Hint: freebsd.org is dnssec enabled, google.com is not. Can you resolve other dnssec enabled domains, e.g. internetsociety.org?
R. Am Donnerstag, den 17.10.2019, 15:29 +0330 schrieb Javad Kouhi via Unbound-users: > Hello, unbound-users. > > I'm using Unbound 1.8.1 on FreeBSD 12.0-RELEASE. It works fine with > the majority of domains, but it can't resolve one particular domain, > FreeBSD.org. Everything else works perfectly. I'm able to resolve the > FreeBSD.org domain when using another nameserver (8.8.8.8 for > example). > > ~ # cat /etc/resolv.conf > nameserver 127.0.0.1 > ======================== > ~ # drill google.com > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 26913 > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;; google.com. IN A > > ;; ANSWER SECTION: > google.com. 126 IN A 216.58.206.206 > > ;; AUTHORITY SECTION: > > ;; ADDITIONAL SECTION: > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1 > ;; WHEN: Thu Oct 17 13:58:11 2019 > ;; MSG SIZE rcvd: 44 > ========================== > ~ # drill freebsd.org > Error: error sending query: Could not send or receive, because of > network > error > ========================== > ~ # echo "nameserver 8.8.8.8" > /etc/resolv.conf > > ~ # drill freebsd.org > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 41634 > ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;; freebsd.org. IN A > > ;; ANSWER SECTION: > freebsd.org. 3454 IN A 96.47.72.84 > > ;; AUTHORITY SECTION: > > ;; ADDITIONAL SECTION: > > ;; Query time: 45 msec > ;; SERVER: 8.8.8.8 > ;; WHEN: Thu Oct 17 14:00:02 2019 > ;; MSG SIZE rcvd: 45 > > It works when I change the nameserver to 8.8.8.8. It's strange > because > other domains work fine with local unbound, it's just the > FreeBSD.org. > > This is my config (generated by local-unbound-setup): > ~ # cat /etc/unbound/unbound.conf /etc/unbound/lan-zones.conf > /etc/unbound/control.conf > # This file was generated by local-unbound-setup. > # Modifications will be overwritten. > server: > username: unbound > directory: /var/unbound > chroot: /var/unbound > pidfile: /var/run/local_unbound.pid > auto-trust-anchor-file: /var/unbound/root.key > interface: 0.0.0.0 > access-control: 10.8.0.0/16 allow > > include: /var/unbound/lan-zones.conf > include: /var/unbound/control.conf > # This file was generated by local-unbound-setup. > # Modifications will be overwritten. > server: > # Unblock reverse lookups for LAN addresses > unblock-lan-zones: yes > insecure-lan-zones: yes > # This file was generated by local-unbound-setup. > # Modifications will be overwritten. > remote-control: > control-enable: yes > control-interface: /var/run/local_unbound.ctl > control-use-cert: no -- Robert Senger
