Maintained by: NLnet Labs

[Unbound-users] stub-zone reverse problem

Tue Jan 26 18:58:39 CET 2010

I run unbound as a resolver and I've configured it with a stub zone for 
reverse DNS on a local subnet we use internally, however it doesn't seem 
to send the requests for the zone to the IP specified in the sub-zone 
config. I looked in the archives and found someone else with a similar 

The solution there also works for me. Before this, I had configured 
unbound with:

   name: ""
   stub-addr: a.b.c.d

and with that config I get an answer like this from unbound:

; <<>> DiG 9.5.1-P3 <<>> -t ns @x.x.x.x
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16381
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;         IN      NS

;; AUTHORITY SECTION:        10800   IN      SOA     localhost. nobody.invalid. 1 3600 1200 604800 10800

If I then apply the 'fix' from the post above:

"local-zone: "" nodefault"

It answers correctly with the details from the server specified in the 
stub address.

I am not serving any zones from unbound- it is acting purely as a resolver 
so this seems like unbound is serving the authority bit 
when it hasn't been configured to do so. Any ideas why it's doing this?

I'm using the Debian Lenny package (1.0.2-1+lenny1) on this box, but it 
seems to do the same with 1.4.1 built from source.