| View previous topic :: View next topic |
| Author |
Message |
shimitar
Guru
Joined: 23 Nov 2003
Posts: 331
Location: Italy, Torino
|
 Posted: Fri Jun 21, 2024 1:11 pm Post subject: Unbound not working |
 |
|
I have emerged Unbound and i want to use it as my DNS.
this is my unbound.conf:
| Code: | server:
logfile: /var/log/unbound.log
log-time-ascii: yes
verbosity: 3
interface: 127.0.0.1
port: 53
do-ip4: yes
do-udp: yes
do-tcp: yes
do-ip6: yes
prefer-ip6: no
harden-glue: no # i tried also yes here with no change
harden-dnssec-stripped: yes
use-caps-for-id: no
edns-buffer-size: 1232
prefetch: yes
num-threads: 1
so-rcvbuf: 1m
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
|
But it doesnt work:
| Code: | # dig leonardo.polito.it @127.0.0.1
; <<>> DiG 9.16.48 <<>> leonardo.polito.it @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35726
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;leonardo.polito.it. IN A
;; Query time: 2230 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun 21 15:07:29 CEST 2024
;; MSG SIZE rcvd: 47
|
Log is:
| Code: | Jun 21 15:09:13 unbound[31294:0] notice: init module 0: validator
Jun 21 15:09:13 unbound[31294:0] notice: init module 1: iterator
Jun 21 15:09:13 unbound[31294:0] info: start of service (unbound 1.19.3).
Jun 21 15:09:17 unbound[31294:0] info: resolving leonardo.polito.it. A IN
Jun 21 15:09:17 unbound[31294:0] info: priming . IN NS
Jun 21 15:09:17 unbound[31294:0] info: response for . NS IN
Jun 21 15:09:17 unbound[31294:0] info: reply from <.> 193.0.14.129#53
Jun 21 15:09:17 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:17 unbound[31294:0] info: response for . NS IN
Jun 21 15:09:17 unbound[31294:0] info: reply from <.> 193.0.14.129#53
Jun 21 15:09:17 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:17 unbound[31294:0] info: response for . NS IN
Jun 21 15:09:17 unbound[31294:0] info: reply from <.> 202.12.27.33#53
Jun 21 15:09:17 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:17 unbound[31294:0] info: response for . NS IN
Jun 21 15:09:17 unbound[31294:0] info: reply from <.> 192.33.4.12#53
Jun 21 15:09:17 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:17 unbound[31294:0] info: response for . NS IN
Jun 21 15:09:17 unbound[31294:0] info: reply from <.> 2001:503:c27::2:30#53
Jun 21 15:09:17 unbound[31294:0] info: query response was ANSWER
Jun 21 15:09:17 unbound[31294:0] info: priming successful for . NS IN
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <.> 193.0.14.129#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <.> 2001:500:12::d0d#53
Jun 21 15:09:18 unbound[31294:0] info: query response was REFERRAL
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <it.> 194.0.16.215#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <it.> 2a00:d40:1:1::5#53
Jun 21 15:09:18 unbound[31294:0] info: query response was REFERRAL
Jun 21 15:09:18 unbound[31294:0] info: resolving ns3.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: resolving ns1.garr.net. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: resolving giove.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: resolving leonardo.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: resolving ns1.garr.net. A IN
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.24#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.4.30#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.24#53
Jun 21 15:09:18 unbound[31294:0] info: response for ns3.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.4.30#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.21#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.24#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.24#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for ns3.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.21#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.24#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.24#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.4.30#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for ns3.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.24#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.21#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.4.30#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for ns1.garr.net. A IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <.> 2001:500:2d::d#53
Jun 21 15:09:18 unbound[31294:0] info: query response was REFERRAL
Jun 21 15:09:18 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.4.30#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for ns3.polito.it. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <polito.it.> 130.192.3.21#53
Jun 21 15:09:18 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:18 unbound[31294:0] info: response for ns1.garr.net. AAAA IN
Jun 21 15:09:18 unbound[31294:0] info: reply from <.> 2001:503:c27::2:30#53
Jun 21 15:09:18 unbound[31294:0] info: query response was REFERRAL
Jun 21 15:09:18 unbound[31294:0] info: response for leonardo.polito.it. A IN
Jun 21 15:09:23 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:23 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:23 unbound[31294:0] info: reply from <polito.it.> 193.206.141.38#53
Jun 21 15:09:23 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:23 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:23 unbound[31294:0] info: reply from <polito.it.> 130.192.3.24#53
Jun 21 15:09:23 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:23 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:23 unbound[31294:0] info: reply from <polito.it.> 130.192.4.30#53
Jun 21 15:09:23 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:23 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:23 unbound[31294:0] info: reply from <polito.it.> 130.192.3.21#53
Jun 21 15:09:23 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:23 unbound[31294:0] info: response for giove.polito.it. AAAA IN
Jun 21 15:09:23 unbound[31294:0] info: reply from <polito.it.> 130.192.4.30#53
Jun 21 15:09:23 unbound[31294:0] info: query response was THROWAWAY
Jun 21 15:09:23 unbound[31294:0] info: resolving leonardo.polito.it. AAAA IN
Jun 21 15:09:23 unbound[31294:0] info: resolving ns3.polito.it. AAAA IN
Jun 21 15:09:23 unbound[31294:0] info: resolving ns1.garr.net. AAAA IN |
(i have somehow shortened the log)
What is the problem here? Any help?
_________________
Willy Gardiol
willy@gardiol.org |
|
| Back to top |
|
 |
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5094
Location: Bavaria
|
| Posted: Fri Jun 21, 2024 1:26 pm Post subject: |
|
|
I am missing the section "forward-zone:" in your configuration file ...
Have a look into my (german) post: https://forums.gentoo.org/viewtopic-p-8753593.html#8753593 if you want use unbound as a server ... but first ->
I am using it only for local DNS queries ... here the first post of above thread is sufficient.
(If you have a firewall you must allow port 853 of course; see also in my first post)
(Attention: I am using OpenRC as init system; if you have systemd you must change one line !
I have also disabled IPv6 completely in my kernel; so another line is not true for you)
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
shimitar
Guru
Joined: 23 Nov 2003
Posts: 331
Location: Italy, Torino
|
| Posted: Fri Jun 21, 2024 1:43 pm Post subject: |
|
|
Do i need a forward zone?
i do not want to depend on a forward dns, that's the idea, or i would just use dnsmasq+dnssec and call it a day...
I do also use OpenRC.
i will translate the thread you linked and check it later, thanks!
_________________
Willy Gardiol
willy@gardiol.org |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5094
Location: Bavaria
|
| Posted: Fri Jun 21, 2024 2:53 pm Post subject: |
|
|
| shimitar wrote: | Do i need a forward zone?
i do not want to depend on a forward dns, that's the idea, or i would just use dnsmasq+dnssec and call it a day... |
I am using "unbound" instead "dnsmasq+dnssec" ... because (IMHO) it is more secure (dnsmasq had some bad security bugs in the past) ... 
(I made also an AppArmor-profile for "unbound" because I use AA also)
_________________
https://wiki.gentoo.org/wiki/User:Pietinger |
|
| Back to top |
|
|
|
Networking & Security
