providing CNAMEs for local data

Renaud Allard renaud at allard.it
Tue Nov 22 13:53:39 UTC 2022



On 11/22/22 14:43, Michael Tokarev via Unbound-users wrote:
> 22.11.2022 15:57, Petr Špaček via Unbound-users wrote:
>> On 22. 11. 22 13:27, Michael Tokarev via Unbound-users wrote:
>>> For example, we've a domain and a few geographically-spread
>>> offices, each office is supposed to have its own proxy, email
>>> server, file server and stuff like that.  This is also an
>>> AD DC domain.  I thought about a single domain zone and local
>>> overrides for certain commonly used names. But once again
>>> faced this issue with unbound who is unable to resolve
>>> (expand) CNAMEs in local-data or somesuch.
>>>
>>> (Yes, I know there's another way, to give each office a
>>> subdomain with the local names specified there, and specify
>>> all other names in the main domain. But that doesn't work
>>> because windows machines always query in its AD Domain
>>> name first, and in DHCP-provided suffix next, - so I have
>>> to override this at the resolver level).
>>

Did you try with RPZ instead of using local-data inside the config file? 
Both methods don't give exactly the same results with CNAMEs.
Also, don't forget that you cannot put a CNAME on top of a zone.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4484 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20221122/bc779d23/attachment.bin>


More information about the Unbound-users mailing list