Maintained by: NLnet Labs

[Unbound-users] stub vs. forward vs. redirect

W.C.A. Wijngaards
Thu Sep 17 13:44:48 CEST 2009

Hash: SHA1

On 09/17/2009 12:55 PM, Tony Finch wrote:
> On Thu, 17 Sep 2009, W.C.A. Wijngaards wrote:
>> As stub zones.  Possibly set
>> local-zone: "" nodefault
>> so that unbound does not provide default blocking for the zone.
> Thanks for the tip.
>> If you made them forward-zones, it would likely work as well, but if
>> there are CNAMEs then you probably want unbound to process the cname
>> chain chasing, as the other server is authoritative for these zones.
> Do I have to put something in the configuration file to make that happen?

	name: ""
Something like that.

>> A redirect would work if you want to block access to those zones, and
>> return an answer to some 'redirect notify' page in all cases.
> Hmm. I still have very little idea about what redirect is supposed to do,
> and what is the difference between forward and stub zones. I have similar
> problems with bind :-) Is there some documentation that I have failed to
> find? (manual page)

stub: send query to other nameserver. The other nameserver is
authoritative, so you have to perform recursive processing yourself.
forward: send query to other nameserver.  The other nameserver is a
recursive (caching) server.  So it performs recursion for you.
redirect: answer all queries for this domain with a specific ip address,
useful for (government enforced) blocking of sites, or making go to to keep the kids away from it, since it
also blocks and so on.

> I've been setting up some test zones to see what the differences in
> behaviour are. No results yet, though.

You could see if you host a CNAME record, that points outside of the
zone,  test12.private.example. CNAME ; with a stub-zone
unbound looks up google for you.  With a forward declaration unbound
expects the other server to do so (but it may not do so, if it is a
master zone and authoritative, not a recursive server).

Best regards,
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -