[Unbound-users] Issue while using override with local-data feature

Marco Davids marco.davids at sidn.nl
Tue Dec 23 08:42:44 UTC 2008

Hello list,

I ran into an interesting situation while using the local-data feature
in Unbound.

Here is the situation:

There is a domain, let's say it is 'domain.nl', with a FQDN
'www.domain.nl', which is available from the entire Internet. It is
served from ns.example.com.

There is also an override on my local Unbound-resolver:
'intra.domain.nl'. This should only be locally served, obviously.

In unbound.conf I configured:

local-zone: "domain.nl." transparent
local-data: "intra.domain.nl A"

Now, this works fine, with one exception:

Many applications ask for AAAA-records nowadays. Indeed my application
asks for 'AAAA intra.domain.nl'. In this case, Unbound (or rather
ns.example.com, I guess) returns an NXDOMAIN. This is understandable,
since there is no A record for 'intra.domain.nl' under the 'domain.nl'
at ns.example.com (there is only a local override in Unbound). But it is
also an undesirable situation, since some resolvers run into problems
and won't resolve the A record anymore:

Wouldn't it be better if Unbound would change the NXDOMAIN answer from
ns.example.com into a NOERROR when it has an A-record equivalent of the
AAAA-question available? Or maybe a similar solution to prevent the
problem described above?

I think I had found a workaround by adding this in unbound.conf:

local-data: "intra.domain.nl AAAA"

An empty AAAA record.

This results in the desired NOERROR answer, but instead of the ANSWER:
being 0, it is 1:

; <<>> DiG 9.5.0-P2 <<>> AAAA intra.domain.nl
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7651
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;intra.domain.nl.               IN      AAAA

(This worked for Unbound 1.0, but Unbound 1.1 fails to start when I try
this workaround)


Marco Davids

More information about the Unbound-users mailing list