[3506:1] error: SERVFAIL <hostname.ned. A IN>: all the configured stub or forward servers failed, at zone ned. from <nameserve'ned-IP> could not parse upstream response
cd /var/unbound/etcunbound-host -v -C ./dot.conf hostname.nedResponse is fine: hostname.ned has address <hostname IPv4 address> (insecure)hostname.ned has no IPv6 address (insecure)hostname.ned has no mail handler record (insecure)
Have you tried (apologies if I'm missing it in your report) adding 'ned' to Services -> Unbound DNS -> Advanced -> Private Domains ?
Quote from: dseven on August 27, 2024, 12:41:55 pmHave you tried (apologies if I'm missing it in your report) adding 'ned' to Services -> Unbound DNS -> Advanced -> Private Domains ?Yes I did. It is in there.
Quote from: mifi42 on August 27, 2024, 02:52:13 pmQuote from: dseven on August 27, 2024, 12:41:55 pmHave you tried (apologies if I'm missing it in your report) adding 'ned' to Services -> Unbound DNS -> Advanced -> Private Domains ?Yes I did. It is in there.In where? If you mean your problem description; note that "Private Domains" is not the same as "Insecure Domains" - the latter means that DNSSEC can be broken....
hmm, I don't know, then. I don't think you said what type 'ned's nameserver is, but... can you see if it logs anything at the time of the failure? Maybe you could use tcpdump to capture and examine the response and see if there's anything unusual about it....
tcpdump -v -i wg0
dig @192.168.11.2 <hostname.ned>
dig <hostname.ned>
[79782:1] error: SERVFAIL <hostname.ned. A IN>: all the configured stub or forward servers failed, at zone ned. from 192.168.11.2 could not parse upstream response
Start at https://github.com/NLnetLabs/unbound/blob/b5951ce1fa30b64b4fb079e36d5d98d57fb53372/iterator/iterator.c#L646-L650Do you see a log message "parse error on reply packet"? If not, it'd have to be eDNS, I think? https://github.com/NLnetLabs/unbound/blob/b5951ce1fa30b64b4fb079e36d5d98d57fb53372/iterator/iterator.c#L4311-L4321Were you able to capture a response with tcpdump?
Quote from: dseven on August 28, 2024, 12:39:04 pmStart at https://github.com/NLnetLabs/unbound/blob/b5951ce1fa30b64b4fb079e36d5d98d57fb53372/iterator/iterator.c#L646-L650Do you see a log message "parse error on reply packet"? If not, it'd have to be eDNS, I think? https://github.com/NLnetLabs/unbound/blob/b5951ce1fa30b64b4fb079e36d5d98d57fb53372/iterator/iterator.c#L4311-L4321I have just posted the exact error message. It uses the word 'response' so your first link is accurate. Thanks.
Start at https://github.com/NLnetLabs/unbound/blob/b5951ce1fa30b64b4fb079e36d5d98d57fb53372/iterator/iterator.c#L646-L650Do you see a log message "parse error on reply packet"? If not, it'd have to be eDNS, I think? https://github.com/NLnetLabs/unbound/blob/b5951ce1fa30b64b4fb079e36d5d98d57fb53372/iterator/iterator.c#L4311-L4321
Do you see a log message "parse error on reply packet"? If not, it'd have to be eDNS, I think?
It would be an additional log message, before the error message. You might have to turn on verbose logging to see it, but I think you have done that already(?)
serviced query: EDNS works for ipv4 192.168.11.2 port 53 (len 16)
sending to target: <ned.> 192.168.11.2#53