On Mon, 26 Jun 2023 18:35:50 +0300
Michael Tokarev via Unbound-users <unbound-users@lists.nlnetlabs.nl>
wrote:
> Hello!
>
> I asked this question maybe 3 times in the past but the answer has
> always been about something else.
>
> The problem is that unbound does not work with any local data which
> contains CNAME records, no matter if it is local-data: or auth-zone:
> or anything else like this: once unbound hits CNAME, it does not
> expand it, so the client receives an answer which it can't handle.
It only works like you want if you use cache between clients and your
zone like this. Important thing here is "for-downstream: no".
auth-zone:
name: "example.com"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
primary: 172.27.5.3
zonefile: /var/lib/unbound/example.com.zone
stub-zone:
name: "example.com"
stub-address: 172.27.5.3
Hope this helps.
--
Tuomo Soini <t...@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
