Can we finally agree unbound does not work with local data or zones?
Tuomo Soini
tis at foobar.fi
Mon Jun 26 22:25:58 UTC 2023
On Mon, 26 Jun 2023 18:35:50 +0300
Michael Tokarev via Unbound-users <unbound-users at lists.nlnetlabs.nl>
wrote:
> Hello!
>
> I asked this question maybe 3 times in the past but the answer has
> always been about something else.
>
> The problem is that unbound does not work with any local data which
> contains CNAME records, no matter if it is local-data: or auth-zone:
> or anything else like this: once unbound hits CNAME, it does not
> expand it, so the client receives an answer which it can't handle.
It only works like you want if you use cache between clients and your
zone like this. Important thing here is "for-downstream: no".
auth-zone:
name: "example.com"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
primary: 172.27.5.3
zonefile: /var/lib/unbound/example.com.zone
stub-zone:
name: "example.com"
stub-address: 172.27.5.3
Hope this helps.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Unbound-users
mailing list