Re:Unbound does not response a forwarded query

[Adrian Zhang via Unbound-users]

When I check Unbound cache, it shows 


unbound-control dump_cache|grep mine.intra
file.mine.intra.        86387   IN      A       10.3.3.50
msg file.mine.intra. IN A 33152 1 47 1 1 0 0
file.mine.intra. IN A 0



3 records about file.mine.intra are generated by one client query.


Adrian


------------------ Original ------------------
From:  "Adrian Zhang via Unbound-users"<unbound-users@unbound.net>;
Date:  Tue, Feb 28, 2017 10:59 AM
To:  "unbound-users"<unbound-users@unbound.net>; 

Subject:  Unbound does not response a forwarded query

 
Hi there,


I am using unbound to forward mine.intra which is a private domain of Microsoft 
Windows Active Directory due to DNS server on Windows server has the record.


first of all, there is a record file.mine.intra created on DNS server on 
Windows, and works for clients via running "dig file.mine.intra @IP-OF-WINDOWS".
Second, create forward configuration in unbound.conf and restart Unbound, 
details are listed below. But Unbound is not able to response to client which 
run "dig file.mine.intra@IP-OF-UNBOUND"
forward-zone:
        name: "mine.intra."
        forward-addr: 10.3.3.21
        forward-addr: 10.3.3.22
        forward-first: no

(10.3.3.21 is dc1 of mine.intra, 10.3.3.22 is dc2 of mine.intra.)
Finally, I use tcpdump -w to catch packages and save to a file to see that 
happens. Then using Wireshark to open capture file I get below result.
Time          source.            Dest.               Protocol.            
Length.        Info. 
7.841795   client_ip.          Unbound_ip.     DNS                  76          
     Standard query 0xb80a A file.mine.intra
7.842781   Unbound_ip      Windows_ip.     DNS                  87              
 Standard query 0xdece A file.mine.intra OPT
7.843769.  ReltekU_e9:..   Broadcast         ARP                   60           
   Who has IP_OF_Unbound? Tell IP_OF_Windows
7.843788.  ReltekU_64..    ReltekU_e9:..    ARP                   42            
  IP_OF_Unbound is at 52:54:00:64:37:c7
7.844291.  Windows_ip.     Unbound_ip.     DNS                  103            
Standard query response 0xdece A file.mine.intra  A  10.3.3.50 OPT
7.844761.  Unbound_ip.     192.8.128.30.   DNS                  70             
Standard query 0x8762 NS <ROOT> OPT


Clearly Windows response the query but Unbound do not receive it and forward 
response to client, however it continually query ROOT DNS. BTW, these is also 
standard private domain forwarding settings (same format like above) in the 
same unbound.conf and works well, such as my-private-domain.com forwarded to a 
BIND server.


Why this happens and how to make Unbound response client if query a host in 
xxx.intra?


Thanks in advance.


Adrian