Discussion:
local unbound SERVFAIL without visible reason
(too old to reply)
Nagy László Zsolt
2016-06-29 10:06:29 UTC
Permalink
System: FreeBSD 10.2-RELEASE

/etc/rc.conf contains:

local_unbound_enable="yes"

My forwarders are: 80.249.168.18 and 87.229.108.201

Unbound seems to be running and listening:

# sockstat -l4 | grep :53
unbound unbound 69063 5 udp4 127.0.0.1:53 *:*
unbound unbound 69063 6 tcp4 127.0.0.1:53 *:*

Ports are open to the world (but they should not be):

# ipfw show | grep 2025
02025 12 750 allow udp from any to me dst-port 53
02025 0 0 allow tcp from any to me dst-port 53

Forwarder was setup correctly:

# cat /var/unbound/forward.conf
forward-zone:
name: .
forward-addr: 80.249.168.18
forward-addr: 87.229.108.201

But it is not working!

# host google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

Host google.com not found: 2(SERVFAIL)

It DOES work with any of the forwarders:

# host google.com 80.249.168.18
Using domain server:
Name: 80.249.168.18
Address: 80.249.168.18#53
Aliases:

google.com has address 216.58.209.206
google.com has IPv6 address 2a00:1450:4001:810::200e
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.

There is no error message in log/messages.

How should I find the problem?
Frank Shute
2016-06-30 15:49:51 UTC
Permalink
Post by Nagy László Zsolt
System: FreeBSD 10.2-RELEASE
local_unbound_enable="yes"
My forwarders are: 80.249.168.18 and 87.229.108.201
# sockstat -l4 | grep :53
unbound unbound 69063 5 udp4 127.0.0.1:53 *:*
unbound unbound 69063 6 tcp4 127.0.0.1:53 *:*
# ipfw show | grep 2025
02025 12 750 allow udp from any to me dst-port 53
02025 0 0 allow tcp from any to me dst-port 53
# cat /var/unbound/forward.conf
name: .
forward-addr: 80.249.168.18
forward-addr: 87.229.108.201
I've got this in unbound.conf:

forward-zone:
name: "."
forward-addr: 8.8.4.4 # Google
forward-addr: 8.8.8.8 # Google

Note that the period is quoted; maybe that's the problem.
Post by Nagy László Zsolt
But it is not working!
# host google.com 127.0.0.1
Name: 127.0.0.1
Address: 127.0.0.1#53
Host google.com not found: 2(SERVFAIL)
# host google.com 80.249.168.18
Name: 80.249.168.18
Address: 80.249.168.18#53
google.com has address 216.58.209.206
google.com has IPv6 address 2a00:1450:4001:810::200e
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
There is no error message in log/messages.
By default, unbound uses syslog. In the server section of unbound.conf(5), I
set:

verbosity: 1

which spits out any errors to: /var/log/debug.log

You can crank verbosity up to 4 but it shouldn't be necessary.
Post by Nagy László Zsolt
How should I find the problem?
HTH.


Regards,
--
Frank

https://woodcruft.co.uk/
Loading...