Re: [Unbound-users] rDNS for fd::/8

Wed, 27 Mar 2013 10:34:00 -0700 

On 3/27/2013 at 12:14 PM Mike. wrote:

|My unbound config file is:
|
|-------------------------------------
|server:
|       verbosity: 1
|
|       statistics-interval: 84600
|       statistics-cumulative: yes
|       extended-statistics: yes
|
|       interface:      10.20.1.1
|       interface:      127.0.0.1
|       interface:      fdcf:b715:2f4d:1::1
|       interface:      ::1
|
|       access-control: 0.0.0.0/0               refuse
|       access-control: 10.0.0.0/8              allow
|       access-control: 127.0.0.1               allow
|
|       access-control: ::0/0                   refuse
|       access-control: fdcf:b715:2f4d:1::/64   allow
|       access-control: fe80::/64               allow
|       access-control: ::1                     allow
|       access-control: ::ffff:127.0.0.1        allow
|       access-control: 2001:xxxx:xxxx:1::/64   allow
|
|       cache-min-ttl:  0
|
|       root-hints: "/var/unbound/etc/named.cache"
|
|#      auto-trust-anchor-file: "/var/unbound/etc/root.key"
|
|       domain-insecure:        "241acl.lan"
|
|       local-zone: "10.in-addr.arpa." nodefault
|       local-zone: "d.f.ip6.arpa." nodefault
|
|
|stub-zone:
|       name: "241acl.lan"
|       stub-addr: fdcf:b715:2f4d:3::1
|
|stub-zone:
|       name: "10.in-addr.arpa"
|       stub-addr: fdcf:b715:2f4d:3::1
|
|stub-zone:
|       name: "d.f.ip6.arpa"
|       stub-addr: fdcf:b715:2f4d:3::1
|
|
|
|remote-control:
|       control-enable:         yes
|       control-interface:      ::1
|
|-----------------------------------------
|
|and I am running unbound 1.4.17 on OpenBSD 5.2.
|
|
|With the config file as above, all forward and reverse DNS lookups
work
|fine.   However, when I uncomment the auto-trust-anchor-file, then the
|rDNS look ups for fd::/8 addresses stop working.   Increasing log
|verbosity, it looks like unbound is traipsing to the root servers
|looking for a DNSSEC key and not finding one.  Then the rDNS request
is
|rejected, and I cannot figure out why....
|
|I know I am missing something obvious, but I just cannot see it ....
 =============


If I add:

        domain-insecure:        "d.f.ip6.arpa"


then rDNS works, even with the auto-trust-anchor-file enabled.


So then my question becomes --- in order for rDNS to work, why do I
need domain-insecure for d.f.ip6.arpa and not for 10.in-addr.arpa?





_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

Reply via email to