Le mercredi 2 août 2017, 08:46:31 CEST W.C.A. Wijngaards via Unbound-users a écrit : > Hi, > > Also, > local-zone: "2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa." nodefault > has to be d.f.ip6.arpa nodefault, to disable the default zone that is > upwards from your private zone. > > Best regards, Wouter > > On 01/08/17 18:29, Eric Luehrsen via Unbound-users wrote: > > dnsmasq is a forwarding resolver and you need "forward" clauses instead > > of "stub" clauses. As you know its similar user configuration syntax, > > but different communication behaviors. "Stub" is a short cut to an > > authoritative server. Also, dnsmasq compiled with authoritative > > conditional compile options can pretend but it has limited function. > > > > On 08/01/2017 04:16 AM, Stephane Guedon via Unbound-users wrote: > >> Good (insert your locale time of the day) all members of this list. I > >> have a trouble with my instance of Unbound (OpenBSD 6.1 stable) with > >> private ipv6 space. I have a local dns resolver/cache (Dnsmasq) which > >> works perfect on my router. The Unbound instance is supposed to > >> redirect all dns requests regarding private domains and address space > >> to it: private-address: fd00:2016:22::/48 access-control: ::0/0 refuse > >> access-control: ::1/128 allow access-control: fd00:2016:22::/48 allow > >> local-zone: "2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa." nodefault > >> domain-insecure: "22decembre.eu." domain-insecure: "22december.dk." > >> > >> domain-insecure: "2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa." stub-zone: > >> name: "22decembre.eu." stub-addr: "fd00:2016:22:dec::1" > >> > >> stub-zone: name: "22december.dk." stub-addr: > >> "fd00:2016:22:dec::1" stub-zone: name: "d.f.ip6.arpa." > >> > >> stub-addr: "fd00:2016:22:dec::1" stub-zone: name: > >> "2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa." stub-addr: > >> "fd00:2016:22:dec::1" > >> > >> #domain-insecure: "6.7.5.1.0.0.0.4.6.0.a.2.ip6.arpa." #local-zone: > >> "6.7.5.1.0.0.0.4.6.0.a.2.ip6.arpa." stub-zone: name: > >> "6.7.5.1.0.0.0.4.6.0.a.2.ip6.arpa." stub-addr: > >> "fd00:2016:22:dec::1" > >> > >> (In the begining - aka before two days ago - I used forward zones > >> pointing at fd00:2016:22:dec::1 aka dnsmasq and the whole thing worked > >> smoothly as intended. It does not anymore and I tried to upgrade my > >> conf according to the manual and my understanding is that this conf' > >> is supposed to be done with stub-zones.) > >> > >> > >> > >> But apparently, whenever I send request on 22decembre.eu or > >> 2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa. I get blocked : ; <<>> DiG 9.4.2-P2 > >> <<>> @unbound mirror.22decembre.eu ; (2 servers found) ;; global > >> options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, > >> status: NOERROR, id: 6329 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, > >> AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: > >> ;mirror.22decembre.eu. IN A ;; Query time: 3 msec ;; > >> SERVER: fd00:2016:22:dec::3#53(fd00:2016:22:dec::3) ;; WHEN: Tue Aug > >> > >> 1 10:10:01 2017 ;; MSG SIZE rcvd: 38 > >> > >> stephane@blackblock:/home/stephane dig -t ptr @unbound > >> 2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa. ; <<>> DiG 9.4.2-P2 <<>> -t ptr > >> @unbound 2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa. ; (1 server found) ;; > >> global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: > >> QUERY, status: NXDOMAIN, id: 46873 ;; flags: qr aa rd ra; QUERY: 1, > >> ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: > >> ;2.2.0.0.6.1.0.2.0.0.d.f.ip6.arpa. IN PTR ;; AUTHORITY SECTION: > >> d.f.ip6.arpa. 10800 IN SOA localhost. > >> nobody.invalid. 1 3600 1200 604800 10800 > >> > >> Can anyone tell me what mistake(s) I make ? Thank you in advance.
I answer in order to give the solution to those in need, as I found it. I needed to have : private-domain: "22decembre.eu." So my domain can have private address (10.0.0.0/8 and fd00:2016...).
signature.asc
Description: This is a digitally signed message part.