[Unbound-users] What's wrong with CNAMEs in local-data?
matthijs at NLnetLabs.nl
Mon Oct 19 10:36:42 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Cached data is gathered querying authoritative servers, local data is
not. Unbound is a recursive resolver, not an authoritative one. Thus, it
can resolve CNAMEs, but it is not intended to publish CNAMEs. The
authoritative features are minimal with a purpose.
If you need authoritative local data with CNAME (and DNAME, referrals,
wildcards, ...) processing, I advise to set up a stub zone.
stub-addr: 127.0.0.1 at 10053
And run NSD on port 10053 with the stub.example zone.
Michael Tokarev wrote:
> Out of curiocity.
> Why unbound can't resolve CNAMEs in local-data
> as it does with other CNAMEs? What is different
> between local-data and cached data?
> If I were to implement that stuff, I'd, probably,
> use the same cache for both "kinds" of RRs, but
> for local-data stuff I'd mark them as "permanent".
> When constructing answer, take CNAME as if it
> were cached normally, and resolve the target name
> the usual way.
> I don't know how it's implemented in unbound. Why
> the restriction and/or different treatment to start
> Unbound-users mailing list
> Unbound-users at unbound.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Unbound-users