Maintained by: NLnet Labs

problems with stub-zones

Petr Spacek
Thu Aug 25 09:55:45 CEST 2016


On 24.8.2016 20:56, A. Schulze via Unbound-users wrote:
> 
> 
> Am 24.08.2016 um 19:05 schrieb Benny Pedersen via Unbound-users:
>> On 2016-08-24 10:39, A. Schulze via Unbound-users wrote:
>>
>>> forward-zone:
>>>     name: "10-in-addr.arpa."
>>>     forward-addr: ${nameserver1-ip}
>>>     forward-addr: ${nameserver2-ip}
>>>
>>
>> add
>>
>> forward-first: yes
>>
>> does this fix it ?
>>
>> if so its a bug imho ?
>>
> 
> reading "man unbound.conf" again and again there are more questions then answers.
> 
>    forward-zone:
>       There may be multiple forward-zone: clauses. Each with a name: and zero
>       or  more  hostnames or IP addresses.
> 
>    same text for stub-zone...
> 
> what's the use case for a stub/forward-zone with zero stub/forward-host:  and 
> stub/forward-addr: ?
> 
> stub/forward-first is also confusing to me. default: no = disabled = "do not
> stub/forward-first" = "stub/forward second" ??
> again: it may be helpful to know at least one use case.

Hello,

following text is not directly related to Unbound but it describes use-cases
for forwarding:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/managing-dns-forwarding.html

Sub-chapter "⁠Forward Policies" describes behavior as implemented in BIND 9
but I guess that Unbound will so the same thing.

I hope it helps.

Petr Spacek  @  Red Hat

> stub-zone point to authority servers, forward-zone point to recursive servers.
> that mean to me that my current setup is wrong although it's the one that works
> 
> while reading the archives I found also that from 2012. Looks really like the
> same problem!
> http://www.unbound.net/pipermail/unbound-users/2012-July/002467.html