auth-zone for-downstream?

Michael Tokarev mjt at
Tue May 16 13:32:04 UTC 2023


What is the purpose of turning this setting off?

   name: "x"
   for-downstream: no

With this, the zone is loaded from master/primary, but
the queries for it are answered using other means, for
example using configured global forwarders.

What is the reason to load the zone but not using it?

With the default for-downstream: yes, unbound does not
return CNAMEs pointing outside of this zone.

Or maybe put it this way: what is a way to make it return
complete answers for queries against CNAMEs in locally
configured zones? local-data does not work, apparently
auth-zone does not work too...



More information about the Unbound-users mailing list