[Unbound-users] local-zone transparent behavior

Paul Wouters paul at xelerance.com
Thu Mar 18 22:10:05 UTC 2010

On Thu, 18 Mar 2010, Bryan Clay wrote:

> local-zone: foo.com transparent
> local-data: "foo.com. A"
> Any queries for MX or NS records on foo.com will return NOERROR/NODATA by design, even if that data exists in a
> forwarder upstream.  This make me cry and I would be hugely grateful for a method, now or in a future release, for
> a way to bypass this behavior.
> I also recommend that this specific behavior be documented with the rest of the transparent behavior in the manual.
>  It took me more than an hour to diagnose this issue.  Maybe it will keep some other poor sap from going insane.

Unbound is not a authoritative nameserver, so logic for MX and/or additional data
is not really there, other then the simple "insert in cache" override you use above.
For more complicated things, use a forwarder to a local auth nameserver that has that
zone, eg:

 	name: "foo.com."
 	stub-addr: at 5353
 	stub-prime: "no"

Then run an auth server (nsd or bind) on port 5353 that has the zone foo.com.

Note that if you want answers that contain RFC1918 space, eg
you might need an additional:

local-zone: "168.192.in-addr.arpa." nodefault


More information about the Unbound-users mailing list