<div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace">Hi,<br><br>I understand the unbound purpose, as a recursive dns server.<br><br>Unbound has auth-zone but doesn't act as fully authoritative?</div><div class="gmail_default" style="font-family:monospace,monospace">As the doc:<br>- for-downstream: yes, and when used in this manner make unbound respond like an authority server.<br><br></div><div class="gmail_default" style="font-family:monospace,monospace">If I understand right and want to be fully authoritative I need NSD or BIND9?<br><br>I read some parts of the code to understand more.<br>I have used the same zone in unbound and NSD, and they reply the same way.<br><br>If unbound downloads the zone using http without authentication,<br>And can download the zone receiving XFR replies, why just don't reply to XFR queries?</div><div class="gmail_default" style="font-family:monospace,monospace">Even an AXFR (without IXFR).<br><br>Since the first unbound was released, it has grown.<br>Is there a bigger reason, or is it just because unbound will always be focused on a recursive server?<br><br>I don't want to need to run another daemon
with other dependencies, to do something that is already partially done.<br>That means having another, totally separate control.<br><br>If it's not and will not become possible (even if someone coded that, PR), that's fine. </div><div class="gmail_default" style="font-family:monospace,monospace">It's just, I really wanted to know if there was a specific reason, as most of the features are already there.</div><div class="gmail_default" style="font-family:monospace,monospace"><br>Thanks a lot for the reply.<br><br><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter., 13 de jul. de 2021 às 12:42, Unbound <<a href="mailto:unbound@tacomawireless.net">unbound@tacomawireless.net</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 2021-07-13 03:42, Luiz Fernando Softov via Unbound-users wrote:<br>
> I was trying to use auth-zone and I succeeded in getting it running.<br>
> Simple <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> and in-addr.arpa zones.<br>
> Then I used ldns-keygen, ldns-signzone and created signed zones.<br>
> <br>
> When I was trying to transfer the zone I figured out that unbound don't do<br>
> AXFR or IXFR.<br>
> <br>
> In the doc<br>
> If you point it at another Unbound instance, it would not work<br>
> because that does not support AXFR/IXFR for the zone, but if you<br>
> used url: to download the zonefile as a text file from a web-<br>
> server that would work.<br>
> <br>
> Is there any reason for this working that way?<br>
> Unbound was written for the same people* that write NSD, correct?<br>
> <br>
> Even the same lib LDNS is present in the code.<br>
> <br>
> ps. a long time since 1.7.1 was released, I needed to compile the develop<br>
> branch (1.7.2), since there are a lot of corrections, leak stuff, ...)<br>
> <br>
> Unbound already has auth-zone, update using http :O, why don't AXFR and<br>
> IXFR?<br>
> XFR also provides security, best I know.<br>
> <br>
> Is this related with no time to code? A software design?<br>
> Are There plans support XFR?<br>
> <br>
> I can try to code and make a Pull Request?<br>
> Or is there some other reason, and this can't be done?<br>
> <br>
> I want to just use unbound, don't want to use nsd or bind with stub.<br>
If I understand your questions correctly. I think you misunderstood unbound' <br>
purpose.<br>
Unbound, altho it runs as a service, is more a Client. Much the same as your<br>
web browser is a web client, not a web server. It searches and looks at web <br>
pages.<br>
It doesn't create or serve them. It's much the same with Unbound. While you <br>
could<br>
technically dump the query chain from the query log to a zone file. It's not <br>
it's<br>
intent to this sort of thing. What you're asking about is more the function <br>
of an<br>
authoritative name server, not a recursive server (client).<br>
<br>
HTH<br>
<br>
--Chris<br>
</blockquote></div>