On Thu, 17 Sep 2009, W.C.A. Wijngaards wrote: > > stub: send query to other nameserver. The other nameserver is > authoritative, so you have to perform recursive processing yourself. > forward: send query to other nameserver. The other nameserver is a > recursive (caching) server. So it performs recursion for you. Thanks for the explanation. Could you please add some text to the man page saying that unbound expects the target of a forward zone to be a recursive server, and explain whether or not it does recursive processing in both the stub and forward zone sections. That would have given me enough clues. > redirect: answer all queries for this domain with a specific ip address, > useful for (government enforced) blocking of sites, or making > facebook.com go to 127.0.0.1 to keep the kids away from it, since it > also blocks blabla.facebook.com and so on. I was confused by the text "It can be used to redirect a domain to a different address" which I thought meant "to redirect queries from unbound about a domain" rather than it being a kind of wildcard. I'm not sure what would be a better way to explain it... > > I've been setting up some test zones to see what the differences in > > behaviour are. No results yet, though. > > You could see if you host a CNAME record, that points outside of the > zone, test12.private.example. CNAME www.google.com. ; with a stub-zone > unbound looks up google for you. With a forward declaration unbound > expects the other server to do so (but it may not do so, if it is a > master zone and authoritative, not a recursive server). Thanks, that'll help me with testing. I also now realise I'll need another back-end nameserver since the current one is authoritative for my test zones. Tony. -- f.anthony.n.finch <dot at dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.