Hi Håvard, The reply looks like this when the client's IP address is refused by unbound's access-control. When a local-zone refuses it, the query name would be present in the reply.
Unbound simply won't parse the query from the unallowed source, and thus the short reply contents. The null TYPE0 CLASS0 is an artifact of that it doesn't parse it, and then has nothing to print for log-replies. Best regards, Wouter On 2/5/19 1:26 PM, Havard Eidnes via Unbound-users wrote: > Hi, > > following up on my own message: > >> Feb 4 16:00:56 myname unbound: [22507:0] info: a.b.c.d null TYPE0 CLASS0 >> REFUSED 0.000000 1 12 > > Using kdig, I see the same problem client-side: > > % kdig -4 @a.b.c.d:853 vg.no. a +tls > ;; WARNING: response doesn't have question section > ;; TLS session (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM) > ;; ->>HEADER<<- opcode: QUERY; status: REFUSED; id: 54977 > ;; Flags: qr rd; QUERY: 0; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0 > > ;; Received 12 B > ;; Time 2019-02-05 13:22:00 CET > ;; From a.b.c.d8@853(TCP) in 14.9 ms > % > > Hrm, doesn't work as advertised. Need to dig deeper. Hints? > > Regards, > > - Håvard >
signature.asc
Description: OpenPGP digital signature
