Maintained by: NLnet Labs

[Unbound-users] Can't get CNAME entries to resolve

M. David Peterson
Wed Mar 4 00:34:35 CET 2009


On Tue, Mar 3, 2009 at 1:13 AM, W.C.A. Wijngaards <wouter at nlnetlabs.nl>wrote:

>
> What you are running into is the fact that Unbound is not designed to be
> a full-featured *authoritative* DNS server.  It is a full featured
> *recursive* DNS server.


Yeah, I should have spent that extra five seconds to think through things a
bit before sending my query to the list. That said, you folks have been
/more/ than generous with your time. Thanks!

How to make the stub thing work.
> The idea is to use another server to be the authoritative server.  Such
> as NSD (the authoritative server made by NLnet Labs which has similar
> high performance).  You run NSD on port: 10053 with the example.net
> zone.  NSD is a good authoritative server for CNAME, DNSSEC, NSEC3, ...
>
> Then you provide unbound with a stub zone
> stub-zone:
>        name: "example.net"
>        stub-addr: 127.0.0.1 at 10053
>
> You can also run the NSD server on a different computer, of course.
>

I wasn't aware of the existence of NSD before now. Thanks for bringing it to
my attention and for providing the above example! Will try both now.
/M:D

M. David Peterson
Co-Founder & Chief Architect, 3rd&Urban, LLC
Email: m.david at 3rdandUrban.com | m.david at amp.fm
Mobile: (206) 999-0588
http://3rdandUrban.com | http://amp.fm |
http://www.oreillynet.com/pub/au/2354 |
http://broadcast.oreilly.com/m-david-peterson/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20090303/c129521f/attachment.htm>