I am having a problem with a particular DNS lookup and I am not even
sure how to formulate the question, so please bear with me.
My setup is Internet – IPFire with Unbound 1.19.0 – ClearOS7. ClearOS
runs a system called Gateway Management which is a branding of
AdamNetworks’ Adam:one, a DNS filtering tool.
IPFire is currently running as a recursive resolver but the same problem
exists when running as a Caching DNS server. All other boxes are empty
on the DNS setup screen in IPFire. SSL and TLS are not being used. I
should be able to dig out the configs, if needed.
With Gateway Management running, in ClearOS I can resolve 1024 and 2048
bit domainkeys (1024._domainkey.howitts.co.uk and
2048_domainkey.howitts.co.uk) with nslookup. I can resolve 4096 bit
domainkeys using the dig command "dig txt
202403._domainkey.howitts.co.uk" but with nslookup I get:
[root@server ~]# nslookup -q=txt 202403._domainkey.howitts.co.uk
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
*** Can't find 202403._domainkey.howitts.co.uk: No answer
Authoritative answers can be found from:
howitts.co.uk
origin = achiel.ns.cloudflare.com
mail addr = dns.cloudflare.com
serial = 2336336559
refresh = 10000
retry = 2400
expire = 604800
minimum = 1800
Without Gateway Management on ClearOS 7, it all works. This may lead you
to thinking it is Gateway Management but if I change ClearOS’s upstream
resolver from IPFire/Unbound to Cloudflare, all lookups work. This leads
me to believe Unbound is doing an invalid lookup or giving an invalid
response to a particular query formatted by Gateway Managament.
I have pcap files of the working and non-working lookups between ClearOS
and IPFire but I don’t know how to interpret them.
Can anyone please help me?
