unbound becomes stale after transport interface flap

2021-04-05 Thread Zeus Panchenko via Unbound-users 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

hi

I experience pretty same behavior of unbound: often it becomes stale after
transport interface flap

In my VPN I have DNS server which serves local zones.

For clients I configure unbound to forward requests for those zones to
that DNS server, and when VPN interface flaps of re-keying occures,
unbound misbehaves and nothing valuable appears in log files


so, please advise, where to look at?


- ---[ unbound.conf quotation start ]---
domain-insecure: "abc."
...

private-domain: "abc."
...

local-zone: "abc." transparent
...

include: /var/unbound/conf.d/*.conf
- ---[ unbound.conf quotation end   ]---

- ---[ conf.d/stub-zones.core.conf quotation start ]
stub-zone:
name: "abc."
stub-addr: 1.2.3.4
stub-prime: yes

stub-zone:
...
- ---[ conf.d/stub-zones.core.conf quotation end   ]

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCYGr+gAAKCRCveOk+D/ej
KumZAKCT7+uaGIG09Lj0i6NvAEJApWNJZACg7vBh+uve4tCWu6sbfCq4tGAP3PI=
=Lb31
-END PGP SIGNATURE-

[Q] is there way to configure stub-zone "recursively"?

2019-08-11 Thread Zeus Panchenko via Unbound-users 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


greetings,

please, advise

can stub-zone, somehow be configured to query "recursively" all subzones
for the one single zone configured?

I was successful to configure my VPN client unbound, to use nameserver
on the central office, but it was necessary to configure each subzone
separately ...

Current, working, configuration is bellow, but can I shorten
configuration to not to configure each sub zone?

===[ unbound/unbound.conf quotation start 
]===
domain-insecure: "10.in-addr.arpa."
domain-insecure: "lan."

private-domain: "10.in-addr.arpa."
private-domain: "lan."

local-zone: "10.in-addr.arpa." transparent
local-zone: "lan." transparent
===[ unbound/unbound.conf quotation end   
]===


===[ unbound/conf.d/stub-zones.conf quotation start 
]=
# net: 10.123.0.0/24
stub-zone:
 name: "lan."
 stub-addr: 10.0.0.111
 stub-prime: yes

# net: 10.123.1.0/24
stub-zone:
 name: "office1.lan."
 stub-addr: 10.0.0.111
 stub-prime: yes

# net: 10.123.2.0/24
stub-zone:
 name: "office2.lan."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "0.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "1.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
 
stub-zone:
 name: "2.123.10.in-addr.arpa."
 stub-addr: 10.0.0.111
 stub-prime: yes
===[ unbound/conf.d/stub-zones.conf quotation end   
]=

- -- 
Zeus V. Panchenko   jid:z...@im.ibs.dn.ua
IT Dpt., I.B.S. LLC   GMT+2 (EET)
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCXVD8zQAKCRCveOk+D/ej
KtntAJ4rEIotzfGV9aIE7KDvz4uzoToILQCggUGBiZ/Wc7eK2XXZ9UXQCpmJM18=
=ULgg
-END PGP SIGNATURE-