Hi Raed, 10.in-addr.arpa queries are blocked by a default local zone. You can turn off the default content for a subzone by using the transparent local-zone type. So, in your case that will be something like:
local-zone: "32.24.10.in-addr.arpa." transparent Setting the type to nondefault does not have any effect here, since there is no local-zone for that name (there is one for 10.in-addr.arpa). The private-address statement will strip occurrences of that address from the answer. I doubt that is what you are looking for. Please note that your access-control statement is potentially harmful (creating an open resolver). Regards, -- Ralph On 06-10-16 20:19, Nashef, Raed H via Unbound-users wrote: > Thanks Dustin, > > > > But how do I forward the requests for this local-zone to the DNS > resolver for the VPC “10.24.32.2” should I add the following: > > > > Stub-zone: > > Stub-addr: 10.24.32.2 > > > > Thus having the configuration below: > > > > private-address: 10.24.32.0/24 > > local-zone: "32.24.10.in-addr.arpa." nodefault > > Stub-zone: > > Stub-addr: 10.24.32.2 > > > > Thanks, > > Raed. > > > > > > *From:* Dustin Marquess [mailto:[email protected]] > *Sent:* Wednesday, October 05, 2016 5:55 PM > *To:* Nashef, Raed H <[email protected]>; [email protected] > *Subject:* Re: in-add.arpa > > > > Add: > > > > private-address: 10.24.32.0/24 > > local-zone: "32.24.10.in-addr.arpa." nodefault > > > > -Dustin > > > > _____________________________ > From: Nashef, Raed H via Unbound-users <[email protected] > <mailto:[email protected]>> > Sent: Wednesday, October 5, 2016 6:51 PM > Subject: in-add.arpa > To: <[email protected] <mailto:[email protected]>> > > Hello all, > > > > I’m using unbound as a DNS forwarder between on premise DNS and AWS > private hosted zone. In Route53, I have 32.24.10.in-addr.arpa zone. I > need to have unbound forward reverse DNS requests to this hosted zone. > > The VPC IP for example is 10.24.32.0, the AWS name server is always plus > two “10.24.32.2”. In unbound.conf I’ve tried the following and it does > not work: > > > > server: > > interface: 0.0.0.0 > > access-control: 0.0.0.0/0 allow > > forward-zone: > > name: "." > > forward-addr: 10.24.32.2 > > forward-zone: > > name: "32.24.10.in-addr.arpa" > > forward-addr: 10.24.32.2 > > > > Thanks, > > Raed > > > > > > Please be advised that this email may contain confidential information. > If you are not the intended recipient, please notify us by email by > replying to the sender and delete this message. The sender disclaims > that the content of this email constitutes an offer to enter into, or > the acceptance of, any agreement; provided that the foregoing does not > invalidate the binding effect of any digital or other electronic > reproduction of a manual signature that is included in any attachment. > > Please be advised that this email may contain confidential information. > If you are not the intended recipient, please notify us by email by > replying to the sender and delete this message. The sender disclaims > that the content of this email constitutes an offer to enter into, or > the acceptance of, any agreement; provided that the foregoing does not > invalidate the binding effect of any digital or other electronic > reproduction of a manual signature that is included in any attachment.
