unbound behind NAT: Unbound must forward to a more capable name server

Felipe Gasper felipe at felipegasper.com
Thu Nov 28 15:12:20 UTC 2019

> Le 28 nov. 2019 à 09:39, John Levine via Unbound-users <unbound-users at nlnetlabs.nl> a écrit :
> In article <801702592.4201244.1574944721522 at mail.yahoo.com> you write:
>> -=-=-=-=-=-
>> My understanding is that unbound can not do fully-recursive resolves.
>> It requires a name server that is able to query the root name servers, ...
> You are mistaken.  Unbound is a recursive resolver which can query the
> root and other authoritative zones just fine.  It also works on networks
> behind NAT.  If it didn't, I wouldn't be able to send this message.

Re NAT: It’ll work for resolutions that don’t require loopback, but if an authoritative nameserver is behind the same NAT, Unbound apparently requires loopback NAT in order to query that nameserver’s domains because there’s no way to teach the resolver to do NAT translation via unbound.conf.


