[Unbound-users] Public stub zone
Pieter Ennes
pieterennes at gmail.com
Sat Oct 19 08:24:57 UTC 2013
Hi Yuri,
On 18/10/13 13:22, Yuri Schaeffer wrote:
> Hi Pieter,
>
> So if I read your question correctly you have
> - An authority server which has no delegation towards it.
> - your zone's NS records point to your unbound instance
>
>> However, I cannot find a way to expose *just* my stub-zone to the world,
>> without allowing global recursion at the same time.
>
> I just tried the following:
>
> server:
> ...
> local-zone: . refuse
> local-zone: unbound.net transparent
> ...
>
> forward-zone:
> name: "unbound.net"
> forward-addr: 213.154.224.48
> forward-addr: 213.154.224.1
>
> This would refuse any query not in the unbound.net zone. Does this work
> for you?
Your example using a forward-zone works just fine, but I tried a
stub-zone instead of a forward-zone, and ran into a segfault with that.
See https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=528
I chose a stub zone since I have authoritative data and the docs mention:
"If you need more complicated authoritative data [...] setup a sub-zone
for it [...]."
What is valid reasoning to choose between a forward and stub zone
statement in my case?
PS. The experimental server in question is here:
http://github.com/skion/junkdns/. It basically looks up publicsuffix.org
extensions at the moment.
- Pieter
More information about the Unbound-users
mailing list