forward-zone not working
John Schmerold
schmerold2 at gmail.com
Wed Nov 20 22:35:22 UTC 2019
I am using Unbound as a local resolver, using OpenDNS to filter
requests via: forward-zone: name: . forward-addr: 208.67.222.222
forward-addr: 208.67.220.220
When OpenDNS blocks a site, for example cporms.bankofamerica.com, I send
the TLD to Google like this:
forward-zone: name: bankofamerica.com forward-addr: 8.8.8.8
Everything works fine -- most of the time, however this morning I
couldn't resolve cporms.bankofamerica.com because the filter choked on
srip.net
C:\>dig +short cporms.bankofamerica.com
cporms-prod-2.eglobal2.bac.com.
cpo-sni-prodb.bankofamerica.com.srip.net.
srip677.globalredir.akadns.net.
a677.srip1.akasrip.net.f8e19fab.1.cn.akasripcn.net.
23.32.240.33
I ended up solving the problem by adding bac.com, srip.net, akadns.net &
akasripcn.net to my list of forward zones. Is there a way to tell
Unbound to let 8.8.8.8 handle the entire query in this situation?
My service.conf:
/server: verbosity: 3 directory: "c:\KatyComputer.com\Utility\unbound"
do-ip6: no logfile: unbound.log tls-win-cert: yes access-control:
127.0.0.0/8 allow access-control: 192.168.0.0/16 allow
remote-control: control-enable: no
server: auto-trust-anchor-file: root.key
forward-zone: name: bankofamerica.com forward-addr: 8.8.8.8
.
.
.
forward-zone: name: zyxel.com forward-addr: ///8.8.8.8/
forward-zone: name: . forward-addr: 208.67.222.222 forward-addr:
208.67.220.220/
/
/
--
John Schmerold
Katy Computer Systems, Inc
https://katycomputer.com
St Louis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20191120/83567301/attachment.htm>
More information about the Unbound-users
mailing list