Hi,
I have an unbound instance that serves as DNS for small local network
(let's assume it's example.com domain). One of the servers (let's call
it server) is accessed by either IPLAN or by IPVPN depending on what's
the source of a query. The IP is changed with view for
server.example.com however other CNAMEs in zone file do not seem to go
through that view. So ie if I have an "alias IN CNAME server", then
alias.example.com resolves to IPLAN despite query coming from VPN. Is
there a way to make CNAMEs resolutions go through view as well?
Regards
Jan
Hi Jan,
It is not clear to me how you have set up Unbound.
Can you provide a configuration snippet of how things look currently?
Just to note from what you said that you can't combine the global local data with view local data.
If there is a local zone from a view then that is used. If there is no zone in the view and view-first is enabled, then Unbound will look for the zone in the global local data.
Best regards,
-- George
Hi Jan,
It is not clear to me how you have set up Unbound.
Can you provide a configuration snippet of how things look currently?
Just to note from what you said that you can't combine the global local data
with view local data.
If there is a local zone from a view then that is used. If there is no zone
in the view and view-first is enabled, then Unbound will look for the zone
in the global local data.
To express what I meant with sample relevant parts of config:
unbound.conf:
server:
access-control-view: 127.0.0.0/8 vpn
auth-zone:
name: "example.com"
for-downstream: yes
for-upstream: yes
zonefile: "/etc/unbound/example.zone"
view:
name: "vpn"
local-data: "server.example.com A 2.2.2.2"
view-first: yes
example.zone:
$ORIGIN example.com.
$TTL 3600
alias IN CNAME server
server IN A 1.1.1.1
What I would like to achieve is to have same IP (2.2.2.2) for both following
queries:
$ nslookup server.example.com 127.0.0.1
Server:127.0.0.1
Address:127.0.0.1#53
Name:server.example.com
Address: 2.2.2.2
$ nslookup alias.example.com 127.0.0.1
Server:127.0.0.1
Address:127.0.0.1#53
alias.example.com canonical name = server.example.com.
Name:server.example.com
Address: 1.1.1.1
So when resolving alias.example.com to server.example.com I would like
server.example.com to pass through view which does not seem to be the case.
Hi Jan,
Local data (and views since they are essentially conditional local data) are the first thing that Unbound tries to find an answer to a query. They are not consulted again later on.
In your case alias.example.com is not found in local data and since the zone is implicitly of type "transparent" Unbound continues to try and find an answer elsewhere which happens to be the configured auth zone.
In your case I would add
local-data: alias.example.com A 2.2.2.2
in the view and any other records you would need from server.example.com.
Best regards,
-- George