On 2021-07-13 03:42, Luiz Fernando Softov via Unbound-users wrote:
I was trying to use auth-zone and I succeeded in getting it running.
Simple example.com and in-addr.arpa zones.
Then I used ldns-keygen, ldns-signzone and created signed zones.
When I was trying to transfer the zone I figured out that unbound don't do
AXFR or IXFR.
In the doc
If you point it at another Unbound instance, it would not work
because that does not support AXFR/IXFR for the zone, but if you
used url: to download the zonefile as a text file from a web-
server that would work.
Is there any reason for this working that way?
Unbound was written for the same people* that write NSD, correct?
Even the same lib LDNS is present in the code.
ps. a long time since 1.7.1 was released, I needed to compile the develop
branch (1.7.2), since there are a lot of corrections, leak stuff, ...)
Unbound already has auth-zone, update using http :O, why don't AXFR and
IXFR?
XFR also provides security, best I know.
Is this related with no time to code? A software design?
Are There plans support XFR?
I can try to code and make a Pull Request?
Or is there some other reason, and this can't be done?
I want to just use unbound, don't want to use nsd or bind with stub.
If I understand your questions correctly. I think you misunderstood unbound'
purpose.
Unbound, altho it runs as a service, is more a Client. Much the same as your
web browser is a web client, not a web server. It searches and looks at web
pages.
It doesn't create or serve them. It's much the same with Unbound. While you
could
technically dump the query chain from the query log to a zone file. It's not
it's
intent to this sort of thing. What you're asking about is more the function
of an
authoritative name server, not a recursive server (client).
HTH
--Chris
