Hi Adrian, Unbound waits until the root has done. But you do not allow these queries to be done.
You can stop unbound from querying the root NS by setting a forward zone
for the root (".") to somewhere.
Best regards, Wouter
On 28/02/17 06:16, Adrian Zhang via Unbound-users wrote:
> When I check Unbound cache, it shows
>
> unbound-control dump_cache|grep mine.intra
> file.mine.intra.86387INA10.3.3.50
> msg file.mine.intra. IN A 33152 1 47 1 1 0 0
> file.mine.intra. IN A 0
>
> 3 records about file.mine.intra are generated by one client query.
>
> Adrian
>
> ------------------ Original ------------------
> *From: * "Adrian Zhang via Unbound-users"<[email protected]>;
> *Date: * Tue, Feb 28, 2017 10:59 AM
> *To: * "unbound-users"<[email protected]>;
> *Subject: * Unbound does not response a forwarded query
>
> Hi there,
>
> I am using unbound to forward mine.intra which is a private domain of
> Microsoft Windows Active Directory due to DNS server on Windows server
> has the record.
>
> first of all, there is a record file.mine.intra created on DNS server on
> Windows, and works for clients via running "dig file.mine.intra
> @IP-OF-WINDOWS".
> Second, create forward configuration in unbound.conf and restart
> Unbound, details are listed below. But Unbound is not able to response
> to client which run "dig file.mine.intra@IP-OF-UNBOUND"
> forward-zone:
> name: "mine.intra."
> forward-addr: 10.3.3.21
> forward-addr: 10.3.3.22
> forward-first: no
> (10.3.3.21 is dc1 of mine.intra, 10.3.3.22 is dc2 of mine.intra.)
> Finally, I use tcpdump -w to catch packages and save to a file to see
> that happens. Then using Wireshark to open capture file I get below result.
> Time source. Dest. Protocol.
> Length. Info.
> 7.841795 client_ip. Unbound_ip. DNS 76
> Standard query 0xb80a A file.mine.intra
> 7.842781 Unbound_ip Windows_ip. DNS 87
> Standard query 0xdece A file.mine.intra OPT
> 7.843769. ReltekU_e9:.. Broadcast ARP 60
> Who has IP_OF_Unbound? Tell IP_OF_Windows
> 7.843788. ReltekU_64.. ReltekU_e9:.. ARP 42
> IP_OF_Unbound is at 52:54:00:64:37:c7
> 7.844291. Windows_ip. Unbound_ip. DNS 103
> Standard query response 0xdece A file.mine.intra A 10.3.3.50 OPT
> 7.844761. Unbound_ip. 192.8.128.30. DNS 70
> Standard query 0x8762 NS <ROOT> OPT
>
> Clearly Windows response the query but Unbound do not receive it and
> forward response to client, however it continually query ROOT DNS. BTW,
> these is also standard private domain forwarding settings (same format
> like above) in the same unbound.conf and works well, such as
> my-private-domain.com forwarded to a BIND server.
>
> Why this happens and how to make Unbound response client if query a host
> in xxx.intra?
>
> Thanks in advance.
>
> Adrian
signature.asc
Description: OpenPGP digital signature
