Fwd: inform_deny causes iOS to hang until timeout

Petr Špaček petr.spacek at nic.cz
Thu Nov 29 13:33:56 UTC 2018

For the record:

.local is reserved for multicast DNS so anyone using it for other
purposes will face various issues.

Introducting .lcl is a wrong thing to do because it is effectivelly
hijacking TLD (which might not be delegated at moment but can be
delegated at any later time).

If you have to move from .local anyway, please use recommended
configuration instead of .lcl (or any other hack).

It is recommended to to use domain name like
`internal.example.com.` where `internal.example.com.` is an
existing zone, which might be insecure zone (i.e. a zone which is not
signed using DNSSEC).

I hope it clarifies how technically correct setup should look like.

Petr Špaček  @  CZ.NIC

On 29. 11. 18 3:25, HoyaZot via Unbound-users wrote:
> Although I never got a response to this, the answer was to use
> always_nxdomain 
> FWIW, for those of you having problems since iOS 10 serving *.local
> domains, it can be circumvented by using *.lcl in addition to your
> *.local, so that at least iOS devices can access the network if
> necessary. There might be some scenario where that’s undesirable, but I
> can’t think of one off hand. 
> ---------- Forwarded message ---------
> From: *HoyaZot* <hoyazot at gmail.com <mailto:hoyazot at gmail.com>>
> Date: Mon, Nov 26, 2018 at 4:38 PM
> Subject: inform_deny causes iOS to hang until timeout
> To: <unbound-users at nlnetlabs.nl <mailto:unbound-users at nlnetlabs.nl>>
> Is there a way to send an invalid (or IP addresses for my black
> hole zone file, instead of my current method of using local zone
> inform_deny? Any websites relying on sites in the black hole won’t load
> on iOS devices which is causing a problem for us. Appreciate any help.
> Thanks 

More information about the Unbound-users mailing list