Hi Viktor, On 29/09/16 09:14, Viktor Dukhovni via Unbound-users wrote: > > I read that "stub-prime: yes" obtains the initial "NS" list from > the zone's parent as usual, but what happens after that? Is that > "NS" list effectively "frozen" for the life-time of the unbound(8) > server process, or does it get updated as the NS records change at > the zone apex?
Yes they are updated when their TTL expires. Much like the way that root hints are primed and updated. Best regards, Wouter > > The reason I ask is that when forwarding most queries to an > upstream cache: > > forward-zone: > name: "." > forward-addr: 192.0.2.1 > forward-first: yes > > it is tempting to handle exceptions via: > > stub-zone: > name: "example.net" > stub-prime: yes > > where queries for "example.net" are not forwarded upstream, but > instead go direct to the authority servers. However, what is not > clear from the documentation, is whether the NS RRset obtained via > "stub-prime: yes" is ever updated. The idea here is not to go to > some other set of servers that manually configured, but rather to > avoid indirect forwarding, so updates would in fact be wanted for > this to work. >
signature.asc
Description: OpenPGP digital signature
