a
likely unrelated issue with unbound-host(1), which is most likely
related to libunbound(3). When behind a router that redirects all DNS
queries (behind free WiFi portal from the Dutch railways while
commuting) unbound-host(1) is seemingly unable to lookup domains and
always responds with NXDOMAIN.
Using a different lookup tool, e.g. drill(1), I'm able to retrieve the
expected result.
I'm not sure if this is a case of PEBKAC and/or if I forgot to toggle an
option somewhere, but I would expect that unbound-host(1) gives me the
same answer as an alternative DNS lookup tool, e.g. drill(1). Am I wrong
to assume this? If not, any idea what is causing this behaviour?
$ cat /etc/resolv.conf
# Generated by iwn0 dhclient
search wifi.ns.nl
nameserver 10.87.0.1
lookup file bind
$ unbound-host -r -ddv nlnetlabs.nl
[1548308933] libunbound[27251:0] debug: switching log to stderr
[1548308933] libunbound[27251:0] debug: module config: "validator iterator"
[1548308933] libunbound[27251:0] notice: init module 0: validator
[1548308933] libunbound[27251:0] notice: init module 1: iterator
[1548308933] libunbound[27251:0] debug: target fetch policy for level 0 is 0
[1548308933] libunbound[27251:0] debug: target fetch policy for level 1 is 0
[1548308933] libunbound[27251:0] debug: target fetch policy for level 2 is 0
[1548308933] libunbound[27251:0] debug: target fetch policy for level 3 is 0
[1548308933] libunbound[27251:0] debug: target fetch policy for level 4 is 0
[1548308933] libunbound[27251:0] debug: Forward zone server list:
[1548308933] libunbound[27251:0] info: DelegationPoint<.>: 0 names (0 missing), 1 addrs (0 result, 1 avail) parentNS
[1548308933] libunbound[27251:0] debug: validator[module 0] operate: extstate:module_state_initial event:module_event_new
[1548308933] libunbound[27251:0] info: validator operate: query nlnetlabs.nl. A IN
[1548308933] libunbound[27251:0] debug: iterator[module 1] operate: extstate:module_state_initial event:module_event_pass
[1548308933] libunbound[27251:0] info: resolving nlnetlabs.nl. A IN
[1548308933] libunbound[27251:0] info: processQueryTargets: nlnetlabs.nl. A IN
[1548308933] libunbound[27251:0] info: sending query: nlnetlabs.nl. A IN
[1548308933] libunbound[27251:0] debug: sending to target: <.> 10.87.0.1#53
[1548308933] libunbound[27251:0] debug: iterator[module 1] operate: extstate:module_wait_reply event:module_event_reply
[1548308933] libunbound[27251:0] info: iterator operate: query nlnetlabs.nl. A IN
[1548308933] libunbound[27251:0] info: response for nlnetlabs.nl. A IN
[1548308933] libunbound[27251:0] info: reply from <.> 10.87.0.1#53
[1548308933] libunbound[27251:0] info: query response was NXDOMAIN ANSWER
[1548308933] libunbound[27251:0] info: finishing processing for nlnetlabs.nl. A IN
[1548308933] libunbound[27251:0] debug: validator[module 0] operate: extstate:module_wait_module event:module_event_moddone
[1548308933] libunbound[27251:0] info: validator operate: query nlnetlabs.nl. A IN
Host nlnetlabs.nl not found: 3(NXDOMAIN). (insecure)
$ drill -d @10.87.0.1 nlnetlabs.nl
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7150
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; nlnetlabs.nl. IN A
;; ANSWER SECTION:
nlnetlabs.nl. 9759 IN A 185.49.140.10
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 30 msec
;; SERVER: 10.87.0.1
;; WHEN: Thu Jan 24 06:49:39 2019