Unbound 1.7.2rc1 pre-release

Harry Schmalzbauer list.unbound at omnilan.de
Tue Jun 5 07:38:13 UTC 2018


Am 05.06.2018 um 09:29 schrieb W.C.A. Wijngaards:
> Hi Harry,
>
> On 05/06/18 09:23, Harry Schmalzbauer wrote:
>> Am 04.06.2018 um 14:07 schrieb W.C.A. Wijngaards via Unbound-users:
>>> Hi,
>>>
>>> Unbound 1.7.2rc1 pre-release is available:
>>> https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz
>>> sha256 561c33f80b757820e3bd632cd339673da84a71dbb6328d124324db2c63a7f833
>>> pgp
>>> https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz.asc
>> Hello,
>>
>> me again, again regarding auth-zones:
>> I'm running 1.7.2rc1 on FreeBSD11.2/adm64 and can confirm that the
>> NOTIFY-dedlock vanished.
>>
>> But CNAME records aren't resolved as soon as the record comes from
>> auth-zone:.
>>
>> Other problems keep me from thinking/researching, but as far as I know,
>> the authoritative server has to return the CANME results alsong with the
>> record, correct?
> Yes, but only if you set for-downstream: no and for-upstream: yes.
> With for-downstream, if that was enabled, then unbound responds with the
> authority response to the downstream client, and that response does not
> contain the CNAME result (in fact Unbound includes CNAME results, but

Hello Wouter,

thanks a lot for your quick help.
Pilot error here: I had for-downstream: yes (and for-upstream: yes).

Sorry for the noise, will need some time to have a closer look at those 
two options and their meaning.
Your hints are very helpful, but I'm unsure what I want right now ;-)


> only if it is from the same auth-zone).  The for-upstream: yes makes
> unbound resolve CNAMEs, and pick information from the auth-zone where
> necessary.
>
> If the config that is used has these settings, then I would be
> interested in some more information.  What CNAME and so?  How to
> reproduce or perhaps a simple verbosity 4 log of what is happening.

Will drop a note as soon as I had time to play with that, but I guess 
everything is working like designed, it's just a configuration error on 
my side.

Thanks,

-Harry





More information about the Unbound-users mailing list