Unfortunately, I can't touch the client. I was looking for a more regexish solution but it seems I can't use wildcards or anything like:
> local-zone: .com typetransparent > local-data: "*.com ns 8.8.8.8" I saw some reference to using stub zones if I wanted regex or wildcards but I'm not sure I can do something like the override with a stub zone. If i even manage to create false NS entries via the stub zone then the actual lookups for that domain will be forwarded to that false (and probably incorrect NS) Guess, I am stuck with some sort of automation to deploy all the local data overrides i need... ________________________________ From: Paul Vixie <[email protected]> Sent: Monday, March 23, 2020 3:52 PM To: [email protected] <[email protected]> Cc: Amir A. <[email protected]> Subject: Re: Always Respond to NS record requests.... On Monday, 23 March 2020 13:53:03 UTC Amir A. via Unbound-users wrote: > Hi, > > For our purposes we need a DNS server to always respond to NS record > requests. The problem is subdomains seem not to have NS records created for > them even if the root domain as an NS record created. > > Ideally > > 1. When a client asking for the NS record of a subdomain if it doesn't > exist I want unbound to return the NS record of the APEX domain > > 2. If that doesn't work then at least return a static entry for any NS > record request of ANY domain or subdomain you seem to be asking for a protocol change. finding the closest enclosing NS RRset is not something the local server can do without searching, and right now the protocol expects that the client who needs that data will drive that searching. one way to perform that searching is res_findzonecut(): http://cvsweb.netbsd.org/bsdweb.cgi/src/external/bsd/libbind/dist/resolv/ res_findzonecut.c?rev=1.1.1.1.14.1&content-type=text/x-cvsweb-markup > The solution I have right now is: > > local-zone: domain.com typetransparent > local-data: "app.domain.com ns 8.8.8.8" > > but that would require me to add an entry for every single "domain.com" and > "app.domain.com" > > Anybody have a better solution? teach your client how to drive the closest encloser discovery process. -- Paul
