Does "stub-prime: yes" refresh NS list as zone apex changes?
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Thu Sep 29 07:27:16 UTC 2016
Hi Viktor,
On 29/09/16 09:14, Viktor Dukhovni via Unbound-users wrote:
>
> I read that "stub-prime: yes" obtains the initial "NS" list from
> the zone's parent as usual, but what happens after that? Is that
> "NS" list effectively "frozen" for the life-time of the unbound(8)
> server process, or does it get updated as the NS records change at
> the zone apex?
Yes they are updated when their TTL expires. Much like the way that root
hints are primed and updated.
Best regards, Wouter
>
> The reason I ask is that when forwarding most queries to an
> upstream cache:
>
> forward-zone:
> name: "."
> forward-addr: 192.0.2.1
> forward-first: yes
>
> it is tempting to handle exceptions via:
>
> stub-zone:
> name: "example.net"
> stub-prime: yes
>
> where queries for "example.net" are not forwarded upstream, but
> instead go direct to the authority servers. However, what is not
> clear from the documentation, is whether the NS RRset obtained via
> "stub-prime: yes" is ever updated. The idea here is not to go to
> some other set of servers that manually configured, but rather to
> avoid indirect forwarding, so updates would in fact be wanted for
> this to work.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20160929/a6ac7d87/attachment.bin>
More information about the Unbound-users
mailing list