Use FQDN name in auth-zone url

Marc Franquesa marc.franquesa at gmail.com
Wed Mar 1 18:44:05 UTC 2023 

I have deployed unbound with secondary zones fetched by HTTP:

auth-zone:
    name: "svc.example.net"
    allow-notify: 0.0.0.0/0
    for-downstream: no
    fallback-enabled: no
    zonefile: "/var/lib/unbound/zones/svc.example.net.zone"
    url: http://factory.lan/lady/ops/domains/svc.example.net.zone

When unbound receives a NOTIFY it logs:

unbound: [269402:0] error: svc.example.net.: failed lookup, cannot transfer
from master factory.lan

My problem:
* I cannot set it by IP as the the web service may not have a
fixed/available IP from a fixed, known pool.
* I need to use a name as the HTTP server needs to match the HTTP host
header to reply with proper content (the zone)

To try to workarround this I tried (unsuccessfully) to add the info as
local-data pointing to the IPs that host the service:

    local-zone: "factory.lan" redirect
    local-data: "factory.lan A 192.168.0.246"
    local-data: "factory.lan A 192.168.0.247"
    local-data: "factory.lan A 192.168.0.248"
    local-data: "factory.lan A 192.168.0.249"
    local-data: "factory.lan A 192.168.0.250"

I can query unbound for 'factory.lan' and it gives proper response:

; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> factory.lan @nsserver.example.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64423
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;factory.lan. IN A

;; ANSWER SECTION:
factory.lan. 3600 IN A 192.168.0.246
factory.lan. 3600 IN A 192.168.0.247
factory.lan. 3600 IN A 192.168.0.248
factory.lan. 3600 IN A 192.168.0.249
factory.lan. 3600 IN A 192.168.0.250

;; Query time: 4 msec
;; SERVER: 192.168.0.218#53(nsserver.example.net) (UDP)
;; WHEN: Wed Mar 01 12:49:12 CET 2023
;; MSG SIZE  rcvd: 120

But don't use that info to fetch the master zone, still complaining about
lookup failure..


Any hints or what I'm doing wrong?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20230301/ed8be47d/attachment.htm>

More information about the Unbound-users mailing list