Try to use forward-zone instead of stub-zone in unbound.conf
forward-zone:
name: “abc.com"
forward-addr: 127.0.0.1
> On 10 okt. 2016, at 23:42, Johan Mellberg <[email protected]> wrote:
>
> Hi all,
>
> I am setting up a fresh OpenBSD 6.0 server in a KVM VM to serve my
> home network with DNS. I have a custom zone (only for LAN use) set up
> and previously used BIND successfully (but that VM crashed and its
> disk was hosed...) both as authoritative and caching/resolving.
>
> So now I am trying to learn to set up NSD to be authoritative for my
> small zone and Unbound to serve the LAN with all other queries. But
> there is a problem:
>
> 1. Unbound successfully responds to queries and provides lookup to the
> LAN machines for "the internet".
> 2. NSD successfully responds to queries for the custom zone.
> 3. But I cannot get Unbound to get a reply from NSD...
>
> I have tried multiple combinations of ports and interface bindings and
> I suspect that I am missing something simple here. Currently I have
> set NSD to listen on 127.0.0.1 and Unbound listens on 192.168.x.91 -
> so there should not be a conflict. In fact it works fine if I use dig
> @localhost <LANhostname> and dig @192.168.x.91 <internethostname>
> respectively, but the second version only provides an answer-less
> response if asked for a LAN hostname.
>
> Unbound is set to ask localhost for the stub zones, forward and reverse.
>
> And, yes, I could of course use Unbound to serve my local zone and
> drop NSD - but that would be giving up... It's supposed to work from
> all I read! :-)
>
> I have also tried having NSD listen on 127.0.0.1@5353, and telling
> unbound to use that as the stub-address, while then having Unbound
> listen on 127.0.0.1 as well as 192.168.x.91 to be able to set
> 127.0.0.1 as the nameserver in /etc/resolv.conf. Same result except I
> can't test NSD with dig as it can't use an alternative port.
>
> A possibly related question: I can't seem to be able to use
> shortnames. The domain part should be picked up from the host name as
> given in /etc/myname, but that does not seem to work as I expect, I
> always have to provide the FQDN. Again something I have missed
> perhaps?
>
> Anyway, I am staring blindly at the config files now and really need
> help figuring it out. I have removed all that is commented, otherwise
> it's the default except for changes of course.
>
> Thanks for any clue bats coming my way...
> /Johan
>
> * resolv.conf
> lookup file bind
> nameserver 192.168.x.91
>
> # cat /etc/myname
> dns03.my.domain
>
> # cat /etc/hosts
> 127.0.0.1 localhost
> ::1 localhost
> 192.168.x.91 dns03.my.domain dns03
>
> # cat /var/unbound/etc/unbound.conf
> # $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $
>
> server:
> interface: 192.168.x.91
> interface: ::1
> do-not-query-localhost: no
>
> access-control: 192.168.x.64/24 allow
> access-control: 127.0.0.0/8 allow
> access-control: 0.0.0.0/0 refuse
> access-control: ::0/0 refuse
> access-control: ::1 allow
>
> hide-identity: yes
> hide-version: yes
>
> # Uncomment to enable DNSSEC validation.
> #
> auto-trust-anchor-file: "/var/unbound/db/root.key"
>
> root-hints: /var/unbound/etc/root.hints
>
> remote-control:
> control-enable: yes
> control-use-cert: no
> control-interface: /var/run/unbound.sock
>
> stub-zone:
> name: "my.domain"
> stub-addr: 127.0.0.1
> stub-zone:
> name: "x.168.192.in-addr.arpa"
> stub-addr: 127.0.0.1
>
> # cat /var/nsd/etc/nsd.conf
> # $OpenBSD: nsd.conf,v 1.11 2015/04/12 11:49:39 sthen Exp $
>
> server:
> hide-version: yes
> verbosity: 1
> database: "" # disable database
>
> ## bind to a specific address/port
> ip-address: 127.0.0.1
>
> remote-control:
> control-enable: yes
>
> zone:
> name: "my.domain"
> zonefile: "master/my.domain"
> zone:
> name: "x.168.192.in-addr.arpa"
> zonefile: "master/192.168.x.rev"
