Domain overrides frequently returning NXDomain
-
Hi,
We have an HA setup with an ipsec tunnel to the main site. We need to resolve a specific domain with the DNS servers running at the main site. For this we added a domain override pointing to one of the DNS server there.
In our LAN this domain is resolvable, but after a few moments (sometimes a few seconds), the resolution returns NXDomain error.
It seems unbound negatively cached the forward, because it works again after anunbound-control flush_negative
.I wasn't able to spot anything in the
resolver.log
, and I fail to see how to troubleshoot the problem.Any idea what could cause this issue?
-
Unbound is the resolver, running on pfSense.
That's the resolver being used, right ?The unbound / resolver was restarting when you get NXDomain ?
-
Yes, it is unbound. The pfsense acts as a resolver for the LAN, and should forward requests from the domain override to the remote server.
I don't think unbound was restarting. The option that makes DHCP lease store client names in the resolver has been disabled a long time ago.