Hi Simon,
This is as designed. Local data is used before any recursion.
What you want to do can be achieved by either a stub-zone
(https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#stub-zone-options;
redirecting to a nameserver with data for sub.dom.nl.) or an auth-zone
(https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#authority-zone-options;
Unbound will itself serve the zone) clause.
The auth-zone can be configured for both downstream (replying before
recursion) and upstream (using auth data in the recursion stage) with
'for-downstream:' and 'for-upstream:' respectively.
Best regards,
-- Yorgos
On 11/11/2022 10:56, Simon IJskes via Unbound-users wrote:
I've observed the following (in 1.13.1-1ubuntu5.2):
dns:
host1.dom.nl. CNAME host2.sub.dom.nl.
sub.dom.nl. NS ns.dom.nl.
ns.dom.nl:
host2.sub.dom.nl. A 1.2.3.4
config:
local-zone: "sub.dom.nl." transparent
local-data: "host2.sub.dom.nl. A 8.9.10.11"
when i query host1.dom.nl with dig i get:
;; ANSWER SECTION:
host1.dom.nl. CNAME host2.sub.dom.nl.
host2.sub.dom.nl. A 1.2.3.4
what i would have expected:
;; ANSWER SECTION:
host1.dom.nl. CNAME host2.sub.dom.nl.
host2.sub.dom.nl. A 8.9.10.11
It looks like the local-data 'intercept' only occurs on the query, and
not in the recursion stage.
Is this as designed? a bug? fixed already?
Thanks,
Simon
