howto resolve 10.in-addr.arpa

W.C.A. Wijngaards wouter at nlnetlabs.nl
Thu Oct 8 07:06:25 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Andreas,

On 07/10/15 15:06, A. Schulze via Unbound-users wrote:
> 
> Hello,
> 
> we have the following configuration to point unbound-1.5.4 to our 
> private nameservers:
> 
> server: local-zone: "10.in-addr.arpa." transparent domain-insecure:
> "10.in-addr.arpa."
> 
> stub-zone: name: "private.example.com." stub-addr: "10.0.1.53" 
> stub-addr: "10.0.2.53"
> 
> stub-zone: name: "10.in-addr.arpa." stub-addr: "10.0.1.53" 
> stub-addr: "10.0.2.53"
> 
> ----
> 
> this setup run here for years. Now the server 10.0.2.53 died and we
> notice timeouts for *.10.in-addr.arpa PTR queries. But we did /not/
> notice any problems for *.private.example.com.

My guess is both do not work and the TTL is different. Normally,
unbound should try both addresses, and I guess it is trying them but
the other also does not work.  unbound-control lookup can be used to
get the info on those two IP addresses, like ping time.  Or maybe you
can dig @10.0.1.53 and see if it responds.

Otherwise, this is a bug of some sort, unbound should be trying all
available name servers for your query.

The local-zone config did not seem to be the problem.

Best regards,
   Wouter

> 
> In the last hour I also found that "transparent" is not the best 
> declaration. I may be better to configure ` local-zone:
> "10.in-addr.arpa." nodefault ` But as I don't have any local-data
> there should be no difference between nodefault and transparent.
> 
> I did not expect that unbound has trouble it one of two nameservers
> for a zone fail. Any suggestions?
> 
> Thanks Andreas
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWFhXxAAoJEJ9vHC1+BF+NmsIQAJ/+e3mhuPhQ3Uv+r9Fb5PqH
2Bj/m3VJCb9ztq0ZZvbmy6Tqa9nWfjLujAlqjbQzo9MNzwJyp6k46qh6kzebedkA
Bvky6TSx6Cp6WXk2G0bEi6CGaxmO5x9yL5h4U2YuY7RgTSty753eTExFa/8GMX3B
x4HJbbvJVUMmBCk9L+F4HYAiToasuHTG3dkyZRGNLu19RgSoajsBLmbYn6f1jJ4Q
XV5P4lidogtc9S6up1hESNz6ZDuHnS72Rl6IAhRuuXBnnFjHrefGX1kd2lq0RDFv
pmKXBtzHh+vWQkJQUrrCeXkdVSFeuhHoq2uQqAFM3M7Pmp5Br2q+eVlpBqckT4Im
BlrKcemAtEnKOhCC5V+VnlbOP2aw3GVJ/OIwC/8TQyoL0RGT06mICs/SkuP8AFwk
rI6o9JEZeZqUvkqErJagAK89bhE0p1Fnm2Z9sgq8iJuy8Oo40ve4MuBAai/ZNvzU
5LhLO5LQ1NVxlsrEFCeXpsRnDsImSiifv2QSYOMX+ZMYxsgPu87Sn3JsFnLT+It7
JhFsqeAMkjQ0rClOrLz1xqo2bjjmU7k9prkvFYIixZbHtrNZS9DsDZj36q5aGCfo
xy3dtCJjymuDBK/ELEOq09b0KSjy5CnoL7kIaZpX0H3G+VOW7kmaznO2p2NuNh57
HEr33wINd3gUcj3BiNTj
=xCTv
-----END PGP SIGNATURE-----

More information about the Unbound-users mailing list