Maintained by: NLnet Labs

[Unbound-users] Q: what is "fail" in stub-first

moto kawasaki
Wed Feb 6 05:38:05 CET 2013


Dear Friends,

Could someone advice me of the meaning of:

    [from unbound.conf(5) / Stub Zone Options / stub-first]

    If  enabled,  a query is attempted without the stub clause if it
    fails.

My understanding is:

  - When I have stub zone in configuration, such as:

    stub-zone:
        name:       "example.jp"
        stub-addr:  10.A.B.172
        stub-first: yes

  - unbound tryes 10.A.B.172 first for "what is A RR for
    www.example.jp?"

  - if 10.A.B.172 fails (*), unbound tryes normal recursion from the
    root, hence it will send query to a DNS on the Internet that hosts
    this domain name (example.jp).

My question is:

  - What does this "fail" (*) means?
    In my test, I got NXDOMAIN from 10.A.B.172, then unbound returned
    WITHOUT sending query to the Internet (not a stub) side.
    Thus I guess NXDOMAIN is NOT a fail. Is this correct?

  - How can I configure unbound to send query to the Internet side?
    If I can do this, I can host internal names such as database
    servers in 10.A.B.172, and public names in the Internet facing DNS
    server, within the same domain (example.jp)

Thank you very much.




Sincerely,



-- 
moto kawasaki <moto at kawasaki3.org>