Date: Mon, 30 Jun 2014 16:43:05 +0400 (MSK) From: Dmitry Morozovsky <marck@rinet.ru> To: Peter Wemm <peter@wemm.org> Cc: Konstantin Belousov <kostikbel@gmail.com>, freebsd-stable@freebsd.org Subject: Re: stable/10: unbound refuses to forward some DNS queries Message-ID: <alpine.BSF.2.00.1406301638480.36231@woozle.rinet.ru> In-Reply-To: <4052053.k3ny9DzFll@overcee.wemm.org> References: <alpine.BSF.2.00.1406291514140.36231@woozle.rinet.ru> <alpine.BSF.2.00.1406291933560.36231@woozle.rinet.ru> <alpine.BSF.2.00.1406292002370.36231@woozle.rinet.ru> <4052053.k3ny9DzFll@overcee.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 29 Jun 2014, Peter Wemm wrote: > > > subset seems to be enough: > > > #suggested by kib@ > > > domain-insecure: "168.192.in-addr.arpa." > > > local-zone: "168.192.in-addr.arpa." transparent > > > > ... and it turned out that even the last line is optional. > > > > To clarify: ALL queries for my case should be forwarded. > > > > It's on FreeBSD 10.0-STABLE #4 r267602: Wed Jun 18 11:15:36 MSK 2014 > > I use 'nodefault' instead of 'transparent' for these. > > I'm pretty sure you do need it because unbound has the RFC1918 and other > "fake" addresses stubbed out. If you only did a 'reload' after changing it, > the stubs would have been replaced with a live address. I'd expect a full > kill/restart to not work without it. Yes you're absolutely right. > You need the domain-insecure for 168.192.in-addr.arpa because there is a NSEC3 > hash on 192.in-addr.arpa that has a 'proof of non existence' for the 192.168 > node underneath. maybe then we could improve the logic in local-unbound-setup.sh to detect RFC1918 addresses active on interfaces up and generate unbound.conf accordingly? -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1406301638480.36231>