CNAMEs not going through view

Jan Palus jpalus+unbound at fastmail.com
Tue Dec 28 12:07:48 UTC 2021 

On 27.12.2021 18:55, George Thessalonikefs via Unbound-users wrote:
> Hi Jan,
> 
> It is not clear to me how you have set up Unbound.
> Can you provide a configuration snippet of how things look currently?
> 
> Just to note from what you said that you can't combine the global local data
> with view local data.
> 
> If there is a local zone from a view then that is used. If there is no zone
> in the view and view-first is enabled, then Unbound will look for the zone
> in the global local data.

To express what I meant with sample relevant parts of config:

unbound.conf:

server:
        access-control-view: 127.0.0.0/8 vpn
   
auth-zone:
        name: "example.com"
        for-downstream: yes
        for-upstream: yes
        zonefile: "/etc/unbound/example.zone"

view:
        name: "vpn"
        local-data: "server.example.com A 2.2.2.2"
        view-first: yes

example.zone:

$ORIGIN example.com.
$TTL 3600
alias IN CNAME server
server IN A 1.1.1.1

What I would like to achieve is to have same IP (2.2.2.2) for both following
queries:

$ nslookup server.example.com 127.0.0.1
Server:127.0.0.1
Address:127.0.0.1#53

Name:server.example.com
Address: 2.2.2.2

$ nslookup alias.example.com 127.0.0.1
Server:127.0.0.1
Address:127.0.0.1#53

alias.example.com canonical name = server.example.com.
Name:server.example.com
Address: 1.1.1.1

So when resolving alias.example.com to server.example.com I would like
server.example.com to pass through view which does not seem to be the case.

> Best regards,
> -- George
> 
> On 20/12/2021 20:02, Jan Palus via Unbound-users wrote:
> > Hi,
> > 
> > I have an unbound instance that serves as DNS for small local network
> > (let's assume it's example.com domain). One of the servers (let's call
> > it server) is accessed by either IPLAN or by IPVPN depending on what's
> > the source of a query. The IP is changed with view for
> > server.example.com however other CNAMEs in zone file do not seem to go
> > through that view. So ie if I have an "alias IN CNAME server", then
> > alias.example.com resolves to IPLAN despite query coming from VPN. Is
> > there a way to make CNAMEs resolutions go through view as well?
> > 
> > Regards
> > Jan

More information about the Unbound-users mailing list