intercept RR during recursion (v2, typos fixed)
George (Yorgos) Thessalonikefs
george at nlnetlabs.nl
Fri Nov 11 11:44:55 UTC 2022
Hi Simon,
This is as designed. Local data is used before any recursion.
What you want to do can be achieved by either a stub-zone
(https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#stub-zone-options;
redirecting to a nameserver with data for sub.dom.nl.) or an auth-zone
(https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#authority-zone-options;
Unbound will itself serve the zone) clause.
The auth-zone can be configured for both downstream (replying before
recursion) and upstream (using auth data in the recursion stage) with
'for-downstream:' and 'for-upstream:' respectively.
Best regards,
-- Yorgos
On 11/11/2022 10:56, Simon IJskes via Unbound-users wrote:
> I've observed the following (in 1.13.1-1ubuntu5.2):
>
>
> dns:
>
> host1.dom.nl. CNAME host2.sub.dom.nl.
> sub.dom.nl. NS ns.dom.nl.
>
> ns.dom.nl:
>
> host2.sub.dom.nl. A 1.2.3.4
>
>
> config:
>
> local-zone: "sub.dom.nl." transparent
> local-data: "host2.sub.dom.nl. A 8.9.10.11"
>
>
> when i query host1.dom.nl with dig i get:
>
> ;; ANSWER SECTION:
> host1.dom.nl. CNAME host2.sub.dom.nl.
> host2.sub.dom.nl. A 1.2.3.4
>
> what i would have expected:
>
> ;; ANSWER SECTION:
> host1.dom.nl. CNAME host2.sub.dom.nl.
> host2.sub.dom.nl. A 8.9.10.11
>
> It looks like the local-data 'intercept' only occurs on the query, and
> not in the recursion stage.
>
> Is this as designed? a bug? fixed already?
>
> Thanks,
>
> Simon
>
More information about the Unbound-users
mailing list