On 11/22/22 14:43, Michael Tokarev via Unbound-users wrote:
22.11.2022 15:57, Petr Špaček via Unbound-users wrote:On 22. 11. 22 13:27, Michael Tokarev via Unbound-users wrote:For example, we've a domain and a few geographically-spread offices, each office is supposed to have its own proxy, email server, file server and stuff like that. This is also an AD DC domain. I thought about a single domain zone and local overrides for certain commonly used names. But once again faced this issue with unbound who is unable to resolve (expand) CNAMEs in local-data or somesuch. (Yes, I know there's another way, to give each office a subdomain with the local names specified there, and specify all other names in the main domain. But that doesn't work because windows machines always query in its AD Domain name first, and in DHCP-provided suffix next, - so I have to override this at the resolver level).
Did you try with RPZ instead of using local-data inside the config file? Both methods don't give exactly the same results with CNAMEs.
Also, don't forget that you cannot put a CNAME on top of a zone.
smime.p7s
Description: S/MIME Cryptographic Signature
