Does "stub-prime: yes" refresh NS list as zone apex changes?

Viktor Dukhovni ietf-dane at dukhovni.org
Thu Sep 29 07:14:40 UTC 2016


I read that "stub-prime: yes" obtains the initial "NS" list from
the zone's parent as usual, but what happens after that?  Is that
"NS" list effectively "frozen" for the life-time of the unbound(8)
server process, or does it get updated as the NS records change at
the zone apex?

The reason I ask is that when forwarding most queries to an
upstream cache:
 
	forward-zone: 
		name: "."
		forward-addr: 192.0.2.1
		forward-first: yes

it is tempting to handle exceptions via:
 
	stub-zone: 
		name: "example.net"
		stub-prime: yes

where queries for "example.net" are not forwarded upstream, but
instead go direct to the authority servers.  However, what is not
clear from the documentation, is whether the NS RRset obtained via
"stub-prime: yes" is ever updated.  The idea here is not to go to
some other set of servers that manually configured, but rather to
avoid indirect forwarding, so updates would in fact be wanted for
this to work.

-- 
	Viktor.



More information about the Unbound-users mailing list