Am 05.06.2018 um 09:29 schrieb W.C.A. Wijngaards:
Hi Harry,
On 05/06/18 09:23, Harry Schmalzbauer wrote:
Am 04.06.2018 um 14:07 schrieb W.C.A. Wijngaards via Unbound-users:
Hi,
Unbound 1.7.2rc1 pre-release is available:
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz
sha256 561c33f80b757820e3bd632cd339673da84a71dbb6328d124324db2c63a7f833
pgp
https://www.nlnetlabs.nl/downloads/unbound/unbound-1.7.2rc1.tar.gz.asc
Hello,
me again, again regarding auth-zones:
I'm running 1.7.2rc1 on FreeBSD11.2/adm64 and can confirm that the
NOTIFY-dedlock vanished.
But CNAME records aren't resolved as soon as the record comes from
auth-zone:.
Other problems keep me from thinking/researching, but as far as I know,
the authoritative server has to return the CANME results alsong with the
record, correct?
Yes, but only if you set for-downstream: no and for-upstream: yes.
With for-downstream, if that was enabled, then unbound responds with the
authority response to the downstream client, and that response does not
contain the CNAME result (in fact Unbound includes CNAME results, but
Hello Wouter,
thanks a lot for your quick help.
Pilot error here: I had for-downstream: yes (and for-upstream: yes).
Sorry for the noise, will need some time to have a closer look at those
two options and their meaning.
Your hints are very helpful, but I'm unsure what I want right now ;-)
only if it is from the same auth-zone). The for-upstream: yes makes
unbound resolve CNAMEs, and pick information from the auth-zone where
necessary.
If the config that is used has these settings, then I would be
interested in some more information. What CNAME and so? How to
reproduce or perhaps a simple verbosity 4 log of what is happening.
Will drop a note as soon as I had time to play with that, but I guess
everything is working like designed, it's just a configuration error on
my side.
Thanks,
-Harry
