Maintained by: NLnet Labs

[Unbound-users] Cascading Unbound and automatic key update

lst_hoe02 at kwsoft.de
Tue Jan 10 17:01:41 CET 2012


Zitat von "W.C.A. Wijngaards" <wouter at nlnetlabs.nl>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Andreas,
>
> Now I see this is a forward zone, so +norec no answer, because the
> x.x.x.x is a recursive cache.  Somehow this cache has trouble
> returning dnssec enabled data (once in a while?  Load balancer?)

Hello

no, it is a simple two stage unbound cascade. The forwarder does also  
act as resolver cache for the DMZ mailserver and had as said no  
problem resolving names during the whole outage of the internal  
unbound cache. During the outage i was also able to query the  
forwarder from the machine running the internal cache without  
problems, but i only tested simple A/MX queries. I guess it will be  
best to dumb-down the internal as cache only and let the firewall do  
the work, no?

Many Thanks

Andreas