[Unbound-users] What's wrong with CNAMEs in local-data?

[Matthijs Mekking]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Michael,

Cached data is gathered querying authoritative servers, local data is
not. Unbound is a recursive resolver, not an authoritative one. Thus, it
can resolve CNAMEs, but it is not intended to publish CNAMEs. The
authoritative features are minimal with a purpose.

If you need authoritative local data with CNAME (and DNAME, referrals,
wildcards, ...) processing, I advise to set up a stub zone.

stub-zone:
    name: "stub.example"
    stub-addr: 127.0.0.1 at 10053

And run NSD on port 10053 with the stub.example zone.

Best regards,

Matthijs Mekking
NLnet Labs

Michael Tokarev wrote:
> Out of curiocity.
> 
> Why unbound can't resolve CNAMEs in local-data
> as it does with other CNAMEs?  What is different
> between local-data and cached data?
> 
> If I were to implement that stuff, I'd, probably,
> use the same cache for both "kinds" of RRs, but
> for local-data stuff I'd mark them as "permanent".
> When constructing answer, take CNAME as if it
> were cached normally, and resolve the target name
> the usual way.
> 
> I don't know how it's implemented in unbound.  Why
> the restriction and/or different treatment to start
> with?
> 
> Thanks!
> 
> /mjt
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJK3EE4AAoJEA8yVCPsQCW5dUwIAIeEbxYWB5KnVWcGrQys8Yqo
SZ8EETs2Xw8UBSf+uFIagw9YCa0EvQQVi8FJJ7v3eFdonCEhqBrJWuSqUgjqAuox
RxuJY4cuIhm5s82wf44nXCRX+wUVOhznIyhwWo61soCXSYAg9HNUVuV7B8ozm6Jq
fs90YXUtegSvilxS7lIKi0jmF73v1+JMaM16ODcaNiu6ooZUVWJ4H1ysOmHH0+cz
0kh9NcSYaksVrNh/AtNp4FNAK63spt+8Rc9W0S0NU0qSweUK3NEJALJHmta9u/dw
c3G+fG+KCWv+AR8guI0VWu2EhSczAea9IxMmCvh/41wMSBB8NGIvvsBo9VquPLE=
=NBzl
-----END PGP SIGNATURE-----