This might be because of the default local-data in unbound for RFC4193 addresses.
http://www.unbound.net/documentation/unbound.conf.html (ctrl-F RFC4193) If that is the cause, you can remove it with local-zone: D.F.ip6.arpa. nodefault -- Arni Arni Birgisson Professional Services Men & Mice Hlidarsmari 15, IS-201, Kopavogur, Iceland Phone: +354 412 1500 Email: [email protected] www.menandmice.com First Choice in IP Address Management Men & Mice Blog | Follow us on Twitter | Men & Mice on Facebook Disclaimer : www.menandmice.com/disclaimer On Mar 27, 2013, at 4:14 PM, "Mike." <[email protected]> wrote: > > My unbound config file is: > > ------------------------------------- > server: > verbosity: 1 > > statistics-interval: 84600 > statistics-cumulative: yes > extended-statistics: yes > > interface: 10.20.1.1 > interface: 127.0.0.1 > interface: fdcf:b715:2f4d:1::1 > interface: ::1 > > access-control: 0.0.0.0/0 refuse > access-control: 10.0.0.0/8 allow > access-control: 127.0.0.1 allow > > access-control: ::0/0 refuse > access-control: fdcf:b715:2f4d:1::/64 allow > access-control: fe80::/64 allow > access-control: ::1 allow > access-control: ::ffff:127.0.0.1 allow > access-control: 2001:xxxx:xxxx:1::/64 allow > > cache-min-ttl: 0 > > root-hints: "/var/unbound/etc/named.cache" > > # auto-trust-anchor-file: "/var/unbound/etc/root.key" > > domain-insecure: "241acl.lan" > > local-zone: "10.in-addr.arpa." nodefault > local-zone: "d.f.ip6.arpa." nodefault > > > stub-zone: > name: "241acl.lan" > stub-addr: fdcf:b715:2f4d:3::1 > > stub-zone: > name: "10.in-addr.arpa" > stub-addr: fdcf:b715:2f4d:3::1 > > stub-zone: > name: "d.f.ip6.arpa" > stub-addr: fdcf:b715:2f4d:3::1 > > > > remote-control: > control-enable: yes > control-interface: ::1 > > ----------------------------------------- > > and I am running unbound 1.4.17 on OpenBSD 5.2. > > > With the config file as above, all forward and reverse DNS lookups work > fine. However, when I uncomment the auto-trust-anchor-file, then the > rDNS look ups for fd::/8 addresses stop working. Increasing log > verbosity, it looks like unbound is traipsing to the root servers > looking for a DNSSEC key and not finding one. Then the rDNS request is > rejected, and I cannot figure out why.... > > I know I am missing something obvious, but I just cannot see it .... > > > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
