auth-zone and forward-zone on unbound-1.7.0

Guillaume-Jean Herbiet gjherbiet at
Wed Apr 4 09:41:34 UTC 2018


While doing some experiments, I am facing an issue while mixing
auth-zone and forward-zone.

The server I was testing on was originally configured to forward
requests to other servers (mainly to benefit from their cache):

  name: "."
  forward-addr: IP1	# redacted
  forward-addr: IP2	# redacted

Then, I added auth-zone directives on order to implement RF7706:

  name: "."
  for-downstream: no
  for-upstream: yes
  fallback-enabled: yes

>From this point, all responses are nodata.

Both features work separately, but not together.

I know this can be a curious config (frankly, I forgot I added the
forward-zone on this test server...) but I would have expected unbound :

- either to use the root zone local copy, then to use the forward-addr
to continue with the recursion
- or to ignore the auth-zone directives as it is configured as a simple
forwarder for the zone

Any comment on this?


More information about the Unbound-users mailing list