-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 21/05/16 01:13, Måns Nilsson wrote:
> I initially tried to make nsd listen on 127.0.0.53 using an extra > loopback interface (in contrast to a statement by a PFY working at > a Swedish ISP back in the dotcom bubble days, we feel that we can > afford loopback interfaces... True story.) and it works. Half-way. > I can dig @127.0.0.53 and get excellent answers back. But unbound > refuses to use the address, and returns SERVFAIL. As soon as I > make nsd listen on a physical interface on the host and change the > unbound config accordingly so that it points to that address for > forwarding/stub address, things start working. You'll want the following in unbound.conf: do-not-query-localhost: no The default is yes, and stops unbound from sending queries to anything in 127.0.0.0/8 and ::1. Regards, Anand -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJXQBULAAoJEBXgoyUMySoFqOMP/jB+5BOgxrQdxfaz3zhNqTfP a5zFNFjuooKBt816uuSyotFyrAwELmispRTHjxY2eyIypVZWe4naVcRT/YkHVSc3 U9kQP7idxVb9DGP4Lhkmxdj2VyPVNqFDEqBOCyw8bIHois0NhdtmvjGOTj9Qa6gy Rp7bnkIgkDNYX7QY4vZ57VnkQN8GskJJFAx6DVTeBnj4dMxzJgBw5XALnMkdks1I tYI/UtaHgxrg7WmryZg96KOgw904X/oM74r97q6/ubPUTBA0O5MRmxQMZSNmtykM rjK98miehjZ/uPrLnSUwqjNj3jO4BRJvJ1jDmgvAkWRlQtjQ5zGB8kw1LEPUwt+1 WnaCEpefT0cysOgfbrAXl1NncKP+YG046wBD4k31V6RsLdyx89n33g8Xvlt0gszG iFoyQBqfFmJWxBKCx5BL1bXmpQslZPuaG7HBelr2j5WkxZWsv3uwjpaAKVaqVJDX LiX7ACfkjgMFsz+7vGFmmPvukjulIQ2udtEu3eCfYRJ/6ebLD6aS+9MIjMHgzMU9 +rYVxKSTwAt/dkmLV816NIqgPrVw8nSmpJhKr0MEnrjfi7e+73y/WLSKQ0pTP86S mWAOZ+EP9cZHxWdwY1NHDvKQ5EwLcclLIaJO+tQQr0/RmVve0iDAuYV2hCirzm4D 4LT7RnQAhGuIhlPeSfpb =fb8b -----END PGP SIGNATURE-----
