1.7.3 - stub-zone public domain

ѽ҉ᶬḳ℠ vtol at gmx.net
Fri Jul 27 15:07:53 UTC 2018


>>> Hi,
>>>
>>> is stub-zone is only serving private domains but not public domains?
> stub zones and forward zones are selected closest to the name of the
> query.  That one is used.
>
> If you run another (authoritative) server on the same host,
> do-not-query-localhost: no is usually necessary to enable unbound to
> query it.  Otherwise unbound attempts to not get into some sort of loop
> by querying localhost (itself in many cases), hence it is off by default.

That does not seems to be an issue. BIND-9 as authoritative server is
not bound on lo/127.0.0.1 but eth0/172.24.120.10 and port 42053.

The local QDN set in a stub-zone gets resolved just fine by unbound.
However, for the public FQDN set in a stub-zone it does not and unbound
is querying upstream resolvers instead and I do not see why it should.
Is there a hard-coded logic in unbound for FQDN to always (or first) be
resolved from upstream servers? The sub-zone is configured as follows:

stub-zone:
  name: foo.bar
  stub-host: dns
  stub-addr: 172.24.120.10 at 42053

Doing a [ dig foo.bar ] unbound is neglecting [ stub-addr:
172.24.120.10 at 42053 ] and heads straight for the upstream resolver. And
that does not make sense to me as the dig query is matching the [
stub-zone name ]





More information about the Unbound-users mailing list