Maintained by: NLnet Labs

[Unbound-users] serving stub-zones authoritatively

W.C.A. Wijngaards
Wed Oct 1 16:52:38 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

Glad to hear your stub-zone problem is solved.

martin f krafft wrote:
> Is it possible to serve stub-zones authoritatively? It makes sense
> for unbound not to clear the authoritative flag for queries it
> proxied to stub-zones, doesn't it?

No, it does not look like solid theory.  I understand it could be useful
in practice.  You see, the stub may have returned CNAMEs or delegations
to other servers.  Unbound would do the additional lookups.  Results
stored in the cache with a TTL.  Setting AA flag for that is not correct.

Unbound does set AA flag for local-data.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkjjjrYACgkQkDLqNwOhpPjOuwCggiuwYsh9+785Lv0nNCrXjtrF
HT0An38orIg2a309iBjTMsaVikn7Mt/2
=FTNc
-----END PGP SIGNATURE-----