[Unbound-users] Public stub zone

Pieter Ennes pieterennes at gmail.com
Sat Oct 19 08:24:57 UTC 2013

Hi Yuri,

On 18/10/13 13:22, Yuri Schaeffer wrote:
> Hi Pieter,
> So if I read your question correctly you have
> - An authority server which has no delegation towards it.
> - your zone's NS records point to your unbound instance
>> However, I cannot find a way to expose *just* my stub-zone to the world,
>> without allowing global recursion at the same time.
> I just tried the following:
> server:
> 	...
> 	local-zone: . refuse
> 	local-zone: unbound.net transparent
> 	...
> forward-zone:
>  	name: "unbound.net"
>  	forward-addr:
>  	forward-addr:
> This would refuse any query not in the unbound.net zone. Does this work
> for you?

Your example using a forward-zone works just fine, but I tried a
stub-zone instead of a forward-zone, and ran into a segfault with that.
See https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=528

I chose a stub zone since I have authoritative data and the docs mention:

"If you need more complicated authoritative data [...] setup a sub-zone
for it [...]."

What is valid reasoning to choose between a forward and stub zone
statement in my case?

PS. The experimental server in question is here:
http://github.com/skion/junkdns/. It basically looks up publicsuffix.org
extensions at the moment.

- Pieter

More information about the Unbound-users mailing list