Hi Yuri, On 18/10/13 13:22, Yuri Schaeffer wrote: > Hi Pieter, > > So if I read your question correctly you have > - An authority server which has no delegation towards it. > - your zone's NS records point to your unbound instance > >> However, I cannot find a way to expose *just* my stub-zone to the world, >> without allowing global recursion at the same time. > > I just tried the following: > > server: > ... > local-zone: . refuse > local-zone: unbound.net transparent > ... > > forward-zone: > name: "unbound.net" > forward-addr: 213.154.224.48 > forward-addr: 213.154.224.1 > > This would refuse any query not in the unbound.net zone. Does this work > for you?
Your example using a forward-zone works just fine, but I tried a stub-zone instead of a forward-zone, and ran into a segfault with that. See https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=528 I chose a stub zone since I have authoritative data and the docs mention: "If you need more complicated authoritative data [...] setup a sub-zone for it [...]." What is valid reasoning to choose between a forward and stub zone statement in my case? PS. The experimental server in question is here: http://github.com/skion/junkdns/. It basically looks up publicsuffix.org extensions at the moment. - Pieter _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
