Hello unbound-users,
I am tackling with a problem where I want Unbound to be an authoritative nameserver for a zone, but only for specific records.
There is a public domain registered by somebody on the Internet. Let's say "example.com".
I need my Unbound server to be partially authoritative for the zone "example.com" for my internal client servers.
I want Unbound to serve the following records to my internal client servers whenever they ask for them.
- test1.example.com. A 192.168.0.1
- test2.example.com. A 192.168.0.2
- test3.example.com. A 192.168.0.3
Whenever a query arrives for a different record (Let's say "www.example.com") then I want Unbound to do the normal DNS recursive resolving process on the Internet.
I want to do this via the auth-zone section in Unbound because I already have the "example.com" zone on an NSD Authoritative DNS server. I successfully perform a zone transfer between Unbound and NSD for this particular zone and Unbound has those 3 records and provides answers for them. However, whenever I try to query it for "www.example.com" it doesn't want to do the normal DNS recursive resolving process on the Internet and doesn't return an answer.
auth-zone:
name: example.com
master: <<My_Master>>
allow-notify: <<My_Master>>
fallback-enabled: yes
for-downstream: no
for-upstream: yes
I tried all combinations of (fallback-enabled,for-downstream,for-upstream) and none of them work.
Any ideas ?
OS: CentOS 7.6
Unbound version: 1.9.0
