-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Marco,
Marco Davids wrote: > Hello list, > > I ran into an interesting situation while using the local-data feature > in Unbound. > > Here is the situation: > > There is a domain, let's say it is 'domain.nl', with a FQDN > 'www.domain.nl', which is available from the entire Internet. It is > served from ns.example.com. > > There is also an override on my local Unbound-resolver: > 'intra.domain.nl'. This should only be locally served, obviously. > > In unbound.conf I configured: > > local-zone: "domain.nl." transparent > local-data: "intra.domain.nl A 192.168.1.1" > > Now, this works fine, with one exception: > > Many applications ask for AAAA-records nowadays. Indeed my application > asks for 'AAAA intra.domain.nl'. In this case, Unbound (or rather > ns.example.com, I guess) returns an NXDOMAIN. This is understandable, > since there is no A record for 'intra.domain.nl' under the 'domain.nl' > at ns.example.com (there is only a local override in Unbound). But it is > also an undesirable situation, since some resolvers run into problems > and won't resolve the A record anymore: > http://support.microsoft.com/kb/815768 More specifically, ns.example.com returns NXDOMAIN because it has no RR record at all with the owner dname intra.domain.nl. Since the local-zone is set to transparant, unbound looks up the answer locally first, and if it is not there, it performs the query. ns.example.com would then return NXDOMAIN. > Wouldn't it be better if Unbound would change the NXDOMAIN answer from > ns.example.com into a NOERROR when it has an A-record equivalent of the > AAAA-question available? Or maybe a similar solution to prevent the > problem described above? I think indeed this might be useful in the transparent mode. - - Matthijs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJUNqDIXqNzxRs6egRAl0CAJ9/I3pmh6kbQOTGcQGAfNvqi7XOUgCePXKB OgbCrtNczH6zmWuirRp0unM= =lgB7 -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
