I would like to get clear, please, about how to ensure that all
DNS queries not answered from Unbound's cache are routinely forwarded to
specified resolvers of my choosing. There are one or two threads in
the mailing-list archives that seem partly relevant to this issue, but
they leave me in some doubt as to whether I am getting it right, as does
the man page for unbound.conf.
I have put the following lines in unbound.conf:
forward-zone:
name: "."
forward-addr: 127.0.0.1 # the address of my local network server
forward-zone:
name: "."
forward-addr: <IP address of my first chosen resolver>
forward-addr: <IP address of my second chosen resolver>
I would be very grateful for advice, please, as to whether this will
produce the desired result, and if so, whether it is also the best way.
Many thanks for any kind help that can be offered.
I would like to get clear, please, about how to ensure that all
DNS queries not answered from Unbound's cache are routinely forwarded to
specified resolvers of my choosing. There are one or two threads in
the mailing-list archives that seem partly relevant to this issue, but
they leave me in some doubt as to whether I am getting it right, as does
the man page for unbound.conf.
I have put the following lines in unbound.conf:
forward-zone:
name: "."
forward-addr: 127.0.0.1 # the address of my local network server
forward-zone:
name: "."
forward-addr: <IP address of my first chosen resolver>
forward-addr: <IP address of my second chosen resolver>
I would be very grateful for advice, please, as to whether this will
produce the desired result, and if so, whether it is also the best way.
Many thanks for any kind help that can be offered.
Not sure if it make sense to list "." two times as it matches everything anyway. Also be aware that Unbound normaly listen at 127.0.0.1 so the first entry point to Unbound itself as upstream resolver which would be a loop.
That post seems to suggest that the first forward-zone has to have
127.0.0.1 as forward-addr, otherwise ALL queries will be forwarded to
the upstream resolvers, not just those for uncached names. However, you
seem to be saying that if I delete the first forward-zone, Unbound will
still search its cache before forwarding queries to the upstream
resolvers. Would you very kindly confirm that I have understood you
correctly, please? Thanks again.
That post seems to suggest that the first forward-zone has to have
127.0.0.1 as forward-addr, otherwise ALL queries will be forwarded to
the upstream resolvers, not just those for uncached names. However, you
seem to be saying that if I delete the first forward-zone, Unbound will
still search its cache before forwarding queries to the upstream
resolvers. Would you very kindly confirm that I have understood you
correctly, please? Thanks again.
As far as i understand http://www.unbound.net/documentation/unbound.conf.html only queries which can not be resolved from the *cache* are forwarded, and Unbound does no recursion for the forwarded zones. So with "." as forward-zone: you reduce Unbound to a DNS cache and delegate the recursion to the upstream resolver.