Stub-zone behavior

Laert Klemo k.laert at
Thu Feb 28 15:03:49 UTC 2019


i have a situation with a stub zone domain.

this domain is public also the same is used for local AD.

i have unbound configured to serve local users:
forward-zone: "." to ISP dns
stub-zone "" to our internal authoritative server (AD/DC)

also put local-domain in server section.

everything works fine during the time that the AD/DC server is reachable
from Unbound.
all are returned their internal IP 192.168.X.X

although i noticed when Unbound can not connect with AD/DC server
the resolved IP for return their public IP (the one that
have one, like mail.www. etc)

is this normal ?

is there any way to prevent Unbound looking up in forward zone for and to give fail or nx in case is not able to get response from
the stub-zone server i have appointed.

thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Unbound-users mailing list