I'm running nsd and unbound on my OpenBSD server.
nsd is listening on 127.0.0.1:53 and is master for two internal zones:
example.com
10.10.10.in-addr.arpa
-----unbound.conf-----
unbound is listening on 10.10.10.1:53
server:
interface 10.10.10.1
interface: ::1
access-control: 0.0.0.0/0 refuse
access-control: 10.10.10.0/24 allow
access-control: ::0/0 refuse
access-control: ::1 allow
hide-identity: yes
hide-version: yes
do-not-query-localhost: no # I was really surprised this was needed
local-zone: "10.10.10.in-addr.arpa" nodefault # is this needed?
stub-zone:
name: "example.com"
stub-addr: 127.0.0.1
stub-zone:
name: "10.10.10.in-addr.arpa."
stub-addr: 127.0.0.1
---------------------------
When I run nslookup, and set my server to 10.10.10.1 (unbound listening on
53), I get the following results:
amazon: works
host.example.com: works
10.10.10.1: does not work (server can't find 1.10.10.10.in-addr.arpa.:
NXDOMAIN)
When I point nslookup to 127.0.0.1 (nsd listening on 53), I get the
following results:
amazon.com: NXDOMAIN (expected)
host.example.com: 10.10.10.1
10.10.10.1: host.example.com
I was really banging my head against the wall until I saw
do-not-query-localhost (why do I need to set that when I set up a stub-zone
- more importantly, why doesn't the stub-zone documentation mention the
need for this?!)
What am I missing to get results for the reverse lookup?
Thanks!
