Re: Unwind in rdomain1 returning NXDOMAIN for local queries

[Florian Obser]

On 2022-03-25 11:41 +01, Francisco Gaitan <openbsd-m...@retrocircuitos.com> 
wrote:
> I have setup a WireGuard VPN so I run two instances of unwind, one for
> rdomain 0 (unwind) and another for rdomain 1 (unwind1) this way:
> lrwxr-xr-x  1 root  wheel    16 Mar 23 13:44 unwind1 -> /etc/rc.d/unwind
>
> $ cat /etc/rc.conf.local
> unwind1_flags=-vvv -f /etc/unwind1.conf
> unwind1_rtable=1
>
> After some time and without any output to /var/log/daemon, unwind1 just
> stops replying to queries for the local network until I restart, then it
> works again during some time. 
>
> This happens since days ago where I did this setup.
>
> $ cat /etc/resolv.conf
> nameserver 127.0.0.1 # resolvd: unwind
> search home.arpa
> lookup file bind
>
> $ cat /etc/unwind1.conf
> forwarder 192.168.10.1

Add

preference { forwarder }

to unwind1.conf so that unwind1 only talks to the forwarder.

That will probably fix it.

>
> $ route -T 1 exec dig @127.0.0.1 iron.home.arpa
>
> ; <<>> dig 9.10.8-P1 <<>> @127.0.0.1 iron.home.arpa
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31081
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;iron.home.arpa.                        IN      A
>
> ;; AUTHORITY SECTION:
> home.arpa.              3600    IN      SOA     localhost.
> nobody.invalid. 1 3600 1200 604800 10800
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Mar 25 11:25:43 CET 2022
> ;; MSG SIZE  rcvd: 91
>
> $ route -T 1 exec dig @127.0.0.1 +short iron.home.arpa
> $ route -T 1 exec dig @192.168.10.1 +short iron.home.arpa
> 192.168.10.10
> $ route -T 1 exec dig +short example.com
> 93.184.216.34
>
> $ doas rcctl restart unwind1
> unwind1(ok)
> unwind1(ok)
>
> $ route -T 1 exec dig @127.0.0.1 +short iron.home.arpa
> 192.168.10.10
> $ route -T 1 exec dig @192.168.10.1 +short iron.home.arpa
> 192.168.10.10
>
> $ ifconfig lo1
> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> rdomain 1 mtu 32768
>         description: rdomain 1 loopback address
>         index 5 priority 0 llprio 3
>         groups: lo
>         inet6 ::1 prefixlen 128
>         inet6 fe80::1%lo1 prefixlen 64 scopeid 0x5
>         inet 127.0.0.1 netmask 0xff000000
>
> $ route -T 1 exec netstat -lnf inet
> Active Internet connections (only servers)
> Proto   Recv-Q Send-Q  Local Address          Foreign Address
> TCP-State
> tcp          0      0  127.0.0.1.53           *.*
> LISTEN
> Active Internet connections (only servers)
> Proto   Recv-Q Send-Q  Local Address          Foreign Address
> udp          0      0  192.168.10.10.68       *.*
> udp          0      0  127.0.0.1.53           *.*
> udp          0      0  *.17233                *.*
>
>

-- 
I'm not entirely sure you are real.