Maintained by: NLnet Labs

[Unbound-users] unbound failed lookups?

Sat Jul 26 22:22:25 CEST 2014

Hello Carsten,

Thank you so very much.  That was absolutely perfect.  I would have gladly used option a) or b) but since it's for a server application, it was easier to use option c) as there were also no drawbacks.  

Many thanks again.


On Jul 25, 2014, at 11:27 PM, Carsten Strotmann <unbound at> wrote:

> Hello Patrick,
> pcl-associates writes:
>> Hi,
>> Unbound seems to be handling failed lookups in a strange manner.  Certain lookups provide my external IP as the answer.  I'm interpreting that as a failed lookup.  If that's the case, then how can I get unbound to provide an actual "failed lookup" response rather than my own external IP address?  
>> I've looked all over the unbound.conf site and found nothing with respect to this particular problem.  The logs don't give me 
>> Machine w Unbound# nslookup
>> Server:
>> Address:
>> Non-authoritative answer:
>> Name:
>> Address: 1xx.1xx.1xx.1xx  [my external IP address]
> There is probably nothing wrong with Unbound, but your query tool
> (nslookup) appends a local domain name "" to the
> query. nslookup, as well as the operating system stub-resolver, appends
> the local domain and/or any DNS searchlist in case the original query
> gives a negative response (NXDOMAIN).
> You have a wildcard-record on "" 
> dig "*" +noall +answer
> ; <<>> DiG 9.10.0-P1 <<>> * +noall +answer
> ;; global options: +cmd
> *         5992    IN      A
> that IP address will be returned on all queries that end in
> "".
> If you don't want that, you can
> a) make the domain name you query full qualified by ending with a dot: 
> "nslookup"
> b) use better DNS query tools than "nslookup" ("dig" or "drill" or
> "unbound-host")
> c) remove the local domain/searchlist from the computer's TCP/IP
> configuration you're sending the query from.
> -- 
> Carsten Strotmann
> Email: cas at
> Blog:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>