[Unbound-users] local-zone redirect and cname

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Jul 7 06:45:59 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alex,

On 07/05/2014 03:17 PM, Li Yuan wrote:
> As an example: I set this in my conf file: local-zone: "aa.com"
> redirect local-data: "aa.com A 1.2.3.4" forward-zone: name: "." 
> forward-first: no forward-addr: 8.8.8.8 forward-addr: 8.8.4.4
> 
> But I experience this today: A domain, say sample.bb.com, has a
> CNAME test.aa.com, I thought unbound would return 1.2.3.4, but it
> abnormally returned the real ip address (for example 2.3.4.5) of
> test.aa.com, which must come from 8.8.8.8 or 8.4.4.4. If I try
> test.aa.com itself, unbound returns 1.2.3.4.
> 
> Why? Will another domain's CNAME override my local-zone redirect 
> configuration?

Yes, it does.  Unbound matches the query name with the redirect names.
 And since the original query name is not the redirect name, it'll
allow the query to be resolved.

The local zone and local data matches happen before the recursive
resolution steps are taken.  This is why it blocks a direct query for
test.aa.com but then when another query has a CNAME during the
recursive resolution this works.

Best regards,
   Wouter


> Thanks very much for help.
> 
> Sincerely, Alex from China
> 
> 
> 
> 
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net 
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTukInAAoJEJ9vHC1+BF+N+awQAKzwMu0PfsxihtXwcv/gSctu
flOXPFbuchX12MSuvHYAvxrtZ72+Xn2sR4NSQMQz22H3+MaBB4rX40x8YlrIcZsk
q/HrzZIZQ7wJQICBmXqFmPLI+IL8k6fmuB75jQJ4GBh3mBjg0GDo9DJR3SR+E8nj
Cx9AThzYIm235njDOcIAtik0dnI3lISTAxymQKUzjD+L7tPUjCEPhPRw91Oq5ji9
a7L3fp3NOFpMBZBeWmCkGPRYLrPHZ5bGghMPU1BvskoUzeFcER3XOikncH6p9Omp
FEaoRwikDu1GjsuT3o22CqqeE7JJk2EjNFujgFHsTUWw6ZAkHF5cu1qqJVcJDH/c
meqWJ7IClyUaZayKtQJiASM3qh3woDi8WPBdubDjp/vkYnBfn8Bg3LD4NRuQ4akh
m7aGYyvweGttn1LM1EWEec8zr49toUigxnP8Vpi5UpZ3MAvTEGJA2BxO6Ay6MHaF
E2nKtyx4MvRVX/FUURA8O+NX9oZMxgboP+vfFoYdqtnx/KXIiybX7pkOwGxay1vs
K++xxXXQIiJ1fiRtS7kXafoFs+AlslbiWa3R+RFjWF3dHxShM2bDKAbc5UOpa4nu
dg4ZDz3zbES2/6d5JK1QbumYgzaSFrZHyRXGlZMbZFfZ2eTMflKMOvx/140a3I8O
pmVEpJUQL7/6+BsP28W8
=KJNW
-----END PGP SIGNATURE-----



More information about the Unbound-users mailing list