1.7.3 - stub-zone public domain
vtol at gmx.net
Fri Jul 27 15:07:53 UTC 2018
>>> is stub-zone is only serving private domains but not public domains?
> stub zones and forward zones are selected closest to the name of the
> query. That one is used.
> If you run another (authoritative) server on the same host,
> do-not-query-localhost: no is usually necessary to enable unbound to
> query it. Otherwise unbound attempts to not get into some sort of loop
> by querying localhost (itself in many cases), hence it is off by default.
That does not seems to be an issue. BIND-9 as authoritative server is
not bound on lo/127.0.0.1 but eth0/172.24.120.10 and port 42053.
The local QDN set in a stub-zone gets resolved just fine by unbound.
However, for the public FQDN set in a stub-zone it does not and unbound
is querying upstream resolvers instead and I do not see why it should.
Is there a hard-coded logic in unbound for FQDN to always (or first) be
resolved from upstream servers? The sub-zone is configured as follows:
stub-addr: 172.24.120.10 at 42053
Doing a [ dig foo.bar ] unbound is neglecting [ stub-addr:
172.24.120.10 at 42053 ] and heads straight for the upstream resolver. And
that does not make sense to me as the dig query is matching the [
stub-zone name ]
More information about the Unbound-users