Hello guys,
this week I’ve been playing with the new “auth-zone” feature of 1.7 version, trying to fix the “classical” handicap with the CNAME record.
Having a look to the documentation and to the mailing list I understood that using the new feature we’d finally have an “authoritative” DNS server and then we’d be able to use a functional CNAME record ( resolving the IP behind the name )
But, fiasco, that never happened 
Here I put my configuration for the unbound.conf file and also the definition of the zone used:
internalzone-file <<<<
internalzone.io. SOA ns.internalzone.io. hostmaster.internalzone.io. (
1998092901 ; Serial number
60 ; Refresh 1 minute
1800 ; Retry 30 minutes
3600000 ; Expire 41.67 days
172800 ) ; Minimum TTL 2 days
internalzone.io. NS ns.internalzone.io.
internalzone.io. A 192.168.0.2
git.internalzone.io. CNAME git.realzone.com.
unbound.conf <<<<
…
stub-zone:
name: “realzone.com”
stub-host: ns-XXXX.awsdns-YY.co.uk.
auth-zone:
name: “internalzone.io”
zonefile: internalzone.file
…
Of course, I tried all the possible combinations with for-upstream and for-downstream and nor didn’t work.
Please, if anyone knows a way to do it just using unbound I’d be very happy, if not, it would be super useful to have a clear answer about the no feasibility to get the required scenario working.
Thanks in advance!!!