Hi again, On Oct 23, 2012, at 12:17 , Kapetanakis Giannis wrote:
> On 23/10/12 12:56, Johan Ihrén wrote: >> I think you need to be significantly more specific in what you're doing here. >> >> You have an external version of "example.com", presumably with nameservers >> on the public Internet. >> >> You also have an internal version of "example.com", presumably with >> nameservers on the inside, specifically 10.0.0.10. >> >> Which zone file is it that contains "external authoritative DNS servers as >> well"? >> >> And if you're using views (apart from the "God help you"-part), then you >> need to explain that, including your matching rules and what it is that >> you're trying to achieve. >> >> Regards, >> >> Johan (firm believer in "DNS should be kept simple") > > You're right about the views. The views are on BIND (authoritative) and have > different data for external clients. > > What I really want is my internal users to use unbound servers with the > following options: > > a) unbound should forward all requests for local zones (*.example.com, > 123.123.x.x, 10.x.x.x) to local authoritative servers (BIND) Yes, I get that. However, I'd strongly advise that you don't call that to "forward". "Forwarding" is something you implement with "forward-zone:", which is distinctly different from what you do with a "stub-zone:". Forwarding by definition is one recursive server forwarding a query to another recursive server. That's not what's happening when you're using stub-zone:, which is basically pre-loading the cache with static entries for the nameservers of a particular zone. > b) the local zones should not be cached on the unbound because I want the > updates to be automatically propagated. This is yet another requirement. However, let's ignore that for the moment, as that's orthogonal to the issue of your stubs. > In another similar setup (but with bind only) the the caching server is also > secondary for each zone, but is not listed in the NS records. Yeah, I know that's a popular party trick, but let's not go there as this is the Unbound-list. However, you never answered my question: Which zone file is it that contains "external authoritative DNS servers as well"? Regards, Johan _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
