Good morning,
I have detected two strange problems with unbound under CentOS8 (fully patched). I have tried same configuration in an OpenBSD host, and these problems do not appear.
a/ Error mesage “connection refused”. I am using this unbound server to resolv DNS records for our internal domain (Bind9 is configured to listen in localhost interface, port 5353 udp and in the same host where unbound runs). When I try to run a nslookup query like this:
> set q=any
> my.internal.dom
;; Connection to 127.0.0.1#53(127.0.0.1) for my.internal.dom failed: connection refused.
>
And I don’t understand why. Bind9 resolves this without problems, but unbound returns connection refused. Unbound is configured to listen in 0.0.0.0 and allow all connections (access-control: 0.0.0.0/0 allow). The strange thing is that it only happens with that kind of request, any other request works fine.
b/ Unbound tries to connect to Root DNS servers directly. Every time unbound starts, it tries to connect to root DNS servers directly and not through internal DNS. I am using a second unbound server as a cache nameserver in a DMZ zone and unbound anchor timer service is disabled. My forward config is:
forward-zone:
name: "."
forward-addr: 172.22.54.6 at 53<mailto:172.22.54.6 at 53>
Any idea why these problems occur?
--
Regards,
C. L. Martinez