Help with unbound_local resolution problem

Hi,

I'm having a DNS problem with unbound after upgrading to FreeBSD 12-0 production.

I'm using unbound_local as a caching DNS server. My resolve.conf file:

Bash:
# cat /etc/resolv.conf
domain example.org
nameserver 127.0.0.1
nameserver ::1
options edns0

The problem I see is jabberd2 (installed via pkg install) can't resolve DNS names when connecting to other jabber servers. Initially I thought jabberd2 had the problem. I worked around the problem by putting each of the remote servers IP address in /etc/hosts works around the issue.

To debug, I set things back, /etc/hosts no longer has the remote servers. I verified that the problem again exists.

I can ping remote servers just fine. e.g. ping jabber.org works.

Bash:
# ping -c 2 jabber.org
PING jabber.org (208.68.163.218): 56 data bytes
64 bytes from 208.68.163.218: icmp_seq=0 ttl=56 time=27.326 ms
64 bytes from 208.68.163.218: icmp_seq=1 ttl=56 time=27.268 ms

--- jabber.org ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 27.268/27.297/27.326/0.029 ms
#


Using dig, things also look right:

Bash:
# dig jabber.org A

; <<>> DiG 9.14.3 <<>> jabber.org A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41456
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;jabber.org.                    IN      A

;; ANSWER SECTION:
jabber.org.             15460   IN      A       208.68.163.218

;; Query time: 8 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Oct 02 22:19:03 EDT 2019
;; MSG SIZE  rcvd: 55

#


Bash:
# dig _xmpp-server._tcp.jabber.org srv

; <<>> DiG 9.14.3 <<>> _xmpp-server._tcp.jabber.org srv
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11299
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;_xmpp-server._tcp.jabber.org.  IN      SRV

;; ANSWER SECTION:
_xmpp-server._tcp.jabber.org. 899 IN    SRV     30 30 5269 hermes2.jabber.org.

;; Query time: 34 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Oct 02 22:19:49 EDT 2019
;; MSG SIZE  rcvd: 95

#

However, jabberd itself complains about DNS lookup failures.

If I change resolve.conf to use google DNS and not the local caching server, everything works:

Bash:
# cat /etc/resolv.conf
nameserver 8.8.8.8

I'm new to unbound, so might have set it up incorrectly. Here are what I think are the relevant files. Things worked until I upgraded from FreeBSD 11.2 Release to 12.0 Release.


Bash:
# cat unbound.conf
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
username: unbound
directory: /var/unbound
chroot: /var/unbound
pidfile: /var/run/local_unbound.pid
auto-trust-anchor-file: /var/unbound/root.key

include: /var/unbound/forward.conf
include: /var/unbound/lan-zones.conf
include: /var/unbound/control.conf
include: /var/unbound/conf.d/*.conf


# cat forward.conf
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
forward-zone:
name: "."
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
forward-addr: 173.245.58.51
forward-addr: 2400:cb00:2049:1::adf5:3a33

Does anyone have an idea what's wrong?
 
Having similar issues with prosody - what should resolve.conf be when using local_unbound?

Here’s the output from prosodyctl

libunbound[1485:0] error: local-data in redirect zone must reside at top of zone, not at guest.localhost AAAA ::1

resolv.conf:

nameserver 2001:19f0:300:1704::6

I have three ipv4 addresses that don’t seem to have any issues..

Pinging jabber.org is fine as well

Any ideas?
 
Back
Top