Re: Query forwarding

[Dave Warren via Unbound-users]

On 2016-01-18 03:28, Havard Eidnes via Unbound-users wrote: I'm trying to figure out how unbound can be configured to behave with respect to query forwarding. In unbound.conf(5) I find this particular gem: forward-first: <yes or no> If enabled, a query is attempted without the forward clause if it fails. The data could not be retrieved and would have caused SERVFAIL because the servers are unreachable, instead it is tried without this clause. The default is no. Oddly this was perfectly clear to me when I first read it, but on each subsequent re-read, I find myself re-parsing the words and second-guessing :) With forward-first: no, Unbound will forward a query as configured for this zone, and if it ultimately reaches SERVFAIL state, that's what it returns to the client. With forward-first: yes, Unbound will forward a query and if it ultimately reaches SERVFAIL state, it will fall back on resolving via the default method as though there were no forwarding clause at all. However, only SERVFAIL will cause default resolution methods to be used, a NXDOMAIN or other no answer situations will be returned without further lookups. This can be useful if you wanted to, for example, forward a particular zone within a VPN if the VPN is up, but you still want to resolve via normal resolution (recursion, forwarding, whatever) if the VPN based authoritative servers are not available. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren