Maintained by: NLnet Labs

[Unbound-users] stub-zones and forwarding

Wouter Wijngaards
Thu Oct 9 09:18:43 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Chris,

Yes, unbound expects a forwarder to really take care of everything.
So forwarders override any stub or recursion work below that.

So, using two forward zones works (if you do not have delegations in
your local zone).

With the stub + forward to openDNS, your local zone queries were
forwarded to openDNS.  And then not resolved.

Best regards,
   Wouter

Chris Smith wrote:
> Hello,
> 
> Scenario is NSD (whether running on localhost or a secondary port) to serve 
> internal only DNS, with Unbound for caching and forwarding or resolver.
> 
> In this particular case the plan is to forward all non-local queries to the 
> OpenDNS servers.
> 
> With the local zones setup as forward-zone's everything works:
> ==================================================
> forward-zone:
>        name: "domain.example"
>        forward-addr: 127.0.0.1
> forward-zone:
>        name: "."
>        forward-addr: 208.67.222.222
>        forward-addr: 208.67.220.220
> ==================================================
> Local zone information is OK.
> 
> With the local zones setup as stub-zone's the local zones do not get served:
> ==================================================
> stub-zone:
>        name: "domain.example"
>        stub-addr: 127.0.0.1 at 53
> forward-zone:
>        name: "."
>        forward-addr: 208.67.222.222
>        forward-addr: 208.67.220.220
> ==================================================
> Local zone information is not resolved.
> 
> Without the wildcard forwarding, using unbound recursively both the forward-
> zone and the stub-zone styles work.
> 
> As forward-zone's are supposed to be recursion capable the stub-zone 
> configuration should be the preferred setup yet the wildcard forwarding, which 
> honors other defined forward-zone's takes precedence over the defined stub-
> zone's rendering them useless.
> 
> Chris
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjtsFMACgkQkDLqNwOhpPjWWwCfd1yzPQ2EMRBrNxzCUFtRFpIz
ATkAn1Y0NDmeYEBvSYIh/qrJqvoblPv+
=nDRM
-----END PGP SIGNATURE-----