Always Respond to NS record requests....
Paul Vixie
paul at redbarn.org
Mon Mar 23 19:52:35 UTC 2020
On Monday, 23 March 2020 13:53:03 UTC Amir A. via Unbound-users wrote:
> Hi,
>
> For our purposes we need a DNS server to always respond to NS record
> requests. The problem is subdomains seem not to have NS records created for
> them even if the root domain as an NS record created.
>
> Ideally
>
> 1. When a client asking for the NS record of a subdomain if it doesn't
> exist I want unbound to return the NS record of the APEX domain
>
> 2. If that doesn't work then at least return a static entry for any NS
> record request of ANY domain or subdomain
you seem to be asking for a protocol change. finding the closest enclosing NS
RRset is not something the local server can do without searching, and right
now the protocol expects that the client who needs that data will drive that
searching. one way to perform that searching is res_findzonecut():
http://cvsweb.netbsd.org/bsdweb.cgi/src/external/bsd/libbind/dist/resolv/
res_findzonecut.c?rev=1.1.1.1.14.1&content-type=text/x-cvsweb-markup
> The solution I have right now is:
>
> local-zone: domain.com typetransparent
> local-data: "app.domain.com ns 8.8.8.8"
>
> but that would require me to add an entry for every single "domain.com" and
> "app.domain.com"
>
> Anybody have a better solution?
teach your client how to drive the closest encloser discovery process.
--
Paul
More information about the Unbound-users
mailing list