Re: 1000s of "SERVFAIL . . . service.arpa" messages

Tue, 14 Jan 2025 08:32:41 -0800 

Thanks Olivier,
I added both on the current master branch.
(https://github.com/NLnetLabs/unbound/commit/f52b2a6ea251749bb7c85e2074a6c17e28d2ae81)

Best regards,
-- Yorgos

On 14/01/2025 16:37, Olivier Benghozi via Unbound-users wrote:

By the way it looks like
https://www.iana.org/assignments/locally-served-dns-zones/locally- served-dns-zones.xhtml <https://www.iana.org/assignments/locally-served- dns-zones/locally-served-dns-zones.xhtml> 
also includes the zone resolver.arpa [RFC9462] to be served the same way...
Le mar. 14 janv. 2025 à 15:41, Yorgos Thessalonikefs via Unbound-users <unbound-users@lists.nlnetlabs.nl <mailto:unbound- us...@lists.nlnetlabs.nl>> a écrit : 

    Hi Jon,

    We will probably include this in the future.
    For now you can configure your current Unbound to have the same
    behavior
    as with home.arpa with:

    local-zone: "service.arpa." static
    local-data: "service.arpa. 10800 IN NS localhost."
    local-data: "service.arpa. 10800 IN SOA localhost. nobody.invalid. 1
    3600 1200 604800 10800"

    which is the default content for home.arpa taken from the manpage
    (https://unbound.docs.nlnetlabs.nl/en/latest/manpages/
    unbound.conf.html#unbound-conf-local-zone <https://
    unbound.docs.nlnetlabs.nl/en/latest/manpages/
    unbound.conf.html#unbound-conf-local-zone>);
    further down where it notes the default local zones.

    Best regards,
    -- Yorgos

    On 10/01/2025 20:21, Jon Murphy via Unbound-users wrote:
     > Hello,
     >
     > Happy new year everyone!
     >
     > Since the beginning of October 2024 I have been seeing lots of
    these messages:
     >
     > ```
     > Oct  2 17:53:31 ipfire unbound: [15153:0] error: SERVFAIL
    <default.service.arpa. SOA IN>: all the configured stub or forward
    servers failed, at zone . from 149.112.112.112 got SERVFAIL
     > Oct  2 17:53:31 ipfire unbound: [15153:0] error: SERVFAIL
    <service.arpa. SOA IN>: all the configured stub or forward servers
    failed, at zone . from 149.112.112.11 got SERVFAIL
     > Oct  2 17:53:32 ipfire unbound: [15153:0] error: SERVFAIL
    <_matter._tcp.default.service.arpa. PTR IN>: all the configured stub
    or forward servers failed, at zone . from 9.9.9.11 got SERVFAIL
     > Oct  2 17:53:40 ipfire unbound: [15153:0] error: SERVFAIL
    <_L1234._sub._matterc._udp.default.service.arpa. SOA IN>: all the
    configured stub or forward servers failed, at zone . from
    149.112.112.11 got SERVFAIL
     > Oct  2 17:53:41 ipfire unbound: [15153:0] error: SERVFAIL
    <_sub._matterc._udp.default.service.arpa. SOA IN>: all the
    configured stub or forward servers failed, at zone . from 9.9.9.11
    got SERVFAIL
     > Oct  2 17:53:41 ipfire unbound: [15153:0] error: SERVFAIL
    <_matterc._udp.default.service.arpa. SOA IN>: all the configured
    stub or forward servers failed, at zone . from 149.112.112.112 got
    SERVFAIL
     > Oct  2 17:53:42 ipfire unbound: [15153:0] error: SERVFAIL
    <_udp.default.service.arpa. SOA IN>: all the configured stub or
    forward servers failed, at zone . from 149.112.112.11 got SERVFAIL
     > Oct  2 17:53:42 ipfire unbound: [15153:0] error: SERVFAIL
    <_1234._sub._matterc._udp.default.service.arpa. PTR IN>: all the
    configured stub or forward servers failed, at zone . from 9.9.9.11
    got SERVFAIL
     > Oct  2 17:53:52 ipfire unbound: [15153:0] error: SERVFAIL
    <1234567890123456-1234567890123456._matter._tcp.default.service.arpa. SRV 
IN>: all the configured stub or forward servers failed, at zone . from 
149.112.112.112 got SERVFAIL
     > Oct  2 17:53:52 ipfire unbound: [15153:0] error: SERVFAIL
    <1234567890123456-1234567890123456._matter._tcp.default.service.arpa. TXT 
IN>: all the configured stub or forward servers failed, at zone . from 
149.112.112.112 got SERVFAIL
     > ```
     >
     > There are 1000s of these messages "SERVFAIL . . . service.arpa"
    every week and 144,028 messages since Oct 2, 2024.  Best I can these
    are all local DNS lookups and they are failing an external DNS
    lookup for "service.arpa".
     >
     > This happens with unbound 1.21.0 and persists with unbound 1.22.0.
     >
     > And I believe this is related to this:
     > https://datatracker.ietf.org/doc/html/draft-ietf-dnssd-
    srp-25#section-10.1 <https://datatracker.ietf.org/doc/html/draft-
    ietf-dnssd-srp-25#section-10.1>
     >
     >
     > So my ask, to stop "service.arpa" from escaping my local network,
    can "service.arpa" be added to the unbound code as a Special Use
    Domain Name similar to "home.arpa"?
     >
     >
     > Best regards,
     > Jon
     >
/Ce message et toutes les pièces jointes (ci-après le "message") sont établis à l’intention exclusive des destinataires désignés. Il contient des informations confidentielles et pouvant être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de détruire le message. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse de l'émetteur/

Reply via email to