Maintained by: NLnet Labs

[Unbound-users] Public stub zone

Pieter Ennes
Sat Oct 19 10:24:57 CEST 2013

Hi Yuri,

On 18/10/13 13:22, Yuri Schaeffer wrote:
> Hi Pieter,
> So if I read your question correctly you have
> - An authority server which has no delegation towards it.
> - your zone's NS records point to your unbound instance
>> However, I cannot find a way to expose *just* my stub-zone to the world,
>> without allowing global recursion at the same time.
> I just tried the following:
> server:
> 	...
> 	local-zone: . refuse
> 	local-zone: transparent
> 	...
> forward-zone:
>  	name: ""
>  	forward-addr:
>  	forward-addr:
> This would refuse any query not in the zone. Does this work
> for you?

Your example using a forward-zone works just fine, but I tried a
stub-zone instead of a forward-zone, and ran into a segfault with that.

I chose a stub zone since I have authoritative data and the docs mention:

"If you need more complicated authoritative data [...] setup a sub-zone
for it [...]."

What is valid reasoning to choose between a forward and stub zone
statement in my case?

PS. The experimental server in question is here: It basically looks up
extensions at the moment.

- Pieter