Maintained by: NLnet Labs

[Unbound-users] Issue while using override with local-data feature

Marco Davids
Tue Dec 23 09:42:44 CET 2008

Hello list,

I ran into an interesting situation while using the local-data feature
in Unbound.

Here is the situation:

There is a domain, let's say it is '', with a FQDN
'', which is available from the entire Internet. It is
served from

There is also an override on my local Unbound-resolver:
''. This should only be locally served, obviously.

In unbound.conf I configured:

local-zone: "" transparent
local-data: " A"

Now, this works fine, with one exception:

Many applications ask for AAAA-records nowadays. Indeed my application
asks for 'AAAA'. In this case, Unbound (or rather, I guess) returns an NXDOMAIN. This is understandable,
since there is no A record for '' under the ''
at (there is only a local override in Unbound). But it is
also an undesirable situation, since some resolvers run into problems
and won't resolve the A record anymore:

Wouldn't it be better if Unbound would change the NXDOMAIN answer from into a NOERROR when it has an A-record equivalent of the
AAAA-question available? Or maybe a similar solution to prevent the
problem described above?

I think I had found a workaround by adding this in unbound.conf:

local-data: " AAAA"

An empty AAAA record.

This results in the desired NOERROR answer, but instead of the ANSWER:
being 0, it is 1:

; <<>> DiG 9.5.0-P2 <<>> AAAA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7651
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;               IN      AAAA

(This worked for Unbound 1.0, but Unbound 1.1 fails to start when I try
this workaround)


Marco Davids