Bug 327 - Cannot access stub zones until the root is primed
Cannot access stub zones until the root is primed
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
1.4.6
i386 Linux
: P2 normal
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-11 12:25 CEST by Simon Arlott
Modified: 2010-09-13 11:27 CEST (History)
1 user (show)

See Also:


Attachments
Unbound config with DNSSEC enabled and stub local zone lp0.eu (18.88 KB, application/octet-stream)
2010-09-11 12:25 CEST, Simon Arlott
Details
Unbound log with DNSSEC enabled and stub local zone lp0.eu (26.76 KB, application/octet-stream)
2010-09-11 12:26 CEST, Simon Arlott
Details
Unbound config with DNSSEC disabled and stub local zone lp0.eu (18.91 KB, application/octet-stream)
2010-09-11 12:26 CEST, Simon Arlott
Details
Unbound log with DNSSEC disabled and stub local zone lp0.eu (22.06 KB, application/octet-stream)
2010-09-11 12:26 CEST, Simon Arlott
Details
Local trust anchors (valid until 2011-06-14) (756 bytes, application/octet-stream)
2010-09-11 12:28 CEST, Simon Arlott
Details
Fake root hints file that refers to a server that won't respond to DNS queries (122 bytes, application/octet-stream)
2010-09-11 12:28 CEST, Simon Arlott
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Arlott 2010-09-11 12:25:39 CEST
Created attachment 143 [details]
Unbound config with DNSSEC enabled and stub local zone lp0.eu

I have a stub local zone in unbound.conf but it cannot be used until the root is primed, so it doesn't work when unbound starts with an empty cache on a host that has no default route.

This host is the gateway so other hosts on the network depend on it for DNS, but it's impossible to resolve local hostnames until the default route is up. The inability to resolve the hostname of the gateway is very inconvenient for SSH access to the gateway before the default route becomes available (assuming it becomes available at all). It also causes problems for resolution of local hostnames on the gateway itself for services that start on boot.

It should be possible to access stub zones (and DNSSEC validate them if a trust-anchor-file is specified*) before the root is primed and without access to DLV.
Comment 1 Simon Arlott 2010-09-11 12:26:03 CEST
Created attachment 144 [details]
Unbound log with DNSSEC enabled and stub local zone lp0.eu
Comment 2 Simon Arlott 2010-09-11 12:26:29 CEST
Created attachment 145 [details]
Unbound config with DNSSEC disabled and stub local zone lp0.eu
Comment 3 Simon Arlott 2010-09-11 12:26:48 CEST
Created attachment 146 [details]
Unbound log with DNSSEC disabled and stub local zone lp0.eu
Comment 4 Simon Arlott 2010-09-11 12:28:00 CEST
Created attachment 147 [details]
Local trust anchors (valid until 2011-06-14)
Comment 5 Simon Arlott 2010-09-11 12:28:38 CEST
Created attachment 148 [details]
Fake root hints file that refers to a server that won't respond to DNS queries
Comment 6 Wouter Wijngaards 2010-09-13 10:33:59 CEST
To make this work add a local-data entry with the routers own name.
Currently the unbound code must prime the root before doing any other recursive lookup.

Thank you for the report,   Wouter
Comment 7 Wouter Wijngaards 2010-09-13 11:27:15 CEST
Hi Simon,

In the svn trunk of unbound (r2228) is a bugfix for this issue (works for config with DNSSEC and config without DNSSEC).  Your config with DNSSEC is likely to display errors because the 5011-auto-probe for the root fails, however, that should fix itself when the network becomes available.

Best regards,
   Wouter