Hi Yogesh, On 23-01-19 06:15, Yogesh Sharma via Unbound-users wrote: > I am able to test 2nd scenario and all resolution will be done by dns > server as mentioned in name: "." (dot). Can some please guide how can we > route few zones to specific dns server and rest all to google dns.
The most specific match will be used. So in your example all queries except example.com, example.org and its subdomains will go to the "." forward-zone. > > However, first one is still a problem, when I am using > > forward-zone: > name: "." > forward-addr: 127.0.0.1@5353 > > it appends search string from resolv.conf. > > Eg: is search string is internal.localhost then All example.com > <http://example.com> name is changing to example.com.internal.localhost. This is done by the client querying Unbound. Unbound itself does not use your resolv.conf. > > if I put example.com <http://example.com>. (dot at the end) then it > return server fail. Check your Unbound logs to see why it is a SERVFAIL. My first guess is that this is because your zone does not DNSSEC validate. In that case you might want to have a look at the domain-insecure configuration option. -- Ralph > > > /Thanks & Regards, > > Yogesh Sharma > / > > > On Wed, Jan 23, 2019 at 9:48 AM Yogesh Sharma <[email protected] > <mailto:[email protected]>> wrote: > > Hi , > > Any suggestion. > > /Thanks & Regards, > > Yogesh Sharma | [email protected] <mailto:[email protected]> | > LinkedIn <http://linkedin.com/in/yks0000> | Portal > <https://yogeshsharma.me/> > / > > > On Tue, Jan 22, 2019 at 11:44 PM Yogesh Sharma <[email protected] > <mailto:[email protected]>> wrote: > > Hi Team, > > I am new to Unbound and need some help. > > I need to forward all of request to local dnsmasq running on > 127.0.0.1@5353. > > Once I do that, I see all lookup are suffixed with search string > as present in /etc/resolv.conf and return server fail. If I do > resolve by explicitly putting "." (dot) at the end, even though > I get server fail. > > > Version: 1.6.6 > > Config: > > > server: > verbosity: 1 > username: root > interface: 127.0.0.1 > port: 53 > chroot: "" > do-ip4: yes > do-udp: yes > do-tcp: yes > hide-identity: yes > hide-version: yes > msg-cache-size: 50m > msg-cache-slabs: 4 > rrset-cache-size: 100m > rrset-cache-slabs: 4 > cache-min-ttl: 300 > cache-max-negative-ttl: 300 > access-control: 0.0.0.0/0 <http://0.0.0.0/0> allow > logfile: "/var/log/unbound/unbound.log" > log-identity: root > log-queries: yes > log-replies: yes > pidfile: "/var/log/unbound/unbound.pid" > prefetch: yes > > forward-zone: > name: "." > forward-addr: 127.0.0.1@5353 > > > > 2nd Question: > > considering below forward-zone configuration, will all of name > lookup will be forwarded to open dns servers > (208.67.222.222/208.67.220.220 > <http://208.67.222.222/208.67.220.220>) or it will send only > those name server which are not part of example.com > <http://example.com> and example.org <http://example.org> > > forward-zone: > name: "." > forward-addr: 208.67.222.222 > forward-addr: 208.67.220.220 > > forward-zone: > name: "example.com <http://example.com>" > forward-addr: 8.8.8.8 > > forward-zone: > name: "example.org <http://example.org>" > forward-addr: 8.8.4.4 > > > Thanks for help. > > > > /Thanks & Regards, > > Yogesh Sharma > / >
