Re: Unbound Problems (Reverse Direction)
Use these directives also in unbound (see the pattern and choose what you need, like 24.172.IN-ADDR.ARPA, to cover your 172.24.* reverse. local-zone: "168.192.IN-ADDR.ARPA" nodefault local-zone: "16.172.IN-ADDR.ARPA" nodefault local-zone: "17.172.IN-ADDR.ARPA" nodefault local-zone: "18.172.IN-ADDR.ARPA" nodefault local-zone: "19.172.IN-ADDR.ARPA" nodefault local-zone: "10.IN-ADDR.ARPA" nodefault local-zone: "d.f.IP6.ARPA" nodefault > On Jul 10, 2020, at 2:22 AM, Frank Habicht wrote: > > Hi, > >>> On 09/07/2020 20:44, ken.hendrick...@l3harris.com wrote: >> stub-zone: >> name: 30.24.172.in-addr.arpa. > good >> stub-addr: 127.0.0.1@53053 >> stub-zone: >> name: 2.168.192.in-arpa.arpa. > typo >> stub-addr: 127.0.0.1@53053 >> stub-zone: >> name: 224.in-addr.arpa. >> stub-addr: 127.0.0.1@53053 >> stub-zone: >> name: 255.in-addr.arpa. >> stub-addr: 127.0.0.1@53053 > > Frank
Re: Unbound Problems (Reverse Direction)
Hi, On 09/07/2020 20:44, ken.hendrick...@l3harris.com wrote: > stub-zone: > name: 30.24.172.in-addr.arpa. good > stub-addr: 127.0.0.1@53053 > stub-zone: > name: 2.168.192.in-arpa.arpa. typo > stub-addr: 127.0.0.1@53053 > stub-zone: > name: 224.in-addr.arpa. > stub-addr: 127.0.0.1@53053 > stub-zone: > name: 255.in-addr.arpa. > stub-addr: 127.0.0.1@53053 Frank
Re: Unbound Problems (Reverse Direction)
I appreciate your help! Either you solved the previous problem telling me to put $ORIGIN in my BIND zone files, or I had made a mistake with the 'set port=number' command in nslookup. In either case NSD is now working properly in both directions. But Unbound is only working correctly in the forward direction. I'm still doing something wrong, and I don't know what yet. Thanks, Ken CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving.
Unbound Problems (Reverse Direction)
Nope. I still don't have it working. NSD is working in both directions. Unbound is only working in the forward direction. Here is proof that both Unbound and NSD are working in the forward direction: 7 Soekris2# nslookup nas2 Server: 127.0.0.1 Address:127.0.0.1#53 Non-authoritative answer: Name: nas2.Foo.Bar Address: 172.24.10.2 Here is proof that NSD is working in the reverse direction: 8 Soekris2# nslookup > server 127.0.0.1 Default server: 127.0.0.1 Address: 127.0.0.1#53 > set port=53053 > 172.24.10.2 Server: 127.0.0.1 Address:127.0.0.1#53053 2.10.24.172.in-addr.arpaname = nas2.foo.bar. But somehow, Unbound is not working in the reverse direction: 6 Soekris2# nslookup 172.24.10.2 Server: 127.0.0.1 Address:127.0.0.1#53 ** server can't find 2.10.24.172.in-addr.arpa: NXDOMAIN Here is the relevant part of my unbound.conf: # Use nsd to resolve local names. # Do not send these queries to the root servers. stub-zone: name: Foo.Bar. stub-addr: 127.0.0.1@53053 stub-zone: name: 10.24.172.in-addr.arpa. stub-addr: 127.0.0.1@53053 stub-zone: name: 20.24.172.in-addr.arpa. stub-addr: 127.0.0.1@53053 stub-zone: name: 30.24.172.in-addr.arpa. stub-addr: 127.0.0.1@53053 stub-zone: name: 2.168.192.in-arpa.arpa. stub-addr: 127.0.0.1@53053 stub-zone: name: 224.in-addr.arpa. stub-addr: 127.0.0.1@53053 stub-zone: name: 255.in-addr.arpa. stub-addr: 127.0.0.1@53053 Any ideas? What am I still doing wrong?? NSD is listening on port 53053, and works (as proved above) for resolving in the reverse direction. Why doesn't unbound work? CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient and may contain material that is proprietary, confidential, privileged or otherwise legally protected or restricted under applicable government laws. Any review, disclosure, distributing or other use without expressed permission of the sender is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies without reading, printing, or saving.
Re: Unbound Problems (Reverse Direction)
please disregard this. as expected, if one mentions 'typo' it is inevitable that one will embarrass themselves profoundly. as it happens i read the config too quickly and entirely wrongly. On Thu, 9 Jul 2020 15:21:27 -0400, Amelia A Lewis wrote: > On Thu, 9 Jul 2020 17:44:48 +, ken.hendrick...@l3harris.com wrote: >> name: 2.168.192.in-arpa.arpa. > ^ > > It's a mystery, as well, why you would set up nsd (an authoritative > sever) if you're not delegating to it in the recursive/caching server. > But if you're gonna replicate the content in unbound.conf, don't typo > your network number. 9 != 7 > > Amy!
Re: Unbound Problems (Reverse Direction)
On Thu, 9 Jul 2020 17:44:48 +, ken.hendrick...@l3harris.com wrote: > name: 2.168.192.in-arpa.arpa. ^ It's a mystery, as well, why you would set up nsd (an authoritative sever) if you're not delegating to it in the recursive/caching server. But if you're gonna replicate the content in unbound.conf, don't typo your network number. 9 != 7 Amy!