auth-zone and forward-zone on unbound-1.7.0
Guillaume-Jean Herbiet
gjherbiet at restena.lu
Wed Apr 4 09:41:34 UTC 2018
Hi,
While doing some experiments, I am facing an issue while mixing
auth-zone and forward-zone.
The server I was testing on was originally configured to forward
requests to other servers (mainly to benefit from their cache):
forward-zone:
name: "."
forward-addr: IP1 # redacted
forward-addr: IP2 # redacted
Then, I added auth-zone directives on order to implement RF7706:
auth-zone:
name: "."
for-downstream: no
for-upstream: yes
fallback-enabled: yes
master: c.root-servers.net
master: iad.xfr.dns.icann.org
master: lax.xfr.dns.icann.org
>From this point, all responses are nodata.
Both features work separately, but not together.
I know this can be a curious config (frankly, I forgot I added the
forward-zone on this test server...) but I would have expected unbound :
- either to use the root zone local copy, then to use the forward-addr
to continue with the recursion
- or to ignore the auth-zone directives as it is configured as a simple
forwarder for the zone
Any comment on this?
--
Guillaume
More information about the Unbound-users
mailing list