Maintained by: NLnet Labs

[Unbound-users] Forwarding queries for uncached names to specified DNS resolvers

Brian Morrison
Fri Nov 26 15:00:07 CET 2010


Thank you very much for responding. Sorry, but I am still confused! The
lines I created in unbound.conf are based on what I found here:

http://www.unbound.net/pipermail/unbound-users/2008-October/000272.html

That post seems to suggest that the first forward-zone has to have
127.0.0.1 as forward-addr, otherwise ALL queries will be forwarded to
the upstream resolvers, not just those for uncached names. However, you
seem to be saying that if I delete the first forward-zone, Unbound will
still search its cache before forwarding queries to the upstream
resolvers. Would you very kindly confirm that I have understood you
correctly, please? Thanks again.

On Fri, 26 Nov 2010 14:36:54 +0100
lst_hoe02 at kwsoft.de wrote:

> Zitat von Brian Morrison <brian49 at gmx.com>:
> 
> > I would like to get clear, please, about how to ensure that all
> > DNS queries not answered from Unbound's cache are routinely
> > forwarded to specified resolvers of my choosing. There are one or
> > two threads in the mailing-list archives that seem partly relevant
> > to this issue, but they leave me in some doubt as to whether I am
> > getting it right, as does the man page for unbound.conf.
> >
> > I have put the following lines in unbound.conf:
> >
> > forward-zone:
> > 	name: "."
> > 	forward-addr: 127.0.0.1 # the address of my local network
> > server forward-zone:
> >  	name: "."
> >  	forward-addr: <IP address of my first chosen resolver>
> >  	forward-addr: <IP address of my second chosen resolver>
> >
> > I would be very grateful for advice, please, as to whether this will
> > produce the desired result, and if so, whether it is also the best
> > way. Many thanks for any kind help that can be offered.
> 
> Not sure if it make sense to list "." two times as it matches  
> everything anyway. Also be aware that Unbound normaly listen at  
> 127.0.0.1 so the first entry point to Unbound itself as upstream  
> resolver which would be a loop.
> 
> Regards
> 
> Andreas
> 
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users