Maintained by: NLnet Labs

[Unbound-users] stub vs. forward vs. redirect

Tony Finch
Thu Sep 17 15:20:00 CEST 2009


On Thu, 17 Sep 2009, W.C.A. Wijngaards wrote:
>
> stub: send query to other nameserver. The other nameserver is
> authoritative, so you have to perform recursive processing yourself.
> forward: send query to other nameserver.  The other nameserver is a
> recursive (caching) server.  So it performs recursion for you.

Thanks for the explanation.

Could you please add some text to the man page saying that unbound expects
the target of a forward zone to be a recursive server, and explain whether
or not it does recursive processing in both the stub and forward zone
sections. That would have given me enough clues.

> redirect: answer all queries for this domain with a specific ip address,
> useful for (government enforced) blocking of sites, or making
> facebook.com go to 127.0.0.1 to keep the kids away from it, since it
> also blocks blabla.facebook.com and so on.

I was confused by the text "It can be used to redirect a domain to a
different address" which I thought meant "to redirect queries from unbound
about a domain" rather than it being a kind of wildcard. I'm not sure what
would be a better way to explain it...

> > I've been setting up some test zones to see what the differences in
> > behaviour are. No results yet, though.
>
> You could see if you host a CNAME record, that points outside of the
> zone,  test12.private.example. CNAME www.google.com. ; with a stub-zone
> unbound looks up google for you.  With a forward declaration unbound
> expects the other server to do so (but it may not do so, if it is a
> master zone and authoritative, not a recursive server).

Thanks, that'll help me with testing. I also now realise I'll need another
back-end nameserver since the current one is authoritative for my test
zones.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.