disable forwardig for specific zones

Wed Mar 30 12:02:30 UTC 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Hajo,

On 30/03/16 13:25, Hajo Locke via Unbound-users wrote:
> Hello List,
> 
> i use unbound 1.4.22 as forwarder to my global dns-cache:
> 
> forward-zone: name: "." forward-addr: ip.ip.ip.ip
> 
> 
> now i want to exclude some zones from forwarding and do
> nameresolution on same machine. i do not find an option to disable
> forwarding. Is there a possibility for me?

Unbound uses the closest match for what forward and stub clause to
use.  So you can config more specific forward and stub clauses for the
zones and send their queries elsewhere.

With stub-zone you can make unbound ask authority servers.

# For example;
stub-zone:
	name: "nlnetlabs.nl"
	stub-host: ns-ext1.sidn.nl.
	stub-host: sec2.authdns.ripe.net.
	stub-host: anyns.pch.net.
	stub-addr: 185.49.140.60   # for ns.nlnetlabs.nl
	stub-addr: 2a04:b900::8:0:0:60  # for ns.nlnetlabs.nl

(For the nameservers in the zone itself I used IP addresses, to avoid
a circular dependency).

stub-prime: yes will make it fetch the NS set using this list of
servers and use that NS set for further queries.  Note that it will
use your global forwarder to lookup sec2.authdns.ripe.net.  If you do
not desire such lookups to the global forwarder, give IP addresses.

Best regards, Wouter

> As fallback i could forward to 127.0.0.1:54 and create a new, not 
> forwarding unbound on port 54.
> 
> Thanks, Hajo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW+8BVAAoJEJ9vHC1+BF+NHngQAKN1MwmVa25RIUlzjz2mF6Yh
vKCbpuDX4Bim2M1D85WYQpBPlpgDpMSo5yaP7Pk3lvKVgaB3ewQEQ+a6hEtnv3Ri
WMUeOVp+tNNPpLYID4zytXwuL4NV31dhn7oy6E2OVf0T0YwxSk52qUY2w396aBw3
qULMqXGMMc5snIjF+idOuv3AYWgahx+U+XaYGnuSCyTMoXqGzMt0KHRrVhDS4SBd
T6i8WvdUz8vo8ILv0U9/yeMwBBMak0rFS8XVEGQ2B45QCDEJUwSgX8iKP6rCP1S5
OijAaMliSmnVxxJ7to8hdqnaGes3zxO7H/W8Ie9qTueFIfW+OJPBUft8EhvA5Kg8
PrSc1R/DDAQPQ6mTvRrw8WPw45YpSqPd/dJ7sppMk2a8ENkjOnGE4bIkx75s+T2v
eGOCku8mNmYCiNKAyekOfa14FTQHSHXxNQVbMDkbeu9pxk9i5eXvboOQgPnaJ6sG
g+4kB6grQSaUTwxHM68TvteCmbd4pdnfhzeRAxwuItC1HSDci8fhLoemrrYAumml
9+ZIYeR3+rtwcElaCb86aLhtoqkqYhtd5w2oOYKaKvlz7O+uatq7wJikycIn8GVn
/au+BLrJjj0ococvXaQTq9a39hJbYArwjHiOuaISFfp3DNywGFp5lEBNOLGW15lw
pWYGXRkohoWeWMUc5sW9
=u70b
-----END PGP SIGNATURE-----