On Tue, Feb 07, 2023 at 01:00:04PM +0100, Florian Obser wrote:
> On 2023-02-06 14:33 -05, Ryan Kavanagh <r...@rak.ac> wrote:
> >>Synopsis: unwind ignores 'force' directive for home.arpa
> >>Category: system
> >>Environment:
> > System : OpenBSD 7.2
> > Details : OpenBSD 7.2-current (GENERIC.MP) #1015: Thu Feb 2
> > 06:25:57 MST 2023
> >
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> >
> > Architecture: OpenBSD.amd64
> > Machine : amd64
> >>Description:
> > Nameserver 10.0.1.1 provides the zone home.arpa on my network, and I
> > would like unwind to forward requests for home.arpa and its
> > subdomains
> > to 10.0.1.1.
> >
> > unwind.conf(5) claims in its last example that I can force
> > unwind(8) to
> > use this forwarder to resolve home.arpa and its subdomains using a
> > stanza 'force forwarder { home.arpa }'. Unexpectedly, unwind serves
> > libunbound's default static, empty home.arpa zone instead of
> > forwarding
> > the request to the name server. Adding the 'bogus' keyword does not
> > change this behaviour.
>
> Please try this:
>
> diff --git resolver.c resolver.c
> index 93ec7b77a98..6131c7ccb95 100644
> --- resolver.c
> +++ resolver.c
> @@ -232,7 +232,7 @@ struct val_neg_cache *unified_neg_cache;
> int dns64_present;
> int available_afs = HAVE_IPV4 | HAVE_IPV6;
>
> -static const char * const as112_zones[] = {
> +static const char * const forward_transparent_zones[] = {
> /* RFC1918 */
> "10.in-addr.arpa. transparent",
> "16.172.in-addr.arpa. transparent",
> @@ -328,6 +328,9 @@ static const char * const as112_zones[] = {
>
> /* RFC3849 */
> "8.B.D.0.1.0.0.2.ip6.arpa. transparent"
Surely the previous line needs a comma.
> +
> + /* RFC 8375 */
All other comments do not have a space after RFC
> + "home.arpa. transparent"
> };
>
> const char bogus_past[] = "validation failure <. NS IN>: signature "
