[Unbound-users] Issue while using override with local-data feature
marco.davids at sidn.nl
Tue Dec 23 08:42:44 UTC 2008
I ran into an interesting situation while using the local-data feature
Here is the situation:
There is a domain, let's say it is 'domain.nl', with a FQDN
'www.domain.nl', which is available from the entire Internet. It is
served from ns.example.com.
There is also an override on my local Unbound-resolver:
'intra.domain.nl'. This should only be locally served, obviously.
In unbound.conf I configured:
local-zone: "domain.nl." transparent
local-data: "intra.domain.nl A 192.168.1.1"
Now, this works fine, with one exception:
Many applications ask for AAAA-records nowadays. Indeed my application
asks for 'AAAA intra.domain.nl'. In this case, Unbound (or rather
ns.example.com, I guess) returns an NXDOMAIN. This is understandable,
since there is no A record for 'intra.domain.nl' under the 'domain.nl'
at ns.example.com (there is only a local override in Unbound). But it is
also an undesirable situation, since some resolvers run into problems
and won't resolve the A record anymore:
Wouldn't it be better if Unbound would change the NXDOMAIN answer from
ns.example.com into a NOERROR when it has an A-record equivalent of the
AAAA-question available? Or maybe a similar solution to prevent the
problem described above?
I think I had found a workaround by adding this in unbound.conf:
local-data: "intra.domain.nl AAAA"
An empty AAAA record.
This results in the desired NOERROR answer, but instead of the ANSWER:
being 0, it is 1:
; <<>> DiG 9.5.0-P2 <<>> AAAA intra.domain.nl
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7651
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;intra.domain.nl. IN AAAA
(This worked for Unbound 1.0, but Unbound 1.1 fails to start when I try
More information about the Unbound-users