On Thu, 18 Mar 2010, Bryan Clay wrote: > local-zone: foo.com transparent > local-data: "foo.com. A 55.55.55.55" > > Any queries for MX or NS records on foo.com will return NOERROR/NODATA by design, even if that data exists in a > forwarder upstream. This make me cry and I would be hugely grateful for a method, now or in a future release, for > a way to bypass this behavior. > > I also recommend that this specific behavior be documented with the rest of the transparent behavior in the manual. > It took me more than an hour to diagnose this issue. Maybe it will keep some other poor sap from going insane. Unbound is not a authoritative nameserver, so logic for MX and/or additional data is not really there, other then the simple "insert in cache" override you use above. For more complicated things, use a forwarder to a local auth nameserver that has that zone, eg: stub-zone: name: "foo.com." stub-addr: 127.0.0.1 at 5353 stub-prime: "no" Then run an auth server (nsd or bind) on port 5353 that has the zone foo.com. Note that if you want answers that contain RFC1918 space, eg 192.168.0.0/16 you might need an additional: local-zone: "168.192.in-addr.arpa." nodefault Paul