Hi,
I have master slave setup of NSD and Unbound, which is running just fine for the most part except that machines making use of the DNS is unable to retrieve the MX record.
Both master and slave NSD runs on port 8053, while Unbound is on port 53, see config gist below.
#Unbound conf
server:
verbosity: 2
interface: 192.168.1.2
interface: 127.0.0.1
port: 53
do-ip4: yes
do-ip6: no
do-udp: yes
access-control: 192.168.0.0/16 allow
access-control: 127.0.0.0/8 allow
access-control: 172.16.0.0/12 allow
access-control: 10.100.10.0/24 allow
root-hints: “/var/lib/unbound/root.hints”
#auto-trust-anchor-file: “/var/lib/unbound/root.key”
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
cache-min-ttl: 3600
cache-max-ttl: 86400
private-domain: “example.com”
do-not-query-localhost: no
prefetch: yes
logfile: “/var/log/unbound/unbound.log”
local-zone: “1.168.192.in-addr.arpa” nodefault
python:
Remote control config section.
remote-control:
control-enable: yes
Stub zones.
stub-zone:
name: “example.com”
stub-addr: 192.168.1.2@8053
stub-addr: 127.0.0.1@8053
stub-zone:
name: “1.168.192.in-addr.arpa.”
stub-addr: 127.0.0.1@8053
stub-addr: 192.168.1.2@8053
NSD zone file
;## NSD authoritative only DNS
$ORIGIN example.com.
$TTL 86400 ; 1 day
@ IN SOA nsd1.example. postmaster.example.com. (
2017081004 ; serial number date plus last two digit increment
86400 ; refresh (1 day)
3600 ; retry (1 hour)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)
; Name Servers
IN NS nsd1.example.com.
IN NS nsd2.example.com.
; A Records for Name Servers
nsd1 IN A 192.168.1.2
nsd2 IN A 192.168.1.3
; MX Record
IN MX 10 mail.example.com.
; A Records L20 servers
mail A 192.168.1.8
www A 192.168.1.9
webmail CNAME mail
When I try to query for the MX record of example.com e.g., $ dig mx +short example.com, it does not return anything. The above zone file was copied from a working old BIND, the same query still works for the latter.
Hope someone could point the fix.
Thanks!