Maintained by: NLnet Labs

[Unbound-users] Can't get CNAME entries to resolve

M. David Peterson
Wed Mar 4 00:34:35 CET 2009

On Tue, Mar 3, 2009 at 1:13 AM, W.C.A. Wijngaards <wouter at>wrote:

> What you are running into is the fact that Unbound is not designed to be
> a full-featured *authoritative* DNS server.  It is a full featured
> *recursive* DNS server.

Yeah, I should have spent that extra five seconds to think through things a
bit before sending my query to the list. That said, you folks have been
/more/ than generous with your time. Thanks!

How to make the stub thing work.
> The idea is to use another server to be the authoritative server.  Such
> as NSD (the authoritative server made by NLnet Labs which has similar
> high performance).  You run NSD on port: 10053 with the
> zone.  NSD is a good authoritative server for CNAME, DNSSEC, NSEC3, ...
> Then you provide unbound with a stub zone
> stub-zone:
>        name: ""
>        stub-addr: at 10053
> You can also run the NSD server on a different computer, of course.

I wasn't aware of the existence of NSD before now. Thanks for bringing it to
my attention and for providing the above example! Will try both now.

M. David Peterson
Co-Founder & Chief Architect, 3rd&Urban, LLC
Email: m.david at | m.david at
Mobile: (206) 999-0588 | | |
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>