Maintained by: NLnet Labs

[Unbound-users] Semantics of 'forward'

Tim Kindberg
Sat Jul 24 09:39:35 CEST 2010


Dear all,

I have an unbound resolver that has worked correctly in several 
situations but recently failed when I connected it to a new network.

If U is my unbound server, D the DNS server in the network to which U 
connects (i.e. which U is using), and C a client of U, then I found that:

DNS clients on U receive correct results from D as expected.
But when C requests a resolution result via U, D does not reply.

In other words, D has a setting that drops recursive requests not 
originating with the requestor.

At least, I think that was what was happening.  I had relatively little 
time to investigate (I was travelling with U and C!).  I double-checked 
that there was full internet connectivity via U from C: it wasn't a 
TCP/IP layer problem.

Looking at the documentation, forward zones sound like the answer to 
this problem.

I tried:

forward-zone:
         name: "."
         forward-addr: <IP of D>

-- but this didn't seem to solve the problem.  I'm sorry I can't be more 
specific but I was concentrating on a work-around with very little time.

I have a few questions:

1. Am I right that forward zones are in principle the way to get around 
D's behaviour?  If so, why wasn't it working?
2. Does a forward zone apply to subdomains by default, i.e. if I set up 
a forward zone for example.org, will foo.example.org get forwarded in 
the same way?
3. Except that if I have local data for a subdomain such as 
foo.example.org, does that override the forwarding for example.org, i.e. 
will unbound use the local data in preference?

Thanks very much in advance for any help you can provide.

Tim

-- 

Tim Kindberg
Matter 2 Media Ltd
w: matter2media.com
e: tim at matter2media.com
m: +44 (0)7954 582814
t: +44 (0)117 9095221