Thank you Yorgos! Thank you Olivier! You are the BEST!
Best regards, Jon > On Jan 14, 2025, at 10:31 AM, Yorgos Thessalonikefs via Unbound-users > <unbound-users@lists.nlnetlabs.nl> wrote: > > Thanks Olivier, > I added both on the current master branch. > (https://github.com/NLnetLabs/unbound/commit/f52b2a6ea251749bb7c85e2074a6c17e28d2ae81) > > Best regards, > -- Yorgos > > On 14/01/2025 16:37, Olivier Benghozi via Unbound-users wrote: >> By the way it looks like >> https://www.iana.org/assignments/locally-served-dns-zones/locally- >> served-dns-zones.xhtml <https://www.iana.org/assignments/locally-served- >> dns-zones/locally-served-dns-zones.xhtml> >> also includes the zone resolver.arpa [RFC9462] to be served the same way... >> Le mar. 14 janv. 2025 à 15:41, Yorgos Thessalonikefs via Unbound-users >> <unbound-users@lists.nlnetlabs.nl <mailto:unbound- >> us...@lists.nlnetlabs.nl>> a écrit : >> Hi Jon, >> We will probably include this in the future. >> For now you can configure your current Unbound to have the same >> behavior >> as with home.arpa with: >> local-zone: "service.arpa." static >> local-data: "service.arpa. 10800 IN NS localhost." >> local-data: "service.arpa. 10800 IN SOA localhost. nobody.invalid. 1 >> 3600 1200 604800 10800" >> which is the default content for home.arpa taken from the manpage >> (https://unbound.docs.nlnetlabs.nl/en/latest/manpages/ >> unbound.conf.html#unbound-conf-local-zone <https:// >> unbound.docs.nlnetlabs.nl/en/latest/manpages/ >> unbound.conf.html#unbound-conf-local-zone>); >> further down where it notes the default local zones. >> Best regards, >> -- Yorgos >> On 10/01/2025 20:21, Jon Murphy via Unbound-users wrote: >> > Hello, >> > >> > Happy new year everyone! >> > >> > Since the beginning of October 2024 I have been seeing lots of >> these messages: >> > >> > ``` >> > Oct 2 17:53:31 ipfire unbound: [15153:0] error: SERVFAIL >> <default.service.arpa. SOA IN>: all the configured stub or forward >> servers failed, at zone . from 149.112.112.112 got SERVFAIL >> > Oct 2 17:53:31 ipfire unbound: [15153:0] error: SERVFAIL >> <service.arpa. SOA IN>: all the configured stub or forward servers >> failed, at zone . from 149.112.112.11 got SERVFAIL >> > Oct 2 17:53:32 ipfire unbound: [15153:0] error: SERVFAIL >> <_matter._tcp.default.service.arpa. PTR IN>: all the configured stub >> or forward servers failed, at zone . from 9.9.9.11 got SERVFAIL >> > Oct 2 17:53:40 ipfire unbound: [15153:0] error: SERVFAIL >> <_L1234._sub._matterc._udp.default.service.arpa. SOA IN>: all the >> configured stub or forward servers failed, at zone . from >> 149.112.112.11 got SERVFAIL >> > Oct 2 17:53:41 ipfire unbound: [15153:0] error: SERVFAIL >> <_sub._matterc._udp.default.service.arpa. SOA IN>: all the >> configured stub or forward servers failed, at zone . from 9.9.9.11 >> got SERVFAIL >> > Oct 2 17:53:41 ipfire unbound: [15153:0] error: SERVFAIL >> <_matterc._udp.default.service.arpa. SOA IN>: all the configured >> stub or forward servers failed, at zone . from 149.112.112.112 got >> SERVFAIL >> > Oct 2 17:53:42 ipfire unbound: [15153:0] error: SERVFAIL >> <_udp.default.service.arpa. SOA IN>: all the configured stub or >> forward servers failed, at zone . from 149.112.112.11 got SERVFAIL >> > Oct 2 17:53:42 ipfire unbound: [15153:0] error: SERVFAIL >> <_1234._sub._matterc._udp.default.service.arpa. PTR IN>: all the >> configured stub or forward servers failed, at zone . from 9.9.9.11 >> got SERVFAIL >> > Oct 2 17:53:52 ipfire unbound: [15153:0] error: SERVFAIL >> <1234567890123456-1234567890123456._matter._tcp.default.service.arpa. SRV >> IN>: all the configured stub or forward servers failed, at zone . from >> 149.112.112.112 got SERVFAIL >> > Oct 2 17:53:52 ipfire unbound: [15153:0] error: SERVFAIL >> <1234567890123456-1234567890123456._matter._tcp.default.service.arpa. TXT >> IN>: all the configured stub or forward servers failed, at zone . from >> 149.112.112.112 got SERVFAIL >> > ``` >> > >> > There are 1000s of these messages "SERVFAIL . . . service.arpa" >> every week and 144,028 messages since Oct 2, 2024. Best I can these >> are all local DNS lookups and they are failing an external DNS >> lookup for "service.arpa". >> > >> > This happens with unbound 1.21.0 and persists with unbound 1.22.0. >> > >> > And I believe this is related to this: >> > https://datatracker.ietf.org/doc/html/draft-ietf-dnssd- >> srp-25#section-10.1 <https://datatracker.ietf.org/doc/html/draft- >> ietf-dnssd-srp-25#section-10.1> >> > >> > >> > So my ask, to stop "service.arpa" from escaping my local network, >> can "service.arpa" be added to the unbound code as a Special Use >> Domain Name similar to "home.arpa"? >> > >> > >> > Best regards, >> > Jon >> > >> /Ce message et toutes les pièces jointes (ci-après le "message") sont >> établis à l’intention exclusive des destinataires désignés. Il contient des >> informations confidentielles et pouvant être protégé par le secret >> professionnel. Si vous recevez ce message par erreur, merci d'en avertir >> immédiatement l'expéditeur et de détruire le message. Toute utilisation de >> ce message non conforme à sa destination, toute diffusion ou toute >> publication, totale ou partielle, est interdite, sauf autorisation expresse >> de l'émetteur/ > >
