Hi folks,
Apparently, if a forward zone is added to Unbound, the servers defined
in that statement must support recursion to other name servers,
although I assume that's only the case if the zone includes glue
records.
Originally, my idea was to follow best practices and disable recursion
on our (internal) authoritative name servers, while keeping the number
of forward zones in the Unbound configuration to a minimum, hoping
that Unbound would follow the glue records to the correct name servers
and resolve all of the client queries anyway. But, now it looks like
that boat was never going to sail. Strange, because Unbound does does
do this kind of recursion for names out on the Internet.
Can anyone explain why Unbound has this limitation? Is it the same for BIND?
Thanks,
Jaap
