Hello Carsten, Thank you so very much. That was absolutely perfect. I would have gladly used option a) or b) but since it's for a server application, it was easier to use option c) as there were also no drawbacks.
Many thanks again. Patrick On Jul 25, 2014, at 11:27 PM, Carsten Strotmann <[email protected]> wrote: > > Hello Patrick, > > pcl-associates writes: > >> Hi, >> >> Unbound seems to be handling failed lookups in a strange manner. Certain >> lookups provide my external IP as the answer. I'm interpreting that as a >> failed lookup. If that's the case, then how can I get unbound to provide an >> actual "failed lookup" response rather than my own external IP address? >> >> I've looked all over the unbound.conf site and found nothing with respect to >> this particular problem. The logs don't give me >> >> Machine w Unbound# nslookup 96.94.160.167.sbl-xbl.spamhaus.org >> Server: 127.0.0.2 >> Address: 127.0.0.2#53 >> >> Non-authoritative answer: >> Name: 96.94.160.167.sbl-xbl.spamhaus.org.aquawest.net >> Address: 1xx.1xx.1xx.1xx [my external IP address] >> > > There is probably nothing wrong with Unbound, but your query tool > (nslookup) appends a local domain name ".aquawest.net" to the > query. nslookup, as well as the operating system stub-resolver, appends > the local domain and/or any DNS searchlist in case the original query > gives a negative response (NXDOMAIN). > > You have a wildcard-record on ".aquawest.net" > > dig "*.aquawest.net" +noall +answer > > ; <<>> DiG 9.10.0-P1 <<>> *.aquawest.net +noall +answer > ;; global options: +cmd > *.aquawest.net. 5992 IN A 109.164.249.126 > > that IP address will be returned on all queries that end in > ".aquawest.net". > > If you don't want that, you can > > a) make the domain name you query full qualified by ending with a dot: > "nslookup 96.94.160.167.sbl-xbl.spamhaus.org." > > b) use better DNS query tools than "nslookup" ("dig" or "drill" or > "unbound-host") > > c) remove the local domain/searchlist from the computer's TCP/IP > configuration you're sending the query from. > > -- > Carsten Strotmann > Email: [email protected] > Blog: strotmann.de >
_______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
