Maintained by: NLnet Labs

unbound fetches DNS record from nsd but does not return it to client

Patrik Lundin
Sat Aug 1 10:33:28 CEST 2015

On Fri, Jul 31, 2015 at 10:36:34PM -0400, Sonic via Unbound-users wrote:
> I doubt that
>        local-zone: "" nodefault
> is necessary since you're defining it as a stub-zone.

This is actually necessary. I just tested on my firewall at home, and if
I remove "local-zone: "" nodefault" I will get the unbound
default NXDOMAIN even if I still have my stub-zone declaration:
        name: ""

However, the configuration is still wrong since "nodefault" only works on the
specific RFC1918 boundaries, and not anything below. If I change this:
local-zone: "" nodefault
... to this:
local-zone: "" nodefault

I again get the unbound default NXDOMAIN even if it looks like it matches what
I want better. As you have pointed out to me on openbsd-misc in the
past, the correct configuration to use in the latter case is this:
local-zone: "" transparent

This is only mentioned in passing in the man page for unbound.conf and I had
missed it completely before you pointed it out to me here:
This is probably my biggest pet peeve in the unbound configuration :).

This of course does not relate to the main question in the thread, but I am
pretty sure reverse lookups does not currently work either for the above

Patrik Lundin