Hi all!
By default, Unbound DNS server works by “classic” scheme: queries root servers, then queries NS’es for A/AAAA/…
Sometime (rarely) connectivity between my Unbound DNS host and target zone NS’es is failed, but target NS’es are still available from various LookingGlasses and from Google/Level3 DNS, so “nslookup www.target.com 8.8.8.8” and “nslookup www.target.com 4.2.2.2” returns the correct answer.
So my question is very simple:
How to setup Unbound to use public forwarders when (and only after) direct query to the target NS’es is failed?
The following config works fine, but routes all queries immediately to forwarders, ignoring target NS’es at all:
forward-zone:
name: “.”
forward-first: no
forward-addr: 8.8.8.8
forward-addr: 4.2.2.2
WBR, Ilya