As an example:
I set this in my conf file:
local-zone: “aa.com” redirect
local-data: “aa.com A 1.2.3.4”
forward-zone:
name: “.”
forward-first: no
forward-addr: 8.8.8.8
forward-addr: 8.8.4.4
But I experience this today:
A domain, say sample.bb.com, has a CNAME test.aa.com, I thought unbound would return 1.2.3.4, but it abnormally returned the real ip address (for example 2.3.4.5) of test.aa.com, which must come from 8.8.8.8 or 8.4.4.4. If I try test.aa.com itself, unbound returns 1.2.3.4.
Why? Will another domain’s CNAME override my local-zone redirect configuration?
Thanks very much for help.
Sincerely, Alex from China
Hi Alex,
As an example: I set this in my conf file: local-zone: "aa.com"
redirect local-data: "aa.com A 1.2.3.4" forward-zone: name: "."
forward-first: no forward-addr: 8.8.8.8 forward-addr: 8.8.4.4
But I experience this today: A domain, say sample.bb.com, has a
CNAME test.aa.com, I thought unbound would return 1.2.3.4, but it
abnormally returned the real ip address (for example 2.3.4.5) of
test.aa.com, which must come from 8.8.8.8 or 8.4.4.4. If I try
test.aa.com itself, unbound returns 1.2.3.4.
Why? Will another domain's CNAME override my local-zone redirect
configuration?
Yes, it does. Unbound matches the query name with the redirect names.
And since the original query name is not the redirect name, it'll
allow the query to be resolved.
The local zone and local data matches happen before the recursive
resolution steps are taken. This is why it blocks a direct query for
test.aa.com but then when another query has a CNAME during the
recursive resolution this works.
Best regards,
Wouter