Maintained by: NLnet Labs

[Unbound-users] Can't get CNAME entries to resolve

M. David Peterson
Wed Mar 4 00:30:08 CET 2009

Hi Michael:

On Tue, Mar 3, 2009 at 12:34 AM, Michael Tokarev <mjt at> wrote:

> Unbound is a recursive resolver.  Its local data support is really
> rudimentary -- it can return whatever RRs you configured in local-data
> statements matching the query, without any attempt to interpret that
> data.  But CNAME requires interpretation -- because a recursive
> nameserver should return expansion of the CNAME record too, not only
> the CNAME itself.

Doh! It's funny how easy it can be to skip over the obvious w/o giving
second thought. Thanks for putting me back on track!

> That's why documentation says about stub zone.  The idea is to have
> real authoritative nameserver nearby which can store all the data,
> and unbound is able to query it and any other nameserver to construct
> the full set.

Right, which now makes sense as to what the documentation is referring to.

> In other words, you have to remove all your local-data
> statements and delegate the work to a nameserver which can store and
> return authoritative data, such as nsd or bind.
> Funny enough, but for unbound it's easier to query some external
> nameserver than to return local data... ;)

Well, the fact that it's easy to query an external NS is a plus! :-)

>> local-zone: " <>." static
>>        local-data: " <>. 86400 IN NS
> And c'mon, please, pretty please, get some less crappy mail user
> agent (MUA), -- the one which does not mangle your email like that,
> stupidly treating just everything like an URL!..

Blck! Didn't realize this was happening. Damn it, Google Apps!  ;-)  Thanks
for bringing this to my attention!


M. David Peterson
Co-Founder & Chief Architect, 3rd&Urban, LLC
Email: m.david at | m.david at
Mobile: (206) 999-0588 | | |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>