[Unbound-users] Domains without A registry in nameservers

Paul Wouters
Fri Oct 9 17:50:35 CEST 2009

On Fri, 9 Oct 2009, Isaac González wrote:

> We are currently running unbound in a anycasting scenario and works great.  I've found some problems catching domains without NS A records at nameservers (some servers does not provide A records for nameservers) , I've found a workaround adding a local-data in the configuration but if the provider change the nameserver ip address it will fail. Do you know an alternative workaround or some configuration parameter to solve this problem?
> PD. For example:
> My workaround:
> local-zone: ""
> transparent
> local-data: " A
> local-data: " A"

The problem here is that there are glue records for ns[12] pointing
to and However, when you ask those servers for
the A record of ns[12] you get an NXDOMAIN.

Since the NXDOMAIN is in the authority section is "outweighs" the previous
glue records that were in the additional section and the hints are dropped.

So even with harden-referral-path: no, it will end up failing.

The owner of the zone will need to fix their zone.