auth-zone and CNAME record...still not working?

Ralph Dolmans ralph at nlnetlabs.nl
Thu Mar 29 14:43:29 UTC 2018 

Hi,

Not sure what this classical handicap is, but why wouldn't you use
local-data here? This should do the trick:

local-zone: "git.internalzone.io" redirect

local-data: "git.internalzone.io. CNAME git.realzone.com."

-- Ralph


On 29-03-18 16:03, jpdolz via Unbound-users wrote:
> Hello guys,
> 
> this week I've been playing with the new "auth-zone" feature of 1.7
> version, trying to fix the "classical" handicap with the CNAME record.
> Having a look to the documentation and to the mailing list I understood
> that using the new feature we'd finally have an "authoritative" DNS
> server and then we'd be able to use a functional CNAME record (
> resolving the IP behind the name )
> 
> But, fiasco, that never happened :-(
> 
> Here I put my configuration for the unbound.conf file and also the
> definition of the zone used:
> 
>>>>> internalzone-file <<<<
> 
> internalzone.io <http://internalzone.io/>. SOA ns.internalzone.io
> <http://ns.internalzone.io/>. hostmaster.internalzone.io
> <http://hostmaster.internalzone.io/>. (
>                   1998092901  ; Serial number
>                   60          ; Refresh     1 minute
>                   1800        ; Retry       30 minutes
>                   3600000     ; Expire      41.67 days
>                   172800 )    ; Minimum TTL 2 days
> internalzone.io <http://internalzone.io/>.            NS   
>   ns.internalzone.io <http://ns.internalzone.io/>.
> internalzone.io <http://internalzone.io/>.            A       192.168.0.2
> git.internalzone.io <http://git.internalzone.io/>.        CNAME 
>  git.realzone.com <http://git.realzone.com/>.
> 
> 
>>>>> unbound.conf <<<<
> ...
> stub-zone:
>   name: "realzone.com <http://realzone.com/>"
>   stub-host: ns-XXXX.awsdns-YY.co.uk <http://ns-xxxx.awsdns-yy.co.uk/>.
> 
> auth-zone:
>   name: "internalzone.io <http://internalzone.io/>"
>   zonefile: internalzone.file
> ...
> 
> Of course, I tried all the possible combinations
> with *for-upstream *and* **for-downstream *and nor didn't work.
> Please, if anyone knows a way to do it just using unbound I'd be very
> happy, if not, it would be super useful to have a clear answer about the
> no feasibility to get the required scenario working.
> 
> Thanks in advance!!!!

More information about the Unbound-users mailing list