also sprach W.C.A. Wijngaards <wouter at NLnetLabs.nl> [2008.10.01.1528 +0200]: > Unbound will send to the servers named in the NS set in preference to > the configured 127.0.0.1. Why does it do this? What's the design decision? It seems wrong to have unbound redirect queries for a zone to e.g. localhost, then ask localhost for the zone's NS record, resolve that, and then direct all other queries there instead, effectively ignoring the explicit redirect/stub/forward instruction. > This may help you. In svn trunk I recently fixed unbound so that > you can run with stub-addr: 127.0.0.1 at 10053 with NSD running on > port 10053 on localhost. When you use the '@' for port notation > (in the svn trunk version) the NS record set is not used in > preference. This feels like a hack to me. Shouldn't it possibly be the other way around? By default, ignore the NS set (or at least don't require it), unless a special flag is set to make it recurse NS records and forward queries to the NS configured in the zone? Cheers, -- martin | http://madduck.net/ | http://two.sentenc.es/ a bachelor is a man who never made the same mistake once. spamtraps: madduck.bogus at madduck.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature (see http://martin-krafft.net/gpg/) URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20081021/fd770815/attachment.pgp>