Hello! Here is me again with the same (well, almost) question.
Why CNAMEs does not work in local-data? I mean, unbound recognizes them and returns them, but it does not expand them. A stub resolver, when asked for an A record, expects the returned CNAME record(s) to be expanded to the final A record, it does not expect to repeat the query with a new name (the one which CNAME points to). What's the issue with recursive expanding CNAMEs in local-data? And lacking that, what's the other way to configure site- or location-specific overrides for certain names, which should be CNAMEs (A records don't work due to Kerberos SPNs). For example, we've a domain and a few geographically-spread offices, each office is supposed to have its own proxy, email server, file server and stuff like that. This is also an AD DC domain. I thought about a single domain zone and local overrides for certain commonly used names. But once again faced this issue with unbound who is unable to resolve (expand) CNAMEs in local-data or somesuch. (Yes, I know there's another way, to give each office a subdomain with the local names specified there, and specify all other names in the main domain. But that doesn't work because windows machines always query in its AD Domain name first, and in DHCP-provided suffix next, - so I have to override this at the resolver level). Why can't unbound expand CNAMEs in local-data? Thanks! /mjt