On Sun, 29 Jun 2014, Konstantin Belousov wrote: > On Sun, Jun 29, 2014 at 03:28:26PM +0400, Dmitry Morozovsky wrote: > > Dear colleagues, > > > > after upgrading my home file server to stable/10 I found that after turning on > > local unbound reverse DNS queries for my RFC1918 zone stop working: [snip] > > Any hints? Or did I missed something trivial? > > I think, yes, you are supposed to spend a hour reading the unbound.conf > man page, without skipping of a single config option. Otherwise, > making unbound(8) work as local caching resolver for the private > network is impossible. The 'log-queries' and 'verbosity' would > allow to see what is going on. > > For the fake home. TLD and 192.168/16 network, I have to tell > unbound that the zones are not signed, and it is fine to forward > RFC1918 addresses to the upstream. > > I use the following magic (for upstream forwarder 192.168.102.80). > No idea if this could be simplified. > > domain-insecure: "home." > domain-insecure: "168.192.in-addr.arpa." > private-domain: "home." > local-zone: "168.192.in-addr.arpa." transparent > stub-zone: > name: "168.192.in-addr.arpa." > stub-addr: 192.168.102.80 Thank you so much, it works like a charm. I do not have special TLD for forward resolving, and for me the following subset seems to be enough: #suggested by kib@ domain-insecure: "168.192.in-addr.arpa." local-zone: "168.192.in-addr.arpa." transparent -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"