Maintained by: NLnet Labs

[Unbound-users] local-zone transparent behavior

Paul Wouters
Thu Mar 18 23:10:05 CET 2010


On Thu, 18 Mar 2010, Bryan Clay wrote:

> local-zone: foo.com transparent
> local-data: "foo.com. A 55.55.55.55"
> 
> Any queries for MX or NS records on foo.com will return NOERROR/NODATA by design, even if that data exists in a
> forwarder upstream.  This make me cry and I would be hugely grateful for a method, now or in a future release, for
> a way to bypass this behavior.
> 
> I also recommend that this specific behavior be documented with the rest of the transparent behavior in the manual.
>  It took me more than an hour to diagnose this issue.  Maybe it will keep some other poor sap from going insane.

Unbound is not a authoritative nameserver, so logic for MX and/or additional data
is not really there, other then the simple "insert in cache" override you use above.
For more complicated things, use a forwarder to a local auth nameserver that has that
zone, eg:

stub-zone:
 	name: "foo.com."
 	stub-addr: 127.0.0.1 at 5353
 	stub-prime: "no"

Then run an auth server (nsd or bind) on port 5353 that has the zone foo.com.

Note that if you want answers that contain RFC1918 space, eg 192.168.0.0/16
you might need an additional:

local-zone: "168.192.in-addr.arpa." nodefault

Paul