Is it possible to tell unbound not to use forwarders only for some specific domains?

Gerben Wierda gerben.wierda at
Sat Dec 28 17:13:23 UTC 2019

I am using unbound and rspamd.

Unbound is configured as follows (snippet)

        name: "."
        # Quad9 phising/malware site blocking DNS
        # Quad9 2nd DNS
        # Fallback if Quad9 is out: Google:
        # forward-addr:

It seems that rspamd doesn’t like that, because the DNS masters for and apparently do not like getting a DNS query forwarded from public DNS servers. Which produces errors like:

2019-12-28 17:47:20 #16267(controller) <gp88ff>; monitored; rspamd_monitored_dns_cb: DNS query blocked on ( returned), possibly due to high volume
2019-12-28 17:47:20 #16267(controller) <k7m6sm>; monitored; rspamd_monitored_dns_cb: DNS reply returned 'no error' for while 'no records with this name' was expected when querying for ''(likely DNS spoofing or BL internal issues)

which breaks rspamd I think

So, I think (not sure) that I am supposed not to use a forwarder to a public DNS provider with rspamd. But that would mean I lose the advantage of Quad9. Hence, I was thinking that I m,ight need to tell unbound an exception for these domains, sidestepping the forwarding. Is that possible? (Does it solve my issue? I don’t know but I’d like to try).

Gerben Wierda
Chess and the Art of Enterprise Architecture <>
Mastering ArchiMate <>
Architecture for Real Enterprises <> at InfoWorld
On Slippery Ice <> at EAPJ

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list