Hello list, I ran into an interesting situation while using the local-data feature in Unbound.
Here is the situation: There is a domain, let's say it is 'domain.nl', with a FQDN 'www.domain.nl', which is available from the entire Internet. It is served from ns.example.com. There is also an override on my local Unbound-resolver: 'intra.domain.nl'. This should only be locally served, obviously. In unbound.conf I configured: local-zone: "domain.nl." transparent local-data: "intra.domain.nl A 192.168.1.1" Now, this works fine, with one exception: Many applications ask for AAAA-records nowadays. Indeed my application asks for 'AAAA intra.domain.nl'. In this case, Unbound (or rather ns.example.com, I guess) returns an NXDOMAIN. This is understandable, since there is no A record for 'intra.domain.nl' under the 'domain.nl' at ns.example.com (there is only a local override in Unbound). But it is also an undesirable situation, since some resolvers run into problems and won't resolve the A record anymore: http://support.microsoft.com/kb/815768 Wouldn't it be better if Unbound would change the NXDOMAIN answer from ns.example.com into a NOERROR when it has an A-record equivalent of the AAAA-question available? Or maybe a similar solution to prevent the problem described above? I think I had found a workaround by adding this in unbound.conf: local-data: "intra.domain.nl AAAA" An empty AAAA record. This results in the desired NOERROR answer, but instead of the ANSWER: being 0, it is 1: ; <<>> DiG 9.5.0-P2 <<>> AAAA intra.domain.nl ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7651 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;intra.domain.nl. IN AAAA (This worked for Unbound 1.0, but Unbound 1.1 fails to start when I try this workaround) Regards, -- Marco Davids _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
