With ------------------------------------------------------------- server: directory: "/etc/unbound" do-daemonize: no tcp-upstream: yes trust-anchor-file: trusted-key.key use-syslog: yes username: "unbound"
forward-zone: name: "." forward-addr: 127.0.0.1@1053 ------------------------------------------------------------- and % ssh -L 127.0.0.1:1053:127.0.0.1:53 server , % drill nameToQuery returns SERVFAIL. In fact, any query doesn't work. According to tcpdump -vv -x -X -s 1500 -i lo 'port 1053', nothing being sent to the forward-addr. While % drill -I 127.0.0.1 -p 1053 -4 -t nameToQuery succeeds. Is that expected, for example because it is inherent to the NS protocol? If it supposed to work, how to further debug it?
