Hi there,
I am using unbound to forward mine.intra which is a private domain of Microsoft
Windows Active Directory due to DNS server on Windows server has the record.
first of all, there is a record file.mine.intra created on DNS server on
Windows, and works for clients via running "dig file.mine.intra @IP-OF-WINDOWS".
Second, create forward configuration in unbound.conf and restart Unbound,
details are listed below. But Unbound is not able to response to client which
run "dig file.mine.intra@IP-OF-UNBOUND"
forward-zone:
name: "mine.intra."
forward-addr: 10.3.3.21
forward-addr: 10.3.3.22
forward-first: no
(10.3.3.21 is dc1 of mine.intra, 10.3.3.22 is dc2 of mine.intra.)
Finally, I use tcpdump -w to catch packages and save to a file to see that
happens. Then using Wireshark to open capture file I get below result.
Time source. Dest. Protocol.
Length. Info.
7.841795 client_ip. Unbound_ip. DNS 76
Standard query 0xb80a A file.mine.intra
7.842781 Unbound_ip Windows_ip. DNS 87
Standard query 0xdece A file.mine.intra OPT
7.843769. ReltekU_e9:.. Broadcast ARP 60
Who has IP_OF_Unbound? Tell IP_OF_Windows
7.843788. ReltekU_64.. ReltekU_e9:.. ARP 42
IP_OF_Unbound is at 52:54:00:64:37:c7
7.844291. Windows_ip. Unbound_ip. DNS 103
Standard query response 0xdece A file.mine.intra A 10.3.3.50 OPT
7.844761. Unbound_ip. 192.8.128.30. DNS 70
Standard query 0x8762 NS <ROOT> OPT
Clearly Windows response the query but Unbound do not receive it and forward
response to client, however it continually query ROOT DNS. BTW, these is also
standard private domain forwarding settings (same format like above) in the
same unbound.conf and works well, such as my-private-domain.com forwarded to a
BIND server.
Why this happens and how to make Unbound response client if query a host in
xxx.intra?
Thanks in advance.
Adrian
