How to ask forwarders only after direct query to target zone NS'es is failed?

Ilya Evseev ilya.evseev at
Tue Dec 19 13:43:27 UTC 2017

  Hi all!
By default, Unbound DNS server works by "classic" scheme: queries root
servers, then queries NS'es for A/AAAA/...

Sometime (rarely) connectivity between my Unbound DNS host and target zone
NS'es is failed, but target NS'es are still available from various
LookingGlasses and from Google/Level3 DNS, so "nslookup" and "nslookup" returns the correct answer.

So my question is very simple:
How to setup Unbound to use public forwarders when (and only after) direct
query to the target NS'es is failed?

The following config works fine, but routes all queries immediately to
forwarders, ignoring target NS'es at all:

    name: "."
    forward-first: no

WBR, Ilya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list