Maintained by: NLnet Labs

[Unbound-users] Transparent zones and ANY queries

Brian Widdas
Mon Nov 23 13:16:28 CET 2009


Hello,

I've been looking at unbound for use as a DNS cache with local data
overriding some authoritative data from elsewhere. However, one thing
that concerns me is that Unbound, configured with a transparent local
zone, will return NOERROR/nodata for ANY queries.

I know ANY queries are unpleasant, and client resolvers shouldn't be
relying on them to get data from a cache, but I can see inbound ANY
queries to our caches, and I'd at least Unbound to behave like the
software it's replacing (Nominum CNS) and return the local data in
response to the ANY query.

It seems straightforward enough to make Unbound behave somewhat like
CNS in this regard - I've got it to return the first matching resource
record type for local-data when an ANY query is made (for the purposes
I'm using it for, there won't ever be more than one record type for a
local-data record). With a bit more poking, it seems that it should be
possible to make it return all record types in local-data.

Is this something Unbound should be doing? I can provide the patch if
anyone wants it. Or am I barking up a horribly wrong tree?


Cheers,

Brian
-- 
☺