Maintained by: NLnet Labs

[Unbound-users] forward zone vs stub

Johan Ihrén
Tue Oct 23 11:56:31 CEST 2012


Hi,

On Oct 22, 2012, at 12:53 , Kapetanakis Giannis wrote:

> On 22/10/12 09:31, Andreas Schulze wrote:
>> Am 20.10.2012 16:25 schrieb Kapeatanakis Giannis:
>>> I have setup stub-zones for that
>>> 
>>> stub-zone:
>>>     name: "example.com"
>>>     stub-addr: 10.0.0.10
>>> 
>>> stub-zone:
>>>     name: "10.in-addr.arpa"
>>>     stub-addr: 10.0.0.10
>>> 
>>> Is there a way to make this include all subdomains as well?
>> take the usual "dns-way":
>> at 10.0.0.10 setup NS entries that delegate foo1.example.com to nameserver 10.0.0.10
>> 
>>> Do I have to specify all zones?
>> no
>> 
>> Andreas
> 
> Thanks for the answer.
> 
> Well the problem is that the zone files include external authoritative DNS servers as well (often with different views).
> I don't want unbound to contact them at all. It should only contact local authoritative servers.

I think you need to be significantly more specific in what you're doing here.

You have an external version of "example.com", presumably with nameservers on the public Internet.

You also have an internal version of "example.com", presumably with nameservers on the inside, specifically 10.0.0.10. 

Which zone file is it that contains "external authoritative DNS servers as well"?

And if you're using views (apart from the "God help you"-part), then you need to explain that, including your matching rules and what it is that you're trying to achieve.

Regards,

Johan (firm believer in "DNS should be kept simple")