Maintained by: NLnet Labs

[Unbound-users] Issue while using override with local-data feature

Matthijs Mekking
Tue Dec 23 13:33:07 CET 2008

Hash: SHA1

Hi Marco,

Marco Davids wrote:
> Hello list,
> I ran into an interesting situation while using the local-data feature
> in Unbound.
> Here is the situation:
> There is a domain, let's say it is '', with a FQDN
> '', which is available from the entire Internet. It is
> served from
> There is also an override on my local Unbound-resolver:
> ''. This should only be locally served, obviously.
> In unbound.conf I configured:
> local-zone: "" transparent
> local-data: " A"
> Now, this works fine, with one exception:
> Many applications ask for AAAA-records nowadays. Indeed my application
> asks for 'AAAA'. In this case, Unbound (or rather
>, I guess) returns an NXDOMAIN. This is understandable,
> since there is no A record for '' under the ''
> at (there is only a local override in Unbound). But it is
> also an undesirable situation, since some resolvers run into problems
> and won't resolve the A record anymore:

More specifically, returns NXDOMAIN because it has no RR
record at all with the owner dname

Since the local-zone is set to transparant, unbound looks up the answer
locally first, and if it is not there, it performs the query. would then return NXDOMAIN.

> Wouldn't it be better if Unbound would change the NXDOMAIN answer from
> into a NOERROR when it has an A-record equivalent of the
> AAAA-question available? Or maybe a similar solution to prevent the
> problem described above?

I think indeed this might be useful in the transparent mode.

- - Matthijs
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -