Unbound 1.7.2rc1 pre-release

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Jun 5 07:29:51 UTC 2018


Hi Harry,

On 05/06/18 09:23, Harry Schmalzbauer wrote:
> Am 04.06.2018 um 14:07 schrieb W.C.A. Wijngaards via Unbound-users:
>> Hi,
>>
>> Unbound 1.7.2rc1 pre-release is available:
>> https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz
>> sha256 561c33f80b757820e3bd632cd339673da84a71dbb6328d124324db2c63a7f833
>> pgp
>> https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz.asc
> 
> Hello,
> 
> me again, again regarding auth-zones:
> I'm running 1.7.2rc1 on FreeBSD11.2/adm64 and can confirm that the
> NOTIFY-dedlock vanished.
> 
> But CNAME records aren't resolved as soon as the record comes from
> auth-zone:.
> 
> Other problems keep me from thinking/researching, but as far as I know,
> the authoritative server has to return the CANME results alsong with the
> record, correct?

Yes, but only if you set for-downstream: no and for-upstream: yes.
With for-downstream, if that was enabled, then unbound responds with the
authority response to the downstream client, and that response does not
contain the CNAME result (in fact Unbound includes CNAME results, but
only if it is from the same auth-zone).  The for-upstream: yes makes
unbound resolve CNAMEs, and pick information from the auth-zone where
necessary.

If the config that is used has these settings, then I would be
interested in some more information.  What CNAME and so?  How to
reproduce or perhaps a simple verbosity 4 log of what is happening.

Best regards, Wouter

> This isn't the case with 1.7.2rc1!
> 
> Thanks,
> 
> -harry


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180605/964b921a/attachment.bin>


More information about the Unbound-users mailing list