Local-data or stub-zone for fake domains

[Юрий Иванов]

Hi,
May I ask for advice.

My original DNS host internal zone .mycorp, for local company services.
Now I want to use unbound.

I've created stub-zone:
stub-zone:
  name: "mycorp."
  stub-addr: 87.2.16.54

When asking dig @87.2.16.54 supportdesk.mycorp unbound send me a log message:
Aug  5 09:58:37 DNSCache-1 unbound: [16829:2] info: validation failure <supportdesk.mycorp. A IN>: no NSEC3 records from 202.12.27.33 for DS supportdesk.mycorp. while building chain of trust

To override this problem I create local data:
local-data: "supportdesk.mycorp. 10800 IN A 87.2.16.54"

What is correct path to resolv this issue: Create a bunch of local-data entries or try fix validation failure  somehow?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190805/e99b32de/attachment.htm>