Hi Ray!
It seems you have defined local zone ratmouse.ts.net in your unbound.
That also means it is authoritative for it and authoritative answers
override those, which might be obtained by forwarding.
Because local-data does not specify ds1.ratmouse.ts.net, it seems
correct to respond with nxdomain. Your unbound does not specify any
subzone delegation. That means what unbound does not know, that does not
exist, in this zone. Defining both authoritative zone and forwarding
zone for the same name is configuration error, because forwarding gets
ignored then.
If you need it this way, try local-zone transparent or typetransparent
type. That should allow resolution of non-existent names inside this
zone. Of course unbound supporting it is required.
I would recommend using forward-zone or stub-zone for the ratmouse
domain and placing server address outside of this zone. For example at
ratmouse-ns.ts.net defined in a separate zone. Would make it more clear
which server is authoritative for which zone and data.
Cheers,
Petr
On 24. 05. 24 17:01, RayG via Unbound-users wrote:
I am trying to use TailScale and I wanted Unbound to resolve TailScale DNS
names.
TailScale has its own mini DNS server which when queried directly works just
fine:
dig ds1.ratmouse.ts.net. @100.100.100.100
; <<>> DiG 9.17.14 <<>> ds1.ratmouse.ts.net. @100.100.100.100 ;; global
options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57681 ;; flags: qr aa rd
ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ds1.ratmouse.ts.net. IN A
;; ANSWER SECTION:
ds1.ratmouse.ts.net. 600 IN A 100.102.208.83
;; Query time: 4 msec
;; SERVER: 100.100.100.100#53(100.100.100.100) (UDP) ;; WHEN: Wed May 22
14:13:34 GMT Summer Time 2024 ;; MSG SIZE rcvd: 74
When I try to do that via Unbound I get NXDOMAIN
22/05/2024 14:15:07 C:\Program Files\Unbound\unbound.exe[5756:0] query:
127.0.0.1 ds1.ratmouse.ts.net. A IN
22/05/2024 14:15:07 C:\Program Files\Unbound\unbound.exe[5756:0] reply:
127.0.0.1 ds1.ratmouse.ts.net. A IN NXDOMAIN 0.000000 1 109
dig ds1.ratmouse.ts.net.
; <<>> DiG 9.17.14 <<>> ds1.ratmouse.ts.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55170 ;; flags: qr aa
rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ds1.ratmouse.ts.net. IN A
;; AUTHORITY SECTION:
ratmouse.ts.net. 3600 IN SOA localhost. nobody1.invalid. 1
3600 1200 604800 10800
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP) ;; WHEN: Wed May 22 14:15:07 GMT
Summer Time 2024 ;; MSG SIZE rcvd: 109
This is the configuration for the forwarding, is there anything I am doing
wrong or have forgotten to include?
server:
private-domain: "ratmouse.ts.net."
domain-insecure: "ratmouse.ts.net."
local-zone: "ratmouse.ts.net." static
local-data: "ratmouse.ts.net. IN NS localhost."
local-data: "ratmouse.ts.net. IN SOA localhost. nobody1.invalid. 1 3600
1200 604800 10800"
local-data: "ratmouse.ts.net. IN A 100.100.100.100"
forward-zone:
name: "ratmouse.ts.net."
forward-addr: 100.100.100.100@53
forward-first: yes
forward-tls-upstream: no
forward-tcp-upstream: no
Thanks
--
Petr Menšík
Software Engineer, RHEL
Red Hat, http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
