<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Thank you Ralph. I will check and get back to you.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br clear="all"></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><i><span style="font-family:verdana,sans-serif">Thanks & Regards,<br><br>Yogesh Sharma</span><br></i></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jan 23, 2019 at 3:40 PM Ralph Dolmans via Unbound-users <<a href="mailto:unbound-users@nlnetlabs.nl">unbound-users@nlnetlabs.nl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Yogesh,<br>
<br>
On 23-01-19 06:15, Yogesh Sharma via Unbound-users wrote:<br>
> I am able to test 2nd scenario and all resolution will be done by dns<br>
> server as mentioned in name: "." (dot). Can some please guide how can we<br>
> route few zones to specific dns server and rest all to google dns.<br>
<br>
The most specific match will be used. So in your example all queries<br>
except <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a>, <a href="http://example.org" rel="noreferrer" target="_blank">example.org</a> and its subdomains will go to the "."<br>
forward-zone.<br>
<br>
> <br>
> However, first one is still a problem, when I am using<br>
> <br>
> forward-zone:<br>
>     name: "."<br>
>     forward-addr: 127.0.0.1@5353<br>
> <br>
> it appends search string from resolv.conf.<br>
> <br>
> Eg: is search string is internal.localhost then All <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a><br>
> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>> name is changing to example.com.internal.localhost.<br>
<br>
This is done by the client querying Unbound. Unbound itself does not use<br>
your resolv.conf.<br>
<br>
> <br>
> if I put <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>>. (dot at the end) then it<br>
> return server fail.<br>
<br>
Check your Unbound logs to see why it is a SERVFAIL. My first guess is<br>
that this is because your zone does not DNSSEC validate. In that case<br>
you might want to have a look at the domain-insecure configuration option.<br>
<br>
-- Ralph<br>
<br>
> <br>
> <br>
> /Thanks & Regards,<br>
> <br>
> Yogesh Sharma<br>
> /<br>
> <br>
> <br>
> On Wed, Jan 23, 2019 at 9:48 AM Yogesh Sharma <<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a><br>
> <mailto:<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a>>> wrote:<br>
> <br>
>     Hi ,<br>
> <br>
>     Any suggestion.<br>
> <br>
>     /Thanks & Regards,<br>
> <br>
>     Yogesh Sharma  | <a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a> <mailto:<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a>> |<br>
>     LinkedIn <<a href="http://linkedin.com/in/yks0000" rel="noreferrer" target="_blank">http://linkedin.com/in/yks0000</a>> | Portal<br>
>     <<a href="https://yogeshsharma.me/" rel="noreferrer" target="_blank">https://yogeshsharma.me/</a>><br>
>     /<br>
> <br>
> <br>
>     On Tue, Jan 22, 2019 at 11:44 PM Yogesh Sharma <<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a><br>
>     <mailto:<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a>>> wrote:<br>
> <br>
>         Hi Team,<br>
> <br>
>         I am new to Unbound and need some help.<br>
> <br>
>         I need to forward all of request to local dnsmasq running on<br>
>         127.0.0.1@5353.<br>
> <br>
>         Once I do that, I see all lookup are suffixed with search string<br>
>         as present in /etc/resolv.conf and return server fail. If I do<br>
>         resolve by explicitly putting "." (dot) at the end, even though<br>
>         I get server fail.<br>
> <br>
> <br>
>         Version: 1.6.6<br>
> <br>
>         Config:<br>
> <br>
> <br>
>         server:<br>
>             verbosity: 1<br>
>             username: root<br>
>             interface: 127.0.0.1<br>
>             port: 53<br>
>             chroot: ""<br>
>             do-ip4: yes<br>
>             do-udp: yes<br>
>             do-tcp: yes<br>
>             hide-identity: yes<br>
>             hide-version: yes<br>
>             msg-cache-size: 50m<br>
>             msg-cache-slabs: 4<br>
>             rrset-cache-size: 100m<br>
>             rrset-cache-slabs: 4<br>
>             cache-min-ttl: 300<br>
>             cache-max-negative-ttl: 300<br>
>             access-control: <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> <<a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">http://0.0.0.0/0</a>> allow<br>
>             logfile: "/var/log/unbound/unbound.log"<br>
>             log-identity: root<br>
>             log-queries: yes<br>
>             log-replies: yes<br>
>             pidfile: "/var/log/unbound/unbound.pid"<br>
>             prefetch: yes<br>
> <br>
>         forward-zone:<br>
>             name: "."<br>
>             forward-addr: 127.0.0.1@5353<br>
> <br>
> <br>
> <br>
>         2nd Question:<br>
> <br>
>         considering below forward-zone configuration, will all of  name<br>
>         lookup will be forwarded to open dns servers<br>
>         (<a href="http://208.67.222.222/208.67.220.220" rel="noreferrer" target="_blank">208.67.222.222/208.67.220.220</a><br>
>         <<a href="http://208.67.222.222/208.67.220.220" rel="noreferrer" target="_blank">http://208.67.222.222/208.67.220.220</a>>) or it will send only<br>
>         those name server which are not part of <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a><br>
>         <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>> and <a href="http://example.org" rel="noreferrer" target="_blank">example.org</a> <<a href="http://example.org" rel="noreferrer" target="_blank">http://example.org</a>><br>
> <br>
>         forward-zone:<br>
>             name: "."<br>
>             forward-addr: 208.67.222.222<br>
>             forward-addr: 208.67.220.220<br>
>            <br>
>         forward-zone:<br>
>             name: "<a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>>"<br>
>             forward-addr: 8.8.8.8<br>
>            <br>
>         forward-zone:<br>
>             name: "<a href="http://example.org" rel="noreferrer" target="_blank">example.org</a> <<a href="http://example.org" rel="noreferrer" target="_blank">http://example.org</a>>"<br>
>             forward-addr: 8.8.4.4<br>
>           <br>
> <br>
>         Thanks for help.<br>
> <br>
> <br>
> <br>
>         /Thanks & Regards,<br>
> <br>
>         Yogesh Sharma<br>
>         /<br>
> <br>
</blockquote></div>