Maintained by: NLnet Labs

How to ask forwarders only after direct query to target zone NS'es is failed?

Ilya Evseev
Tue Dec 19 14:43:27 CET 2017


  Hi all!
By default, Unbound DNS server works by "classic" scheme: queries root
servers, then queries NS'es for A/AAAA/...

Sometime (rarely) connectivity between my Unbound DNS host and target zone
NS'es is failed, but target NS'es are still available from various
LookingGlasses and from Google/Level3 DNS, so "nslookup www.target.com
8.8.8.8" and "nslookup www.target.com 4.2.2.2" returns the correct answer.

So my question is very simple:
How to setup Unbound to use public forwarders when (and only after) direct
query to the target NS'es is failed?

The following config works fine, but routes all queries immediately to
forwarders, ignoring target NS'es at all:

forward-zone:
    name: "."
    forward-first: no
    forward-addr: 8.8.8.8
    forward-addr: 4.2.2.2

WBR, Ilya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20171219/66d22862/attachment.html>