Maintained by: NLnet Labs

Have caching mode send authoritative replies

Brad Bendy
Fri Sep 16 07:29:14 CEST 2016


Did some more reading and realized forward-zone will never send a AA
response, which makes sense.

Ive placed a zone in the stub-zone and set the "stub-addr" to forward
to the auth server. The logs show the response received by the cache
Unbound instance does indeed have the AA flag set, but Unbound does
not send the AA flag on the return the requesting client. From all the
docs ive read the stub-zone: should fix that, but im not showing that.

Any ideas?

Thanks

On Tue, Sep 13, 2016 at 9:00 PM, Brad Bendy <brad.bendy at gmail.com> wrote:
> HI,
>
> Ive got Unbound setup to query a custom Python script to get DNS
> queries, which works perfect and zones are returned as authoritative
> with no issues.
>
> We want to have Unbound run in front of this server as a cache server
> that sends all queries to the backend Unbound server with the Python
> script for obvious reasons. The problem we are running into is the
> cache is not returning the aa flag on the query, even though the other
> server is returning the aa flag. From what I can tell the only way
> around this is to setup stub zones in the cache server so it will
> answer authoritatively, is this the case?
>
> We are trying to avoid having to touch the cache server at all when a
> zone is added as that's the whole point of the Python based backend on
> the other server, so it can be 100% dynamic and flexible. Is there
> some way to have the cache one answer as auth and im just not seeing
> it somewhere?
>
> We are just doing the below to have the cache talk to the Python/auth server.
> forward-zone:
>        name: "."
>        forward-addr:x.x.y.z
>
> Thanks