also sprach W.C.A. Wijngaards <wouter at NLnetLabs.nl> [2008.10.21.1639 +0200]: > local-zone: "168.192.in-addr.arpa" nodefault > > is the entry you need to remove the default NXDOMAIN for queries that > should not be sent to the greater internet by default. This fixed the issue, while the more specific local-zone: "14.168.192.in-addr.arpa" nodefault did not. I can imagine why. I'd say that it shouldn't be required. If 168.192.in-addr.arpa is a default zone, then a stub-zone like 14.168.192.in-addr.arpa or even 168.192.in-addr.arpa should override that, no? -- martin | http://madduck.net/ | http://two.sentenc.es/ "stab it and steer" -- sailor spamtraps: madduck.bogus at madduck.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature (see http://martin-krafft.net/gpg/) URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20081021/79d412a2/attachment.pgp>