I have deployed unbound with secondary zones fetched by HTTP:
auth-zone:
name: "svc.example.net"
allow-notify: 0.0.0.0/0
for-downstream: no
fallback-enabled: no
zonefile: "/var/lib/unbound/zones/svc.example.net.zone"
url: http://factory.lan/lady/ops/domains/svc.example.net.zone
When unbound receives a NOTIFY it logs:
unbound: [269402:0] error: svc.example.net.: failed lookup, cannot transfer
from master factory.lan
My problem:
* I cannot set it by IP as the the web service may not have a
fixed/available IP from a fixed, known pool.
* I need to use a name as the HTTP server needs to match the HTTP host
header to reply with proper content (the zone)
To try to workarround this I tried (unsuccessfully) to add the info as
local-data pointing to the IPs that host the service:
local-zone: "factory.lan" redirect
local-data: "factory.lan A 192.168.0.246"
local-data: "factory.lan A 192.168.0.247"
local-data: "factory.lan A 192.168.0.248"
local-data: "factory.lan A 192.168.0.249"
local-data: "factory.lan A 192.168.0.250"
I can query unbound for 'factory.lan' and it gives proper response:
; <<>> DiG 9.18.1-1ubuntu1.3-Ubuntu <<>> factory.lan @nsserver.example.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64423
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;factory.lan. IN A
;; ANSWER SECTION:
factory.lan. 3600 IN A 192.168.0.246
factory.lan. 3600 IN A 192.168.0.247
factory.lan. 3600 IN A 192.168.0.248
factory.lan. 3600 IN A 192.168.0.249
factory.lan. 3600 IN A 192.168.0.250
;; Query time: 4 msec
;; SERVER: 192.168.0.218#53(nsserver.example.net) (UDP)
;; WHEN: Wed Mar 01 12:49:12 CET 2023
;; MSG SIZE rcvd: 120
But don't use that info to fetch the master zone, still complaining about
lookup failure..
Any hints or what I'm doing wrong?
