On 3/24/11 9:12 PM, Steve Jenkins wrote: > > I can make it function with the following: > > local-zone: "local." static > local-data: "jim.local. IN A 123.456.78.910" > local-data: "doug.local. IN A 234.567.89.012" > local-data: "sally.local. IN A 345.678.90.123" Hello Steve,
please be aware that the use of a non-registered top level domain, esp. the top level domain ".local', can be problematic. The problem here is that if your network is attached to the Internet, any typo will leak out to the Internet root DNS Server system and will cause little traffic there. Having only one system doing this is not a big problem, but in total most of the traffic going to the root DNS Server system is such bogus traffic that should be avoided (there is also a security aspect in having private data leaking to the public Internet). This graph at http://dns.icann.org/cgi-bin/dsc-grapher.pl?window=86400&plot=qtype_vs_invalid_tld&server=L-root shows all the invalid TLD queries going to one of the root name servers (l.root-server.net). You see '.local' is very high in that list. The reason for this is that the '.local' TLD is used for a service called 'MulticastDNS' (http://www.multicastdns.org/). Multicast DNS is know as 'Bonjour/Rendezvous' on Apple MacOS X systems, and Avahi on Linux/Solaris and the BSD Unixes. It is also build into some hardware, such as Axis network cameras, Roku SoundBridges, TiVo PVR. It can also be installed on Windows systems. On these machines, any name lookup for a domain name will not send to the DNS system (the Unbound resolver) but will be resolved by the operating system using multicast DNS. So your use of '.local' will not work on these system. A much 'standard compliant' way would be to use a full DNS name in Unbound. If your official DNS domain is 'example.com', your can use in the Unbound configuration: local-zone: "example.com." static local-data: "jim.example.com. IN A 123.456.78.910" local-data: "doug.example.com. IN A 234.567.89.012" local-data: "sally.example.com. IN A 345.678.90.123" and then use the same trick Arni has suggested in the 'resolv.conf': * # cat /etc/resolv.conf search example.com nameserver 127.0.0.1 * If you down own your own domain, it is better to get one (domains are not expensive) and not to 'hijack' one (as you do not own '.local', using that TLD withour permission is kind of hijacking it). Best regards Carsten _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
