<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">Thank you Ralph. I will check and get back to you.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br clear="all"></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><i><span style="font-family:verdana,sans-serif">Thanks & Regards,<br><br>Yogesh Sharma</span><br></i></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jan 23, 2019 at 3:40 PM Ralph Dolmans via Unbound-users <<a href="mailto:unbound-users@nlnetlabs.nl">unbound-users@nlnetlabs.nl</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Yogesh,<br>
<br>
On 23-01-19 06:15, Yogesh Sharma via Unbound-users wrote:<br>
> I am able to test 2nd scenario and all resolution will be done by dns<br>
> server as mentioned in name: "." (dot). Can some please guide how can we<br>
> route few zones to specific dns server and rest all to google dns.<br>
<br>
The most specific match will be used. So in your example all queries<br>
except <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a>, <a href="http://example.org" rel="noreferrer" target="_blank">example.org</a> and its subdomains will go to the "."<br>
forward-zone.<br>
<br>
> <br>
> However, first one is still a problem, when I am using<br>
> <br>
> forward-zone:<br>
> name: "."<br>
> forward-addr: 127.0.0.1@5353<br>
> <br>
> it appends search string from resolv.conf.<br>
> <br>
> Eg: is search string is internal.localhost then All <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a><br>
> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>> name is changing to example.com.internal.localhost.<br>
<br>
This is done by the client querying Unbound. Unbound itself does not use<br>
your resolv.conf.<br>
<br>
> <br>
> if I put <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>>. (dot at the end) then it<br>
> return server fail.<br>
<br>
Check your Unbound logs to see why it is a SERVFAIL. My first guess is<br>
that this is because your zone does not DNSSEC validate. In that case<br>
you might want to have a look at the domain-insecure configuration option.<br>
<br>
-- Ralph<br>
<br>
> <br>
> <br>
> /Thanks & Regards,<br>
> <br>
> Yogesh Sharma<br>
> /<br>
> <br>
> <br>
> On Wed, Jan 23, 2019 at 9:48 AM Yogesh Sharma <<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a><br>
> <mailto:<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a>>> wrote:<br>
> <br>
> Hi ,<br>
> <br>
> Any suggestion.<br>
> <br>
> /Thanks & Regards,<br>
> <br>
> Yogesh Sharma | <a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a> <mailto:<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a>> |<br>
> LinkedIn <<a href="http://linkedin.com/in/yks0000" rel="noreferrer" target="_blank">http://linkedin.com/in/yks0000</a>> | Portal<br>
> <<a href="https://yogeshsharma.me/" rel="noreferrer" target="_blank">https://yogeshsharma.me/</a>><br>
> /<br>
> <br>
> <br>
> On Tue, Jan 22, 2019 at 11:44 PM Yogesh Sharma <<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a><br>
> <mailto:<a href="mailto:yks0000@gmail.com" target="_blank">yks0000@gmail.com</a>>> wrote:<br>
> <br>
> Hi Team,<br>
> <br>
> I am new to Unbound and need some help.<br>
> <br>
> I need to forward all of request to local dnsmasq running on<br>
> 127.0.0.1@5353.<br>
> <br>
> Once I do that, I see all lookup are suffixed with search string<br>
> as present in /etc/resolv.conf and return server fail. If I do<br>
> resolve by explicitly putting "." (dot) at the end, even though<br>
> I get server fail.<br>
> <br>
> <br>
> Version: 1.6.6<br>
> <br>
> Config:<br>
> <br>
> <br>
> server:<br>
> verbosity: 1<br>
> username: root<br>
> interface: 127.0.0.1<br>
> port: 53<br>
> chroot: ""<br>
> do-ip4: yes<br>
> do-udp: yes<br>
> do-tcp: yes<br>
> hide-identity: yes<br>
> hide-version: yes<br>
> msg-cache-size: 50m<br>
> msg-cache-slabs: 4<br>
> rrset-cache-size: 100m<br>
> rrset-cache-slabs: 4<br>
> cache-min-ttl: 300<br>
> cache-max-negative-ttl: 300<br>
> access-control: <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> <<a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">http://0.0.0.0/0</a>> allow<br>
> logfile: "/var/log/unbound/unbound.log"<br>
> log-identity: root<br>
> log-queries: yes<br>
> log-replies: yes<br>
> pidfile: "/var/log/unbound/unbound.pid"<br>
> prefetch: yes<br>
> <br>
> forward-zone:<br>
> name: "."<br>
> forward-addr: 127.0.0.1@5353<br>
> <br>
> <br>
> <br>
> 2nd Question:<br>
> <br>
> considering below forward-zone configuration, will all of name<br>
> lookup will be forwarded to open dns servers<br>
> (<a href="http://208.67.222.222/208.67.220.220" rel="noreferrer" target="_blank">208.67.222.222/208.67.220.220</a><br>
> <<a href="http://208.67.222.222/208.67.220.220" rel="noreferrer" target="_blank">http://208.67.222.222/208.67.220.220</a>>) or it will send only<br>
> those name server which are not part of <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a><br>
> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>> and <a href="http://example.org" rel="noreferrer" target="_blank">example.org</a> <<a href="http://example.org" rel="noreferrer" target="_blank">http://example.org</a>><br>
> <br>
> forward-zone:<br>
> name: "."<br>
> forward-addr: 208.67.222.222<br>
> forward-addr: 208.67.220.220<br>
> <br>
> forward-zone:<br>
> name: "<a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>>"<br>
> forward-addr: 8.8.8.8<br>
> <br>
> forward-zone:<br>
> name: "<a href="http://example.org" rel="noreferrer" target="_blank">example.org</a> <<a href="http://example.org" rel="noreferrer" target="_blank">http://example.org</a>>"<br>
> forward-addr: 8.8.4.4<br>
> <br>
> <br>
> Thanks for help.<br>
> <br>
> <br>
> <br>
> /Thanks & Regards,<br>
> <br>
> Yogesh Sharma<br>
> /<br>
> <br>
</blockquote></div>